ESG conducted an in-depth survey of 255 cybersecurity and IT/information security professionals familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud. Survey participants represented mid-market (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

In this report, the findings show that in order to resolve the attack surface management challenges facing organizations, IT and security teams need to invest in solutions that automate and centralize monitoring of internet-facing assets and provide greater insights into vulnerabilities.

CISOs aren’t alone in recognizing the need for new threat detection and response strategies. In fact, security technology providers are championing a new technology initiative dubbed eXtended Detection and Response (XDR). XDR tools are intended to solve many threat detection and response issues by providing an integrated security architecture, advanced analytics, and simplified operations. Despite this innovation, however, users remain confused about XDR and where it could fit into their security programs. This report answers “what is XDR and which are the most important XDR requirements?”

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams.

“In late 2018 and early 2019, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted its third annual research product focused on the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 267 cybersecurity professionals and ISSA members. Ninety percent of survey respondents resided in North America, 5% came from Europe, 3% from Central/South America, 2% from Asia, and 1% from Africa (note: Total exceeds 100% due to rounding).”

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

Abstract: Enterprises increasingly operate in a digitally interconnected world where third parties like suppliers, customers, channel partners, and others are often directly connected to their internal IT systems, and where their underlying IT infrastructure may be owned and managed by an outside organization. These business relationships can knowingly or unknowingly introduce different types of risks that need to be identified and managed as if these third parties were part of the enterprise itself. Recorded Future’s latest risk intelligence offering enables threat intelligence teams to better understand, monitor, and measure their real-time exposure to these third-party risks. Armed with this information, organizations can better assess and prioritize risk mitigation actions.

In late 2017 and early 2018, the Enterprise Strategy Group (ESG) completed a research survey of 413 IT and cybersecurity professionals with knowledge of, or responsibility for, the planning, implementation, and/or operations of their organization’s security policies, processes, or technical safeguards. Survey respondents were in the United States, U.K., and Australia and worked at enterprise organizations (i.e., more than 1,000 employees). Respondents represented numerous industry and government segments, with the largest participation coming from financial services (i.e., banking, securities, insurance, 18%), manufacturing (16%), retail/wholesale (13%), health care (12%), and information technology (10%).

This report seeks to provide answers to many questions related to the failures of endpoint security that are occuring even though there has been a shift in technology and strategy.

This report concludes that, security operations is fraught with people, process, and technology challenges, that improvement is a high priority, organizations are embracing security orchestration, and orchestration is becoming a centralized platform.

In early 2016, Hexadite commissioned the Enterprise Strategy Group (ESG) to complete a study of 100 IT and cybersecurity professionals with knowledge of or responsibility for incident response (IR) processes and technologies at their organizations. This research project was intended to assess the current practices and challenges associated with incident response processes and technologies. Furthermore, respondents were asked about their future strategic plans intended to improve the efficacy and efficiency of IR activities. This paper presents the details of those findings.

This report presents the results of a survey run by ESG and commissioned by Seclore. They analyze information related to data, data security, and collaboration.

This report seeks to offer insight into the cybersecurity world and to analyze the dangers and pitfalls of the transition in the profession.

There are many reasons to archive data. For too many organizations, “archiving” is immediately presumed to be a cumbersome, unattainable, legacy process that IT had previously deprioritized, while erroneously believing that a “backup copy” held for an extended period of time was a sufficient alternative. Every aspect of that presumption is incorrect—modern archiving is a critical and compelling aspect of nearly every IT organization’s forward-looking strategy.

In Threat Stack Cloud Security Report 2017: Security at Speed & Scale, they set out to determine how Operations, Security, and DevOps professionals are dealing with increasingly complex environments, using limited resources, as they seek to satisfy internal and external security demands along with compliance requirements. They also wanted to see how the rise of containerization is impacting this already complex dynamic. To accomplish this, they teamed with ESG Global to survey the organizations and individuals responsible for securing cloud-based applications within their organizations.

This paper examines the life of those in the cybersecurity profession, and seeks to provide answers to the high turnover rate in the field.

The data presented here illustrates an escalating and dangerous game of cyber security “cat and mouse.” Cyber- adversaries continue to develop creative tactics, techniques, and procedures (TTPs) for attacks. Recognizing the risk, large and small organizations are prioritizing and investing in cyber security defenses and oversight.