Database security and security information and event management (SIEM) are the top priorities for IT decision-makers in enterprises,due to ‘increased’ security threats, according to a McAfee report.
The annual study looked at the way IT decision-makers address the challenges of risk and compliance management in an increasingly complex global business environment.
Database security has always been a concern for companies due to much publicised data breaches and regulatory compliance requirement with majority of the enterprises’ sensitive information lying in databases.
McAfee security management vice president Jill Kyte said managing risk through security and compliance continues to be a leading concern for organisations the world over.
"Meeting the requirements of increasingly demanding regulations while reducing exposure to the new classes of sophisticated threats and having an accurate understanding of risk and compliance at any point in time – can be challenging," he added.
"To address this issue, organizations are looking to "best-of-breed" solutions to manage all aspects of their risk and compliance needs and reduce the amount of time spent managing multiple solutions."
McAfee report showed nearly one quarter either had a sensitive database breach or did not have the visibility to detect a breach.
With respect to SIEM, another top concern, findings showed that most organisations depend on legacy systems that do not meet their current needs though nearly 40% of them are planning to upgrade their SIEM product.
Discovering threats was agreed as the top challenge to managing enterprise risk while 80% of respondents cited visibility as very important since security teams remained challenged in this area.
About 96% of the organisations indicated additional expenditure on risk and compliance and 40% planned to move towards hosted SaaS and Virtualization in 2012.
Other notable findings of the research include one-third of all organisations prioritising the implementation of risk and compliance products to address vulnerability assessment, patch management, remediation, governance, risk management, and compliance.
Patch Management frequency is identified as a major challenge and as not all companies are able to pinpoint threats or vulnerabilities, 43% revealed that they over-protect and patch everything they can.
