Cover Image


Risk Assessment for Connected Systems

出版商 VDC Research Group, Inc. 商品編碼 322875
出版日期 內容資訊 英文 15 Pages
商品交期: 最快1-2個工作天內
Back to Top
連網型系統的風險評估 Risk Assessment for Connected Systems
出版日期: 2014年04月10日 內容資訊: 英文 15 Pages



  • 主要調查結果



  • 基本的風險評估
  • 滲透測試
  • 侵入偵測&防止
  • 活動反應
  • 選擇供應商



This report discusses and analyzes products and services used to assess security vulnerabilities and threats to connected systems, as well as key strategic issues, leading vendor trends, and other factors impacting the market for these solutions. The report integrates selected findings from VDC's recent security survey of IT professionals.

What questions are addressed ?

  • How prevalent are security breaches?
  • What portion of organizations with IT systems performs risk assessments, and how often do they perform them?
  • What can IT managers do to elevate the importance of risk assessments within their organizations?
  • What factors are most important in the selection of security solutions vendors?
  • How are continuous security monitoring systems and services impacting the need for risk assessments?

Executive Summary

Periodic risk assessment is vital for maximizing network security and minimizing vulnerability, and it is often required for regulatory compliance. Procedures such as penetration tests can reveal security flaws by using many of the same tools used by hackers. In addition to periodic tests, many IT network administrators are implementing continuous monitoring systems, such as host-based and network-based intrusion detection and intrusion prevention systems. Event response services add another layer of protection to reduce the damage done by any breaches. The latest network security systems and services-likely growth areas for the industry-utilize collective intelligence gleaned from numerous clients to rapidly disseminate threat information in real time.

Key Findings

  • More than one quarter of IT professionals surveyed said that their networks had been breached in the prior year.
  • The vast majority of companies use some form of risk assessment, although in smaller companies it is more likely to be an informal process.
  • About two-thirds of companies surveyed use network-based intrusion detection or prevention systems, and nearly half use host-based systems, yet those users were not significantly less likely to have suffered a security breach.

The Need for Risk Management

Any Internet-connected devices or systems are inherently at risk of breaches by hackers seeking to install malware, extract data, and/or interrupt services. Automated bots run by hackers throughout the world are constantly probing for network ports or IP addresses that they can attempt to exploit. And many high-value systems are explicitly targeted, in some cases by sophisticated hackers with extensive technical skills and resources, effectively operating as organized criminals. In short, security risks are a fact of life on the Internet.

In a survey of IT systems administrators and IT developers conducted by VDC in March 2014, XX% of respondents said they had a security breach of devices connected to their IT networks in the past year, as shown in Exhibit 1.

[Data available in full report.]

Exhibit 1:
Percent of companies that had IT networks breached in prior year

Although only one third of respondents who reported breaches said that M2M/IoT devices were among those breached, VDC expects that portion will rise in the coming years as the number and prevalence of IoT devices increase.

Exhibit 2:
Types of devices that were security breached (multiple responses permitted)

Table of Contents

Executive Summary

  • Key Findings

The Need for Risk Assessment

  • Exhibit 1: Percent of companies that had IT networks breached in prior year
  • Exhibit 2: Types of devices that were security breached

Risk is More Than Just Vulnerability

  • Basic Risk Assessment
    • Exhibit 3: Percent of companies that have conducted risk assessment, by company size
    • Exhibit 4: Frequency of conducting security vulnerability/risk assessments
  • Penetration Testing
    • Exhibit 5: Use of tools and external services for penetration testing
  • Intrusion Detection & Prevention
    • Exhibit 6: Use of intrusion detection and prevention
  • Event Response
  • Vendor Selection
    • Exhibit 7: Importance of factors in security vendor selection

Ideas & Insights

Back to Top