Cybersecurity Consulting, Training in High Demand

Written by Edward Gately
January 9, 2019

IT executives often struggle to justify security investments to management.

Cybersecurity consulting and training vendors are a hot commodity in the channel as many U.S. companies face constant attacks from outside their organizations and the use of unauthorized IT products by employees on the inside.

That’s according to a new report by Information Services Group (ISG). It evaluated the capabilities of 49 IT security providers across four quadrants: network security; data center and cloud security; endpoint security; and security services.

IBM is named a leader in three of the four quadrants, while Barracuda Networks, Cisco, Palo Alto Networks, Symantec and Trend Micro are leaders in two. Accenture, Check Point Software, HCL, Juniper Networks, Kaspersky Lab, McAfee, NTT, Secureworks, Splunk and Wipro are leaders in one quadrant.

ISG’s Jan Erik Aase

Jan Erik Aase, ISG Insights’ director of research and principal analyst, tells us his firm has compiled a number of these reports in the past focused on Germany, but this is the first time it has taken a look at the state of cybersecurity solutions and services in the United States.

“It’s surprising to see companies facing such a lack of qualified cybersecurity talent,” he said. “As a result, we are seeing a rise in demand for virtualized security to support cloud migrations.”

Consulting and training vendors are playing a key role in helping improve companies’ cybersecurity efforts, especially when combined with up-to-date IT and communications equipment, according to the report. Training services can help educate employees about the dangers of so-called shadow IT products and about avoiding other thoughtless behavior, it said.

“Enterprises are increasingly looking to service providers to help them address the talent shortage by providing training and outside skilled labor,” said Esteban Herrera, partner and global leader of ISG Research.

At the same time, IT executives often struggle to justify security investments to management because it isn’t always possible to prove return on investment. As a result, IT security spending is shifting toward cloud and as-a-service managed services, the report said.

The report also finds enterprises embracing artificial intelligence (AI) and machine learning as cybersecurity tools.

“Attacks need to be detected in real time,” Herrera said. “Automated incident response has become the new normal in security operation centers.”

Deception technology, which offers a more proactive approach to detecting, deceiving and defeating cybercriminals, is gaining in prominence, according to the report. Enterprise leaders also are reevaluating in-house security information and event management (SIEM) systems and cloud security operations centers (SOCs), and increasingly investing in sophisticated detection tools.