Application security set to drive security spend
Gartner report predicts 7 per cent rise in spend, highlights application security and GDPR fears as major factors
Global spend on cyber security products and services will reach $86.4bn in 2017, an increase of 7 per cent over 2016, with spend set to continue upwards to $93 bn in 2018, according to the latest figures from Gartner.
The analyst firm believes that the security testing market and specifically the application security testing market (including products such as High-Tech Bridge’s award-winning ImmuniWeb), particularly interactive application security testing (IAST) will drive growth in the sector out until 2021.
Security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services, but hardware support services will see growth slowing due to the attractiveness of cloud solutions, said the analysts.
The application security market has long been highlighted as a vital area, with reports from numerous high-level vendors and analysts alike making clear that application attacks are rising fast, and that vulnerabilities are widespread. In a recent report one company (Alert Logic) found that web application attacks accounted for 73 per cent of all incidents flagged in an 18-month evaluation period, with injection-style attacks such as SQL injection the main culprit. However, while many enterprises have turned to Web Application Firewalls (WAFs) to protect against SQL injection attacks, research by High-Tech Bridge experts found that while only 22 per cent of SQL injections in web applications protected by a commercial WAF were fully exploitable, but in 88.7 per cent of cases, various types of complicated improper access control, chained vulnerabilities and flawed application business logic were not detected, and thus remained unremediated by WAFs.
Gartner believes that board-level awareness of the importance of security has risen, along with an appreciation of the potential business impact of security incidents and the role that an evolving regulatory landscape can play. The analyst firm claims these factors are key in driving increased spend, but also points out that spend alone is not enough. The basics, such as threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening, are absolutely essential too.
Ilia Kolochenko, security expert and CEO of High-Tech Bridge agreed with the findings: “Web applications dominate the top attack vectors in almost all the industries. Cybercrime is a [criminal] business, and thus follows the basic rules of business: spend less, get more. Attackers are always looking for the weakest link in your IT infrastructure, before leveraging expensive 0days and complicated APT attacks. Today, the majority of large organizations and governments can be easily breached via their web and mobile (backend) applications. Emerging risk comes from third-party applications, which are exploited by hackers to compromise your trusted third-party and get access to your data afterwards – cloudisation, outsourcing and IT externalization aggravate this complicated challenge.”
“I think the biggest problem facing enterprise today is inappropriate risk assessment, management and mitigation, followed by outdated or missing web application inventory.”
Gartner points to the EU General Data Protection Regulation (GDPR) as being a key driver of buying decisions over the next few years, in fact attributing 65 percent of data loss prevention buying decisions through to 2018 due to the legislation. GDPR - and also the UK’s proposed new data protection law - introduce a range of new data discovery and management requirements that Gartner believe will drive DLP solutions, specifically in the areas of data classification, data masking and data discovery, as well as convince organisations that do not already have strong DLP in place to increase their capabilities.
Gartner also flagged that by 2020, 40 per cent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 per cent today. The large contract sizes associated with ITO and security outsourcing deals will drive significant growth for the MSS market through 2020.
Gartner clients can get more detail here: "Forecast Analysis: Information Security, Worldwide, 1Q17 Update".