ETR Insights presents an interview with the CISO for a very large technology manufacturing organization whose scale presents particular challenges when it comes to vulnerability management, identity management, and perimeter protection. Read on to learn how the company leverages security vendors like Rapid7, Splunk, Cisco, and Check Point within its environment and why employee awareness and training are such a focus. Vendors Mentioned in this Interview: Auth0 / BeyondTrust / Check Point / Cisco / Datadog / Fortinet / Linux / Microsoft / Okta / Palo Alto Networks / Ping Identity / QRadar / Qualys / Rapid7 / Sands / Splunk / Tenable
See the full interview: Replay | Summary | Transcript | Don't have access yet? Start a Free Trial
Economic Overview
While the distinction between CAPEX and OPEX blurs the total computation, either way, our guest finds themselves still spending heavily on a move to the cloud. Their anticipated 4.5% year-over-year increase in technology spend aligns with the ETR survey consensus. “We try to break that up into different categories, infrastructure, versus telco and security, and we lean more towards the security side.” Cybersecurity, as it has in years past, remains a top priority. “None of our CEOs want to end up on the front page of the Wall Street Journal.”
Vendor-Specific Commentary
Qualys + Tenable v. Rapid7. Our guest admits that migration to the cloud brings concerns around visibility and controlling access, which is where vulnerability management and identity management come into focus. “I don't want to lose any control of my environment or of who has access to what and why?” Qualys, Rapid7, and Tenable are the most referenced names for vulnerability management, which comprises not only the ability to scan and patch assets, but monitor all potential “holes” in the environment. “Especially in an engineering company like ours, people forget about all the various flavors of Linux and older Windows operating systems that are out there.” Our guest’s organization has grown by acquisition, and they have integrated all of these vendors but have chosen to invest most heavily in Rapid7. “We tend to stick with the one that we've made the biggest investment with unless there's a major reason to change.” They appreciate how Rapid7 sends logs and messages to their SEIM environment, alerting them to major vulnerabilities. “My security team liked the dashboard and the reporting that comes with the product.”
ETR Data: Based on the preliminary JUL23 Technology Spending Intentions (TSIS) data, Qualys leads the Vulnerability management peer group in Net Score (25%) as the only of the big three players capturing an increase in this survey period. While Tenable leads the group in total citations and Pervasion (20%), the vendor comes in second with a diminishing Net Score of 23% that is lower than year-ago levels. Rapid7 trails its peers by a wide margin with a Net Score of 15%, considerably lower than the data captured last year.
QRadar v. Splunk. This company predominantly uses IBM’s QRadar for observability and reporting, though 20% of their environment is under Splunk, and our guest expects the organization to migrate more to Splunk over time. “Splunk was brought in as part of two or three smaller acquisitions, and we liked the product, so we didn't remove it and replace it with QRadar. If we have time later this year, maybe we would review that SEIM area and move more in the Splunk direction.” Datadog is another vendor in this mix that our guest states his security team would like to do more research on, but that resources and timing constrain their ability to test out the company’s offerings in more detail.
Cisco, authentication + identity. Our guest likes Cisco’s Duo for multifactor authorization and has watched this vendor transform itself into more of a software and security-minded company. “Not so much as a hardware company anymore, but just a little of everything.” After a failed attempt with Ping, the company’s identity environment is mostly structured around Microsoft’s Active Directory. “We did bring in Ping for a while, and were looking at them for more a single sign-on process, but it got too cumbersome and we ended up retreating from that.” In addition, our guest hears good things about Auth0 and will investigate further as time and budget allow.
Perimeter protection + user awareness. This organization favors Check Point for on-premise physical firewalls and virtual firewalls in the cloud. They have considered Fortinet and Palo Alto but worries a transition would be cost-prohibitive for an organization of their size. “It takes a lot of resources and puts the business at risk if it isn't done right.” Our guest favors Sands for employee education and quarterly training; their security team is fully Sands-qualified. “You can spend all the money in the world on security, hardware, software, and services, but if your users are uneducated and unaware, you're going to get yourself in trouble.” The company has leveraged BeyondTrust’s capacity to limit user administrative privileges on their desktops, a security precaution they have wanted to take for years. “We were finally able to do it with the BeyondTrust product. It’s done a good job for us.”
Still want more? Watch a clip from this interview on ETR's YouTube channel where this guest details the hurdles of rolling out security in large scale with Rapid7, Splunk, Cisco, and CheckPoint.
Don't forget to subscribe to access more exclusive ETR INisghts content!
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai