CyberEdge’s “2014 Cyberthreat Defence Report”, published in early February, found that respondents rated network access control (NAC) highest of all the security technologies in its potential to defend against today’s cyberthreats and that 77 percent of IT professionals are using or plan to use NAC for mobile security. The survey also showed the compelling need for continuous monitoring and mitigation; more than 60 percent of participants had been breached in 2013, with a quarter of all participants citing a lack of employer investment in adequate defences as a factor.

The research, which is the first of its kind to offer a 360 degree view of organisations’ perceptions of security threats and their security investments, was completed by CyberEdge Group, LLC and sponsored by ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organisations, and eight other information security companies. Surveying more than 750 security decision makers and practitioners in organisations with 500-plus employees in North America and Europe, the report is designed to complement Verizon’s annual Data Breach Investigations Report.

Key Findings

The Cyberthreat Defence Report offered unique insights into challenges faced by professionals in IT. Some of the key findings relevant to network security and next-generation NAC include:

  • Participants were asked to rate—on a scale of 1 to 5, with 5 being highest—their perception on the effectiveness of various cyberthreat defence solutions. NAC received the highest marks at 3.71
  • NAC is the most often used technology (53 percent of respondents) to detect host security misconfigurations
  • NAC is the most often used technology to detect vulnerabilities and security misconfigurations within transient laptops and mobile devices (51 percent)
  • Adoption of BYOD policies is anticipated to move from 31 percent in 2014 to 77 percent in 2016
  • Endpoints are cited as the weakest link in most organisations’ IT environment

Information security is becoming more challenging due to three disruptive changes that nearly all enterprises are experiencing: IT infrastructure complexity due to an exponential increase in network connections and use of mobile, virtualisation and cloud technology; diminished capacity to manage endpoints caused by growing network-enabled and personal device use at the workplace; and difficulty to efficiently mitigate exposures within a growing attack landscape. To address these challenges, many organisations are supplementing their existing security investments with next-generation NAC to dynamically see and control user, device, application and access diversity. Organisations are also progressing their traditional layered defence model to one that leverages infrastructure interoperability in order to better support continuous monitoring and mitigation processes.

“The results of the ‘2014 Cyberthreat Defence Report’ point to the wins, gaps and importance of advancing defensive strategies to enforce controls and pre-empt attacks. As such, many organisations are investing in automated techniques, including next-generation network access control (NAC),” said Scott Gordon, chief marketing officer at ForeScout. “The bottom line is that operating infrastructures are more extended and accessible, and the threat landscape is dynamic. Network security has to be pervasive and continuous – leveraging policy, tool interoperability and automation to allow IT to be more effective.”

Report Available Now

The 2014 Cyberthreat Defence Report is available now from ForeScout at