When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn't dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.
This “us-and-them” mentality appears to be legacy behavior. According to ESG research, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security (note: I am an ESG employee). Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today, but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.
As part of its data analysis, ESG builds a scoring system it uses to segment enterprise organizations into three groups (based upon their infosec skills, resources, and practices): Advanced organizations (approximately 20% of the total survey population), progressing organizations (approximately 60% of the survey population), and basic organizations (approximately 20% of the survey population).
When viewed through this segmentation model, the results are telling: 64% of advanced organizations have a dedicated network security group, 50% of progressing organizations have a dedicated network security group, and 36% of basic organizations have a dedicated network security group. Based upon this information, ESG concludes that there is a strong correlation between cybersecurity best practices, infosec maturity, and organizations with a dedicated network security group.
This organizational change makes sense for CISOs and IT organizations but as it gains strength it will impact enterprise information security behavior and the market at large in several ways:
- Network security will integrate with other infosec components. In the past, firewalls, IDS/IPSs, and network gateways were grounded in the networking domain. Now that these systems belong to a network security group, they are being integrated with other cybersecurity technologies like endpoint security and security analytics. The goal? Weave network security into an enterprise-class infosec technology architecture.
- Large organizations are balancing network performance and security. In the past, network security controls almost always ran in passive mode by monitoring/alerting but not blocking suspicious packets. This strategy was instituted to guard against false positives disrupting critical network traffic, but there seems to be a change in the air. Many organizations are now automating network security remediation efforts in order to decrease the network attack surface, prevent attacks, and quarantine compromised assets. Given the financial impact of security breaches, automated remediation will only increase – especially as network security technology gains tighter integration with global threat intelligence.
- The network security market opens up. When the security team’s role was limited to defining requirements, it was easy for the organizations to purchase network security equipment from the same people who sold switches and routers. Independent network security groups are breaking this historical bond as they look for best-of-breed security efficacy and strong integration with other security technologies across the enterprise. This doesn’t mean that Cisco and Juniper are out of the game but it does mean that their relationships with networking buyers may carry less weight in future purchasing decisions. Yet another reason Cisco purchased Sourcefire.
The ESG data suggests that network security is moving away from the gear that transports bits and closer to the technologies that protect the bits. In my humble opinion, that’s a good thing. As this transition gains strength, it should truly open up the market to network security vendors with more holistic infosec architectural strategies. Good news for security firms like Check Point, FireEye, Fortinet, McAfee, and Palo Alto Networks. HP and IBM should also experience a network security renaissance, driven by their network security, security analytics, and professional/managed services offerings.