Legacy solutions failing to prevent attacks

Bromium has revealed the results of its “State of Security Report Card,” a survey of more than 100 information security professionals at the RSA Conference in San Francisco. The survey results reveal that legacy solutions such as firewalls and antivirus are failing to prevent attacks and address the priorities set by their CISOs.

  • Monday, 27th April 2015 Posted 9 years ago in by Phil Alsop

“The results of this survey serve as yet another proof point in a long line of data about the shortcomings of legacy security solutions,” said Clinton Karr, Sr. Security Strategist, Bromium. “Even if you cling to the belief that AV is not dead, the industry seems to be aware that it is in critical condition and is putting more stock in next-generation solutions.”


Specific findings from the “State of Security Report Card” include:
Organizations have room for improvement in prioritizing security – Bromium asked RSA conference attendees to grade their organizations on its ability to prioritize security by allocating the resources they require from A to F, and the majority gave their organizations a B or C:
A grade: 8 percent
B grade: 42 percent
C grade: 32 percent
D grade: 18 percent
F grade: Zero


Firewalls and Anti-virus are failing to prevent attacks – The survey asked RSA conference attendees to grade a variety of security solutions on their ability to prevent attacks and address the priorities set by their CISOs. Twenty percent of respondents gave firewalls a failing grade and 25 percent gave antivirus a failing grade. Among the most popular responses, 42 percent of respondents gave firewalls a B and 36 percent of respondents gave antivirus a C.


Next-generation solutions are performing above average – Next-generation firewalls, network sandboxes, endpoint isolation, host monitoring and threat intelligence solutions all performed well. None of these solutions were given a failing grade. Here is a breakdown of the most popular responses:
58 percent gave next-generation firewalls a B (17 percent gave it an A)
54 percent gave advanced threat protection/network sandboxes a B (20 percent gave it an A)
64 percent gave endpoint isolation/sandboxing/host monitoring a B (17 percent gave it an A)
44 percent gave threat intelligence a B (17 percent gave it an A)


Information Sharing Initiatives Show Promise; Face Hurdles – Bromium asked RSA conference attendees if their organizations would benefit from information sharing initiatives, such as those outlined in President Obama’s Executive Order, and if their organizations would participate. The overwhelming majority (78 percent) said they would benefit from information sharing initiatives, but less than half (48 percent) said they would participate. There is clearly a disconnect in these results, which suggest that information security professionals are concerned about how information sharing initiatives will aggregate and anonymize their organization’s data.
Survey Methodology