1. No category

Endpoint Security Takes Center Stage

A Forrester Consulting
Thought Leadership Paper
Commissioned By Palo Alto
Networks
Endpoint Security Takes
Center Stage
Real-Time Prevention Is A Must-Have
Capability
August 2015
Table Of Contents
Executive Summary ........................................................................................... 1
IT Security Decision-Makers Are Most Concerned About Exploitation Of
Unpatched Vulnerabilities ................................................................................. 2
Today’s Prevention Endpoint Security Solutions Offer A Balance Of
Security And Usability ....................................................................................... 4
Endpoint Protection Must Include Prevention Of Zero-Day And Targeted
Unique Exploits .................................................................................................. 7
Key Recommendations ..................................................................................... 9
Appendix A: Methodology .............................................................................. 10
Appendix B: Demographics/Data ................................................................... 10
Appendix C: Endnotes ..................................................................................... 12
ABOUT FORRESTER CONSULTING
Forrester Consulting provides independent and objective research-based
consulting to help leaders succeed in their organizations. Ranging in scope from a
short strategy session to custom projects, Forrester’s Consulting services connect
you directly with research analysts who apply expert insight to your specific
business challenges. For more information, visit forrester.com/consulting.
© 2015, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited.
Information is based on best available resources. Opinions reflect judgment at the time and are subject to
change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact
are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective
companies. For additional information, go to www.forrester.com. [1-TI1473]
1
Executive Summary
The fight today between security professionals and
attackers is an uphill battle, as endpoints multiply and
attackers get better at exploiting vulnerabilities before they
can be patched. Antivirus, the longtime staple of endpoint
protection, can no longer be relied upon to protect against
these never-before-seen threats. To protect against these
zero-day threats, security pros need to adopt new solutions
that can protect against never-before-seen malware and
exploits of unpatched vulnerabilities in the OS, browser, and
third-party applications. Today’s endpoint protection
solutions offer varying levels of protection against these
advanced threats, and decision-makers need to weigh the
protection offered against end user disruption when
choosing the best technologies to defend their
organizations.
In April 2015, Palo Alto Networks commissioned Forrester
Consulting to evaluate endpoint security solutions. To
further explore this trend, Forrester developed a hypothesis
that tested the assertion that endpoint security solutions
whose focus is primarily on detection and remediation are
not effectively serving customers. In order to protect against
advanced and previously unseen threats, a combined
strategy of both detection and prevention is needed.
Forrester conducted in-depth surveys with 125 North
American IT security professionals responsible for endpoint
security protection and found they are most concerned with
the exploitation of unpatched or unknown endpoint
vulnerabilities. Security pros told us they believe their
current antivirus solutions can no longer effectively detect or
prevent attacks against these vulnerabilities.
In order to protect against these attacks, respondents are
looking for solutions that deliver strong integration between
network and endpoint solutions; stop malicious processes
without prior knowledge of the threat; and provide proactive
exploit prevention capabilities.
KEY FINDINGS
Forrester’s study yielded three key findings:
›
Security pros today are most concerned with zeroday browser and OS threats, which antivirus
solutions struggle to address. Our survey shows
respondents are most concerned about exploits of
unpatched or unknown/zero-day vulnerabilities in the
endpoint operating system and browser. This threat is
compounded by the large number of endpoints that are
either unpatchable or patched very infrequently.
Traditional antivirus solutions based on blacklist
technology are insufficient to deal with these threats.
›
Today’s prevention solutions vary in their ability to
protect against zero-day threats. Endpoint security
solutions today must go beyond detecting known threats;
they must be able to prevent threats that have never been
seen before. However, some prevention technologies are
better at this than others. When deciding which solutions
to use, security pros must weigh the balance of security
and usability.
›
Today’s top desired endpoint security solutions
reflect security pros’ top threats. The most desired
capabilities that security pros are looking for in their
endpoint protection solutions today are the ability to
integrate into network security solutions and protect
against never-before-seen malware and exploits of
unpatched vulnerabilities in the browser, OS, and thirdparty applications.
2
IT Security Decision-Makers Are
Most Concerned About Exploitation
Of Unpatched Vulnerabilities
Security professionals today recognize that they are in an
escalating arms race with malware creators. Two factors
make this challenge particularly difficult: first, the attack
surface continues to grow as the number of applications and
services required by the business increases; second; the
bad actors can move much faster to find and exploit
vulnerabilities before they can be patched. These threats
are even more acute in systems where some endpoints are
virtually unpatchable, such as systems that are no longer
supported by vendors or ones that require 100% uptime.
These concerns are top of mind for security professionals
today, especially because one of the most-adopted
endpoint security protection solutions, antivirus, is ill
equipped to deal with such threats. Our survey of 125 IT
decision-makers responsible for endpoint security shows:
›
Phishing attacks are targeting weaknesses in the OS,
browser, and third-party apps. The most common
attacks that organizations have faced in the past year
were phishing and waterhole attacks (see Figure 1).
These attacks target weaknesses in endpoint OS
browsers and third-party applications.
“Our biggest problem today is phishing attacks. Even
with all the training we have done, there is still
someone who will click on something and expose
us to attack.”
— Director of information security at an enterprise
retailer
›
Security professionals are most concerned about
zero-day threats for the browser and OS. The most
common endpoint attacks our respondents are facing
today come in the form of phishing or waterhole attacks
(37%) and insider misuse (29%). However, these are not
the attacks that keep security professionals awake at
night. Our survey shows respondents are most concerned
about exploits of unpatched or unknown/zero-day
vulnerabilities in the endpoint operating system and
browser (see Figure 2).
FIGURE 1
Most Common Attacks In The Past Year Have Come From Phishing/Waterhole Attacks
“Where have you experienced attacks or breaches in the past year?”
(Select all that apply)
Phishing or waterhole attacks
37%
Inadvertent misuse by insider (e.g., authorized users inappropriately disclosing sensitive
information by accident)
29%
Direct attacks against Internet-facing assets (e.g., SQL injection)
25%
External attack originating from compromised business partner/third party supplier’s
servers or users
22%
Loss/theft of physical corporate asset (e.g., backup data, server, laptop, smartphone)
22%
Inadvertent misuse by business partner/third-party supplier
20%
Loss/theft of business partner physical asset (e.g., backup data, server, laptop, smartphone)
16%
Cross-site scripting (XSS) or cross-site request forgery (CSRF)
15%
Abuse by malicious insider (authorized or terminated users exploiting their access rights or
gaining unauthorized access)
15%
Abuse by malicious business partner
8%
Don’t know 1%
Other (please specify) 1%
We have experienced no attacks or breaches in the past year
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
22%
3
FIGURE 2
Respondents Are Most Worried About Zero-Day Vulnerabilities In The OS And Browser As Well As
Phishing/Spyware
“What types of attacks are you most worried about regarding endpoint security today?”
(Rank your top three)
1
Exploit of operating system vulnerability for known/unpatched and
unknown/zero-day vulnerabilities
Exploit of browser vulnerability for known/unpatched and unknown/
zero-day vulnerabilities
Phishing
Spyware
Exploit of productivity software vulnerability for known/unpatched
and unknown/zero-day vulnerabilities
Drive-by malware downloads from websites (over HTTP)
APTs/targeted attacks
2
18%
9%
11%
9%
10%
Rootkits
18%
16%
14%
Total
51%
15%
37%
12%
11%
10%
35%
14%
10%
35%
13%
10%
12% 7%
Drive-by malware downloads from social networking 6% 6%
Botnet attacks
3
10%
32%
10%
30%
9%
28%
8%
20%
9% 3% 7%
2%
9%
2%
19%
13%
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
›
Unpatchable systems are most vulnerable to
advanced threats. The reason these exploits are so
concerning is that 44% of respondents said over 10% of
their endpoint systems are either unpatchable or patched
very infrequently (see Figure 3).
›
Antivirus solutions do not address these important
vulnerabilities. Antivirus/antimalware software has long
been a staple of endpoint protection; however, our survey
reveals some key weaknesses in the protection this
software provides. While 87% of our respondents are
using a paid antivirus solution today, nearly three-fourths
of our respondents have experienced challenges with it
(see Figure 4). One of the top challenges, reported by
29% of respondents, was a low detection rate for
advanced threats — the same threats that most worry
security pros.
“We need zero-day protection today. You can’t call
antivirus ‘zero day’ when you look at how long it
takes to update.”
— VP of IT, US financial services firm
FIGURE 3
Forty-Four Percent Of Respondents Said That Over
10% Of Their Environment Is Unpatchable
“Approximately what percentage of the endpoints in
your environment cannot be patched (due to end-of
-life systems no longer supported by vendors or
systems that require 100% uptime) or are patched
very infrequently?”
51%+
5%
41% to 50%
3%
30% to 40%
2%
21% to 30%
11% to 20%
12%
22%
1% to 10%
0%
42%
14%
Base: 125 North American IT security decision-makers responsible for
endpoint security
Source: A commissioned study conducted by Forrester Consulting on
behalf of Palo Alto Networks, May 2015
4
FIGURE 4
Nearly Three-Quarters Of Respondents Have Challenges With Paid Antivirus; Top Challenges Are High
Licensing Cost, Low Detection Of Advanced Threats
“What challenges have you experienced from using a paid antivirus solution?”
(Select all that apply)
Licensing costs are too high
34%
Low detection rate for advanced threats
29%
Lack of integration into network security technology
27%
Signature updates are often slow following the public
announcement of new malware
26%
Lack of integration into remediation/patching workflow
25%
Large number of false positives detected
24%
Network or endpoint performance impacts (CPU, RAM, I/O,
network bandwidth utilization)
23%
Other 1%
We have experienced no challenges
26%
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
Today’s Prevention Endpoint
Security Solutions Offer A Balance
Of Security And Usability
Endpoint security solutions today must go beyond detecting
known threats — they must be able to prevent threats that
have never been seen before. This means not just blocking
a known exploit from causing further damage, but
recognizing a new exploit based on a pattern of behavior
and preventing the process from ever occurring. Endpoint
security via detection must become endpoint security via
prevention.
However, not all prevention solutions and capabilities are
created equal, and some are better equipped to prevent
zero-day attacks than others. Here are five specific endpoint
technology approaches to endpoint security prevention.
Each has its own strengths and weaknesses when we look
at operational overhead, user experience impact, speed of
response to new threats, and ability to prevent spread. Our
study found that:
1. Rapid patch deployment capabilities are an
important way to reduce exploit vulnerability.
Attackers target the most vulnerable applications with
exploits, and closing those potential vulnerabilities as
quickly as possible is essential to protecting your
endpoints. One of the most important endpoint
defenses today is to deploy patches in a timely manner.
Our survey shows that patch deployment is both the
most used prevention solution available today (58%
adopted) and also the most desired (25% interested in
adopting) (see Figure 5). In addition, respondents
believe patch deployment delivers the most critical
value of all the protection solutions, though patches
cannot protect against zero-day exploits for which
patches do not exist (see Figure 6).
However, patch deployment can cause end user
disruptions, as some of the most vulnerable applications
are also some of the most critical, meaning any
downtime is going to disrupt the business. Also, some
applications release dozens of patches a year, making it
difficult to keep up. For these reason, 58% of
respondents said that patch deployment causes at least
1
some noticeable end user impact.
2. Whitelisting is the philosophical opposite to
antivirus software. Whitelisting focuses on the “known
good”; only trusted applications or processes are
allowed to run, while all other executables — including
potentially malicious code — are blocked by default.
This gives security pros the power to remove unknown
5
apps as potential conduits of attack, ultimately leading
to a smaller footprint of running applications while
decreasing the endpoint’s attack surface.
However, no exploit protection for whitelisted software
is offered unless additional memory exploit protection
measures are leveraged, so whitelisted applications can
still be exploited, leading to a compromised endpoint.
Additionally, setting up the initial whitelist is not a trivial
matter; every time a user installs a new app or receives
an update/security patch for an existing app, the
whitelist must be updated accordingly if a default-deny
policy is enforced. The more heterogeneous your
endpoint environment is, the more challenging
whitelisting becomes. As a result, whitelisting is one of
the lesser-used endpoint security solutions. Our survey
shows that only 39% of survey respondents have
adopted whitelisting solutions at their organizations.
Another approach to whitelisting involves controlling
execution through a more generalized approach by
broadly whitelisting folder locations, code signers, and
certain behaviors, and then dynamically whitelisting
individual applications or processes via a threat
intelligence feed. This type of execution control reduces
the challenges involved with managing application
whitelists, but it still does not prevent exploitation of
whitelisted applications.
FIGURE 5
App Integrity Protection, Privilege Management,
And Virtual Patching Are The Top Desired
Prevention Capabilities
“Which of the following prevention (no prior knowledge
of threat required) capabilities are you using today for
endpoint protection? Of the technologies/capabilities
you are not currently using, which do you have interest
in adopting?” (Select all that apply)
Adopted
Interested in adopting
Patch deployment
capabilities
58%
Privilege
management
25%
55%
Application exploit
prevention
47%
Data/app
isolation
42%
Whitelisting
39%
17%
20%
18%
14%
Base: 125 North American IT security decision-makers responsible for
endpoint security
Source: A commissioned study conducted by Forrester Consulting on
behalf of Palo Alto Networks, May 2015
FIGURE 6
Respondents Feel They Get The Most Value From App Exploit Prevention And Patch Deployment For
Prevention Solutions
“How much security value do you feel you get from each of your current endpoint security solutions?”
(Prevention [no prior knowledge of threat required])
Critical value
High value
Patch deployment capabilities (N = 72)
44%
Privilege management (N = 69)
33%
Application exploit prevention (N = 59)
Data/app isolation (N = 53)
Whitelisting (N = 49)
40%
45%
32%
53%
25%
20%
Base: Variable North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
53%
49%
6
3. App privilege management enforces least privilege
on the endpoint. Application privilege management
software gives administrators the power to remove
admin rights on their end user endpoints while elevating
application-specific privilege levels as needed. This is
achieved by modifying the security token assigned to
each running process in order to control their respective
privilege levels. Since most malware require admin
rights in order to run, this form of application control
offers a reasonably high level of malware protection.
Our survey shows that 33% of respondents feel the
solution provides critical value, and 45% feel it provides
high value. Privilege management solutions are
currently adopted by 55% of respondents.
Another mode of application exploit prevention inserts
itself as an enforcer in memory, monitoring a defined
set of processes that have been profiled to be misused
by most exploits. By modeling the bad behavior of
exploits, the set of malicious activity to be watched for is
reduced to a manageable level and allows for
prevention of new attacks with relatively low processor
overhead. This mode of application exploit prevention
requires an intimate knowledge of each operating
system’s weaknesses, and therefore is typically limited
to covering the most widely used operating systems.
5. Data and application isolation contains running
apps/tasks. Endpoint execution isolation solutions
execute commonly used applications and/or user tasks
within those applications as a means of protecting
against known and unknown exploits. Supported
applications (and their associated tasks) execute within
logical containers, with all behaviors and interactions
between the application/task and outside environment
monitored closely (including networking and disk
input/output). One of the major benefits of this
technology is the fact that even if a piece of malicious
code is allowed to run, its ability to interact with the
system as a whole is severely limited by the logical
separation put into place between the exploited
application and the rest of the system.
However, IT administrators face similar challenges with
app privilege management as those presented by
whitelisting; the list of software requiring admin rights
takes time to build and must be monitored closely.
Additionally, no exploit protection for the allowed
software is offered. Once allowed software has been
exploited, an attacker can escalate privileges regardless
of whether the end user had local admin privileges.
4. Application exploit prevention guards running
code. Application exploit prevention ensures that
applications act in a “known good” way while blocking
all other actions taken by those supported applications.
Since application exploit prevention — if set up in such
a way — will prevent unknown code from modifying
existing applications stored on the hard drive or taking
abnormal actions within running memory, this form of
protection offers better protection against software
exploits when compared with AV, whitelisting, or app
privilege management. Our survey shows app exploit
prevention is one of the more valuable prevention
solutions, with 32% saying the solution delivers critical
value, and another 53% saying it delivers high value.
Some application exploit prevention solutions involve a
much more extensive data set for each application
(compared with a simple hash used within application
control products), and most tools only support a limited
number of applications. Code verification and blocking
processes must also be aligned in a way that doesn’t
interfere with software patch deployment. With a few
exceptions, post-infection remediation functions
(quarantine and code removal) are generally
nonexistent in these solutions because they focus on
preventing the attack before any damage can be done.
On the other hand, endpoint execution isolation
generally places a greater demand on system
resources when compared with other forms of endpoint
protection. Fifty-seven percent of our survey
respondents said that these solutions cause at least
2
occasional noticeable end user performance impact.
Also, endpoint process isolation products generally only
support a limited number of commonly used
applications. As a result, only 25% of our survey
respondents felt the solutions delivered critical value.
Each of these five prevention-oriented endpoint security
approaches provides a different balance of security versus
usability. Furthermore, most of them address unknown
malware or unknown exploits, but not both. Our survey
shows that finding solutions that maximize both
requirements are what S&R pros are looking for:
›
Today’s endpoint security requires a shift from
detection to prevention and must increase protection
against zero-day threats. Not all current prevention
capabilities are able to effectively prevent unknown or
unpatchable threats (see Figure 7). Our survey found that
7
FIGURE 7
Today’s Endpoint Security Solutions Must Provide Zero-Day Coverage
“How long does it take for each endpoint security solution to respond to new threats?”
(Prevention [no prior knowledge of threat required])
Requires manual effort to load new threats/signatures
New threats/signatures are updated automatically; however,
it can take > 1 week for newly announced threats/vulnerabilities
to be covered
Protection is in place for new threats less than 72 hours
from public announcement
Protection is available the same day as public announcement
Some new threats are covered by existing heuristic/
model-based protection, others are covered within
24 hours of announcement
Don’t know/NA
2%
Data/app isolation 6%
Application exploit prevention
8%
3%
Patch deployment capabilities
Whitelisting
36%
14%
Privilege management 6%
34%
43%
12%
37%
40%
26%
8% 6%
19%
32%
30%
41%
15%
11%
26%
33%
12%
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
some of the top-desired prevention techniques today,
patch deployment and some types of app exploit
prevention, can take days to update, meaning zero-day
threats must be handled with other endpoint protection
capabilities. Other prevention techniques like whitelisting
often require a workflow process with approvals, and 55%
of the time require multiple days to respond to a new
threat. When using one of these techniques, you want to
look for those that provide protection against zero days
without having to wait for a product update.
Endpoint Protection Must Include
Prevention Of Zero-Day And
Targeted Unique Exploits
Our survey shows that security pros are looking for these
capabilities in their endpoint security solutions:
›
Set-and-forget prevention solutions. We asked
respondents what functionality they would like to see in an
endpoint protection solution. Not surprisingly, the most
desired capabilities protect against never-before-seen
malware, and exploits of unpatched vulnerabilities in the
browser, OS, and third-party apps, which are the top
endpoint threats for security pros (see Figure 8). Figure 9
maps the options available to provide strong prevention
capabilities against the top-three-ranking requirements
from our survey (see Figure 9).
›
Strong integration of endpoint and network protection
to stop malware before it even reaches the endpoint.
Respondents in our survey said that endpoint integration
with network security was the most valuable detection
capability. It is also a highly desired feature of endpoint
security.
›
Solutions that stop malicious processes at the lowest
level (also known as “instant patching”). If an exploit
does manage to evade detection by network protection
for email or web traffic, the expectation is growing that the
endpoint will be able to monitor itself at the process
memory level, detect abnormal behavior, and prevent
exploits from executing. This functionality is sought as a
form of “instant patching” and acknowledges that the
attackers will always be able to create new exploits faster
than security pros can spot and patch vulnerabilities.
8
FIGURE 8
Prevention Of Zero-Day Exploits And Protection For Unpatched OS/Browsers Top The Want List
“What functionality would you like to see from your endpoint protection solution?”
(Rank your top five)
1
2
3
4
5
Ability to prevent never-before-seen malware (zero-day malware)
Ability to protect against exploitation of unpatched vulnerabilities
in browsers
Ability to protect against exploitation of unpatched vulnerabilities
in operating systems
Integration into network security (i.e., web/email security gateways)
19%
9%
12%
10%
Ability to protect against exploitation of unpatched vulnerabilities
6%
in productivity software
13%
11%
10%
8%
10%
13% 6%
12%
14% 6% 4%
14%
9%
Lower operational costs for incident response 6%
8% 7% 8% 7%
3%
More automation in remediation/response 4% 6%
12% 5%
2% 2%
Logging and forensic collection of network traffic to/from endpoint 6%
10%
10%
Logging and forensic collection of memory activity (inspection into
6% 6% 6% 6% 6%
active processes)
Logging and forensic collection of disk read/write activity 6% 6% 4% 6%
Integration into correlation/analytics tools
8%
9% 6% 7% 5%
Less pressure to deploy patches before fully tested 5% 5%
8% 4% 7%
Integration into cloud security gateways 6% 4% 7% 4% 7%
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
FIGURE 9
Endpoint Prevention Solutions Capabilities Checklist
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
12%
10%
12% 7%
3%
11%
11%
7%
9
Key Recommendations
Forrester recommends that security pros choose carefully when replacing or augmenting standard antivirus solutions
for endpoint protection. The best solutions will be those that offer a combination of strong integration between endpoint
and network security components in addition to some form of zero-day exploit prevention for OS, browser, and thirdparty applications. To protect their endpoints, security pros should:
›
Focus on prevention. Prevention requires some combination of sophisticated baseline process behavior
modeling and careful control over applications. Products that require an update before they can block a new zeroday exploit or products that detect indicators of compromise (IOCs) and then attempt to mitigate the damage are
not providing a real prevention capability. The ultimate prevention capability would prevent “patient zero.” Look for
a match between the level of effort required to support a given solution and the capabilities of your support staff.
›
Reduce the attack surface through a balance of prevention, detection, and remediation proficiency. The
most mature organizations make sure that they have the basics of vulnerability and patch management down
cold, but realize that patching does not address the zero-day threat. They should use a risk-based approach to
determine where to deploy advanced solutions in their network.
›
Integrate endpoint security with network security to create a virtuous cycle of detection and prevention.
Some attacks are launched across the Internet via email or waterhole vectors, while others arrive directly at the
endpoint via portable storage devices or a laptop that is outside the corporate network. This means that both the
endpoint and the network must be prepared to prevent never-before-seen threats. The best solutions look to
share information on what these threats look like across both the endpoint and the network in order to increase
the speed and coverage of response to rapidly evolving threats.
›
Focus on decreasing attack surface while creating as little friction as possible for employees. Security
pros are tasked with balancing the need for protecting sensitive data stored on employee devices with the need
to enable employee productivity and innovation. When choosing any security technology to be used on an
employee device, do not underestimate the importance of preserving endpoint performance and user experience.
Employees are continually installing new software and have little tolerance for security products that stand in the
way of their own innovation or productivity.
10
Appendix A: Methodology
In this study, Forrester conducted an online survey of 125 organizations in North America with over 500 employees to
evaluate endpoint security solutions. Survey participants included decision-makers in IT security responsible for endpoint
security. Questions provided to the participants asked respondents about their current endpoint security technologies across
three domains: detection, remediation, and prevention. We also asked about the value, impact on end users, and
deployment issues with each technology. In addition, we also conducted three interviews with endpoint security decisionmakers, one of which was a contact from Palo Alto Networks. Respondents were offered financial compensation as a thank
you for time spent on the interviews. The study began in April 2015 and was completed in May 2015.
Appendix B: Demographics/Data
11
FIGURE 10
Survey Demographics
“In which country do you work?”
“Which of the following best describes the industry to
which your company belongs?”
Canada,
2%
Healthcare
21%
Financial services and insurance
21%
United States,
98%
“Using your best estimate, how many employees work
for your firm/organization worldwide?”
20,000 or more employees
18%
5,000 to 19,999 employees
18%
1,000 to 4,999 employees
500 to 999 employees
Retail
11%
Manufacturing and materials
10%
Business or consumer services
8%
Government
6%
Energy, utilities, waste mgmt.
6%
Other (please specify)
5%
Education and nonprofits
3%
Telecommunications services
3%
Transportation and logistics 2%
Electronics 2%
42%
Construction 1%
22%
Chemicals and metals 1%
Consumer product manufacturing 1%
“Which of the following roles in IT are you
significantly involved in?”
IT security
100%
IT operations
78%
IT infrastructure
Cloud infrastructure/operations/
architect
Networking/telecommunications
Information and knowledge
management
Sourcing and vendor management
74%
62%
62%
Manager
26%
61%
45%
44%
34%
14%
C-level
executive
22%
Vice
president
14%
49%
Solution/application architecture
Application development and
delivery
Software testing and QA
Business analyst
“Which title best describes your
position at your organization?”
Director
39%
Other (please specify) 1%
Base: 125 North American IT security decision-makers responsible for endpoint security
(percentages may not total 100 because of rounding)
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
12
FIGURE 11
Survey Demographics: Endpoint Responsibilities
“Which of the following categories of technology decision-making are you significantly involved in?”
(Select all that apply)
Infrastructure or data security
94%
Security event/incident management
92%
IT compliance
86%
Threat and vulnerability management
82%
Identity and access management
80%
Managing third-party security services
60%
“What is your level of responsibility around your organization’s endpoint security?”
I am often the final decision-maker for endpoint security
I provide significant input to the final decision-maker
around endpoint security
59%
41%
Base: 125 North American IT security decision-makers responsible for endpoint security
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015
Appendix C: Endnotes
1
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015.
2
Source: A commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, May 2015.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz