New ISG Insights Digital Disruptors Report – Cyber Deception Platforms Show Promise

Bruce Guptill, Jim Hurley Research Alert

What is Happening?

Digital cyber deception changes the traditional enterprise security approach from (possibly) learning about compromises months after they occur, toward definitively seeing and handling cyber-attacks that are underway. It helps to put the enterprise back in charge of its own cyber-defenses. However, as with any new disruption, there will be obstacles on the way to mainstream adoption.

A new ISG Insights report – Digital Disruptors in Digital Cyber Deception – from ISG Insights reviews how cyber deception works (and why), and looks at five providers of digital cyber deception platforms. These providers are helping to define and drive the agenda of digital cyber deception, and the way we will think of and practice, defensive cyber-security in the future.

Digital Disruptors in Digital Cyber Deception examines offerings from five providers that we see helping to shape the cyber deception marketplace while disrupting traditional cyber security approaches. The five – Acalvio Technologies, Attivo Networks, Cymmetria, Illusive Networks, and TrapX Security – are profiled by functionality, relative strength, and challenges, with our recommendations as to where each is best suited.

In addition to the five providers of digital cyber deception highlighted in this report, other providers include CounterCraft, CyberTrap, Javelin Networks, Smokescreen Technologies, Thinkst, and Topspin Security. Other providers claiming to field products with similar features include Guardicore, Shape Security and vArmour. Clients of ISG Insights can look forward to examinations of these in future Research Notes and reports.

Why is it Happening?

As we have long maintained, the nature of interconnected systems means that there really cannot be an effective IT security perimeter. And the more users, devices, and software are linked, the less effective are traditional practices focused on boundaries and barriers to stop intrusion and loss.

The impetus driving adoption of digital cyber deception comes from enterprises in industries where cyberattacks are continuous, where the frustration of cyber-defenders is high, where the cybersecurity culture is open to new approaches, and where dealing with new and small providers is not anathema to IT and security leadership – or procurement organizations. Integration with security incident and event management/security operations center (SIEM/SOC) processes will speed enterprise adoption.

Instead of emplacing more barriers to stop cyber-attackers, digital cyber deception lures them into one-way traps. The bait of digital cyber deception helps to maneuver attackers into what appear to be real systems, while keeping them away from operations and digital crown jewels. It plants deceptions – e.g., breadcrumbs, lures, and tokens – throughout the network that attackers expect to find and use to move about in search of digital booty. It transports attackers into a range of decoy systems ranging from database stores, Linux and Windows servers, domain name servers, Active directory servers, point of sale (POS) and industrial control systems (ICS) among others. Once lured, attackers are kept bottled-up in digital honeypots and away from anything that will result in harm.

Anything touching a digital deception is considered a valid attack. Users so far report complete accuracy regarding attacks, with no false positives. Its track record indicates that cyber-defenders are notified as soon as digital deceptions are touched, while the movement of cyber-attackers is monitored in real-time. Better yet, users say its decoys are keeping invaders occupied in virtual environments that are easy to get into, and very difficult to escape from – a little like a digital jail.

Net Impact

Digital cyber deception is the new paradigm for defensive cybersecurity. It stops cybercriminals and attackers by fooling them. It does this by inviting attackers using deceptions, it lures attackers and then traps their lateral movement into mirage kingdoms of shiny fools-gold. Instead of old-world brute-force security that is losing its oomph, this smarter approach to cybersecurity changes the rules of the game in favor of the enterprise.

Readers of Digital Disruptors reports should of course make their own determinations and assessments regarding potential providers, based on their unique requirements, relative priorities and evolving strategies specific to the business or IT challenge at hand. Those requirements should form the criteria for evaluation and selection of providers and solutions.

ISG Insights’ Digital Disruptors are not meant to be complete or exhaustive lists of all technology vendors, solution providers or offerings in a particular area of Business IT. Inclusion in a Digital Disruptors report is not limited to clients of ISG, and implies no endorsement with respect to the providers, nor a warranty of provider suitability or viability. The source of Digital Disruptors content is based on a combination of non-confidential information and analyst insight, supported by fact-based research and analysis and ongoing engagement with both enterprise leaders and providers.

The report is available immediately to ISG Insights subscription clients by clicking here. Clients may also simply log in and download a PDF of the report. Non-clients may obtain copies of the report by contacting ISG Insights at https://insights.isg-one.com/contact-us/become-a-client.

ISG Provider Lens – Germany 2018 – SAP Hana Services (ehemals Experton Vendor Benchmark): Research-Phase beginnt

Rainer Suletzki

Rainer SuletzkiIn den letzten Jahren wurde von verschiedenen Datenbank-Anbietern die sog. In-Memory-Technologie etabliert, bei der im Unterschied zu herkömmlichen Technologien ein großer Teil oder alle relevanten Anwendungsdaten im Hauptspeicher der eingesetzten Hardware vorgehalten werden. Der unmittelbare Nutzen besteht darin, die Geschwindigkeit der Datenzugriffe und somit der jeweiligen Anwendungen drastisch zu verbessern. Die ersten Anwendungsbeispiele bezogen sich daher häufig auf Data Analytics-Anwendungen. Inzwischen rücken auch die durch drastisch verbesserte Performance möglichen völlig neuen Geschäftsprozesse in transaktionalen Anwendungen in den Fokus. In diesem Kontext hat das entsprechende Angebot der SAP, die HANA-Technologie, vermutlich die bedeutendsten Auswirkungen, weil sie über die Infrastrukturaspekte hinaus auf das breite Anwendungsportfolio von SAP abgestimmt ist, mit der Optimierung des Datenmanagements (Data Aging) kombiniert werden kann und das Zusammenwirken von Data Analytics und transaktionalen Systemen verbessert. Mit dem neuesten Produkt S/4HANA bietet SAP ferner eine radikale Vereinfachung der Datenbankstrukturen innerhalb der SAP Business Suite an („Run Simple“). Die publizierten Verkaufszahlen von SAP legen nahe, dass in vielen Unternehmen der Übergang auf diese Technologie konkret geplant und vielfach auch bereits begonnen wird.

Die zu erwartenden vielfältigen Auswirkungen werden die Nachfrage nach kompetenter Unterstützung bei Konzeption und Implementierung von SAP HANA durch geeignete Services voraussichtlich stetig und signifikant erhöhen.

ISG evaluiert und differenziert im Jahr 2017 erneut alle relevanten SAP HANA Services-Anbieter für Deutschland und synchronisiert dabei Anforderungen auf Anwenderseite mit Angeboten auf Anbieterseite.

Die Studie gibt CIOs, IT-Managern und Pressevertretern auch 2017 einen detaillierten und differenzierten Überblick zu den wichtigsten SAP HANA Services-Anbietern im deutschsprachigen Markt. Zudem werden Pressevertretern ausgewählte Ergebnisse der ISG Provider Lens-Studie für deren Publikationen zur Verfügung gestellt.

Die Research-Phase zur Studie umfasst:

  • Herstellerbefragungen
  • Expertengespräche mit unseren Advisors
  • Bewertung von Produktunterlagen und Referenzen
  • Das Testen und die Bewertung der jeweiligen Angebote

Zeitplan:

Milestones Beginn Ende
Projekt Kick-off 09.05.2017
Herstellerbefragung 01.06.2017 06.07 2017
Sneak Previews 04.09.2017 09.10.2017
Bereitstellung der Studie 17.10.2017
Presseveröffentlichung 25.10.2017

Um IT-Verantwortliche bei der Vorauswahl ihrer möglichen Partner zu unterstützen, führt die ISG eine umfassende Provider Lens Studie über die Leistungsfähigkeit der in Deutschland aktiven Dienstleister durch.

Die folgenden Bereiche sind Gegenstand der Analysephase für Deutschland:

Bereiche

Die Positionierung der Anbieter erfolgt im Rahmen eines neutralen und unabhängigen Research- und Bewertungsprozesses. Die Teilnahme an der Studie ist KOSTENFREI. Anbieter können lediglich NACH Erstellung des Benchmarks Zweitverwertungsrechte an der Studie zum Gebrauch in Marketing, Presse und Vertrieb erwerben.

Die ISG wird die Auswahl der zu untersuchenden Unternehmen und Services im Rahmen der ISG Provider Lens-Analyse unabhängig von einer aktiven oder passiven Teilnahme vornehmen. Um jedoch unseren Advisors eine möglichst vollständige Bewertung der SAP HANA-Angebote Ihres Unternehmens zu ermöglichen, möchten wir Sie (als Anbieter) bitten, sich aktiv an der Studie zu beteiligen. Bitte reservieren Sie Ressourcen in Ihrem Haus, so dass die Einreichung der Fragebögen und die Terminierung der Briefing-Interviews pünktlich vor Abschluss der Research-Phase stattfinden können.

Um den Fragebogen und weitere Informationen ab Beginn der Research-Phase zu erhalten, senden Sie bitte eine E-Mail an jan-niklas.hombach@isg-one.com.

Eine Informationsbroschüre zum Projekt finden Sie unter diesem Link

Mehr Informationen zur unserem Research im Bereich SAP HANA finden hier.

Wir freuen uns auf Ihre Teilnahme!

ISDN: Der All-IP-Countdown läuft, rechtzeitig die Weichen stellen – aber wie?

Frank Heuer, Wolfgang Heinhaus Kommunikationslösungen waren früher in vielen Unternehmen ein Randthema, das häufig nur alle paar Jahre aufkam, wenn der Mietvertrag der Telefonanlage auslief. Mit der Ankündigung, dass 2018 die Umstellung von ISDN auf das All-IP-Netz abgeschlossen sein soll, stellen sich viele Unternehmen die Frage, wie man sich generell hinsichtlich der Kommunikationslösungen in Zukunft […]

Wie positionierten sich die Anbieter von Big Data Social Analytics in Deutschland im letzten Jahr?

Oliver Giering, Holm Landrock: In der Studie „Experton Big Data Vendor Benchmark 2017“ wurde im letzten Jahr die Anbieterlandschaft für Big-Data-Lösungen und -Services in insgesamt sieben Kategorien untersucht. Eine Kategorie betrachtete dabei die Anbieter von Big Data Social Analytics Lösungen. Die meisten relevanten, sozialen Netzwerke (wie LinkedIn, Xing, aber auch Facebook) sind nicht einmal 15 […]

Bereit für die Cloud? Experton Group launcht den Cloud-Readiness-Check für Software-Unternehmen

Laut Experton Group/ISG möchten immer mehr Nutzer Software-Anwendungen sicher, einfach und schnell aus dem Internet beziehen – ein Trend, der besonders Software-Hersteller (ISVs) vor große Herausforderungen stellt. Denn um auf diese Nutzeranforderungen eingehen zu können, müssen sie ihre Applikationen als Software-as-a-Service-Anwendungen (SaaS) in der Cloud bereitstellen. Mit dem Cloud-Readiness-Check von dem Research- und Beratungsunternehmen Experton […]

Improving the Customer Experience Takes More Than Technology Innovation

Ron Exler Research Alert

What is Happening?

Over the past few weeks, Customer Experience (CX) has been in the limelight because of publicized airline incidents as well as CX technology announcements from major providers. As enterprises focus on improving the experiences of their customers, it’s important to recognize the complexities of serving them. Customer expectations and experiences vary but in some industries satisfaction is high, while in others frustrations continue to mount. While it’s tempting to lean on technology to address CX shortcomings, working solutions can include technology but can’t rely solely on it. Enterprises also need the right policies, organization structure and methodologies. For example, airlines are longtime users of advanced technologies – especially for reservation systems – but recent events show it’s often the human element that determines the most critical customer experiences.

On the technology front, several recent announcements highlight the expanding focus on CX. Oracle held a conference called Modern Customer Experience 2017 April 25-27. At the conference, Oracle added to its Customer Experience (CX) Cloud Suite. The goal is to reduce IT complexity, improve customer experiences, and better business outcomes. Oracle’s technology innovations come in the form of chatbots and artificial intelligence as well as enhanced messaging, mobile, and video capabilities.

Another indicator of focus on CX amongst technology companies is mergers and acquisitions. This week Deloitte said it would acquire Web Decisions LLC, an omni-channel data management and marketing services company. Deloitte Digital plans to add this to its Customer Experience Value (CXv) offering that is both a solution and a set of services that provides marketers with a customer strategy that is aligned with their business strategy. Other services providers are adding CX-focused capabilities via acquisition or partnerships.

Yet the path to improved CX runs through Digital Transformation, which relies on changing processes and methods. The use of Agile methods intend for team sizes to be smaller and allow those teams to deploy more features into production earlier – many of which can improve CX – which can increase revenue. For example, Australia and New Zealand Banking Group (ANZ) recently said it will be adopting Agile methods to quickly respond to changing customer expectations, engage and empower staff, and to improve efficiency within the bank.

So technology has a role in CX across industries. In healthcare there’s much action around improving the patient experience by evaluating the entire patient journey. As they were grilled in Congressional hearings this week about recent events, several airline executives touted that they offer “in-the-moment” apps for mobile devices that assist employees to help solve issues on the spot. Such digital workplace solutions that empower the workforce and treat employees as individuals can improve CX.

Why is it Happening?

Today’s customers expect new ways of engaging, and digital technologies have raised the stakes and the bar for the customer experience. These pressures are driving change within enterprise business models, forcing creation of new customer-centric operating models, and make dramatic shifts in technology investment strategies. These strategies connect and cross customers, the supply chain, and enterprise departments, forming a Digital Fabric (Figure 1).

Figure 1: ISG Digital Fabric

ISG Digital Fabric

Source: ISG

We think several realities contribute to the confluence of technology and customer experience.

  • Competition. There’s increasing competition for customers in some industries, decreasing competition in others – both affect CX.
  • Customer expectations. Expectations change for a variety of reasons. We see more digital experiences with instant information and on-demand capabilities from some services. Those experiences raise the bar for all businesses.
  • Recent incidents. Highly visible incidents shine a spotlight on poor CX, while the ability to record and report incidents becomes ubiquitous.
  • Agile methods. There’s a growing acceptance of Agile methods, for IT as well as other parts of business – even in large enterprises.
  • Maturing technology. Customer Experience Management (CEM) solutions include sentiment analysis deriving insights from enterprise systems combined with data from social media and contact center interactions.
  • Emerging technology. Newer technology advances include some innovations that can scale and integrate with existing systems, e.g. cognitive computing, video, virtual reality / augmented reality, and wearables.

CX is a 360-degree model of engagement with many linked elements. Technology has an important and growing role in capturing and measuring those experiences; however, it can only supplement an underlying culture of service.

Net Impact

Because of mobile phones, brands are on display 24x7x365 with global reach within minutes. So while most enterprises do a good job most of the time, social media can highlight rare disconnects to overshadow those positive experiences. Enterprises need to recognize the new digital reality and plan accordingly.

An integrated approach to CX should include asking and answering these questions:

  • Which technologies help and in what parts of the customer journey? Do customers want or need all these technologies?
  • What’s the right combination of technology, policies, processes, and training to address ongoing problems affecting CX?
  • What’s the best approach to prevent problems by having systems not only enforce policies but also predict issues?
  • How can Agile approaches improve how the enterprise deliver services?
  • How can the enterprise use CEM to better gauge customer sentiment while also supporting marketing initiatives?
  • How can the enterprise help its customers feel better about their brands and improve CX with personalization?
  • How can the enterprise prepare for the inevitable viral video and follow-on backlash?

Enterprise might be willing, but are not yet ready, to address all elements of improving CX. Empowering employees is tricky but necessary. Often a customer service department is disconnected from the department responsible for employee training, for example. Outsourcing of such functions can lead to further disconnects, requiring oversight to ensure common focus on customer needs and desires across the customer engagement value-chain. Integrating CX with marketing seems obvious, but very few companies — perhaps as few as one in ten — are currently equipped to blend their marketing and customer experience processes, according to a recent observation from Oracle CEO Mark Hurd.

In summary, enterprises should focus on understanding the experience that the customer wants delivered. Do not get distracted or focused solely about what various technology solutions can accomplish. In other words, focus on the problem from all perspectives – that 360-degree view. The tools that might be available to help fix the problems will naturally follow suit.

Wozu eine WAF (Web Applikation Firewall)?

Unternehmen aller Größenordnungen stellen ihre Web Anwendungen in das öffentliche Netz zur Verfügung. Das Angebot ist sehr vielfältig. Bei Onlineshops können Produkte bestellt werden, es können Bankgeschäfte (Online Banking) ausgeführt werden und es können Formulare von Unternehmen und Behörden abgerufen werden. Berechtigte Partner greifen über die webbasierten Anwendungen auf interne Datenbanken bzw. Anwendungen zu. Die […]

Mobile Enterprise: Laptop oder Tablet, das ist nicht die Frage

Heute war ich bei einem typischen Research-Meeting zum Digital Workspace bei einem etablierten Anbieter. Erst wurde Kaffee serviert, dann kam der obligatorische Austausch von Visitenkarten, dann wurden die Arbeitsmittel ausgepackt: drei Laptops und zwei klassische Notizbücher. Diesmal war tatsächlich überhaupt kein Tablet dabei. Im Jahr 2017. Liegen wir in einem neuen Trend, nachdem ein Marktbericht […]

News aus dem Cloud Research Funnel

Bottom Line Anwender: Interne Cloud Ausgaben sollten stetig überprüft werden. Weltweit landen bis 2020 ca. 60% der Workloads in der Public Cloud. In Deutschland sind es gerade einmal 30% und vielleicht auch schon 40%. Die Private Cloud wird künftig für ca. 20% der Workloads eine Rolle spielen. Der Rest liegt in verteilen bzw. hybriden Systemen. […]

ISG Automation Index™ Report Indicates Broad and Growing Adoption

What Is Happening?

The use of automation in IT, Finance, and HR operations is growing and accelerating. And so far, it is more likely to improve productivity by removing robotic tasks from humans than by replacing humans with robots – so far.

ISG released this week its latest installment of the ISG Automation Index™, an analysis report focused on the use and impact of automation in IT services contracts and business support functions. The research leverages data collected from recently signed ISG-advised ITO contracts with a significant automation component and ISG-advised robotic process automation (RPA) assessments in Finance, Accounting and Human Resources. The report provides the most current analysis of how automation is changing the nature of IT services and business support functions.

Key findings from the report include the following:

Service provider productivity is surging. Employee productivity is improving across all towers by 24 to 143 percent; this is in sharp contrast to a historical norm of 5 to 10 percent.

Average Service Provider Productivity Impreovement by Tower

Figure 1: Average Service Provider Productivity Improvement by Tower. Source: ISG Insights.

Costs are declining, especially in areas where software is replacing hardware. Against ISG market benchmarks, double-digit cost reductions continue, with network and email management services showing the sharpest cost reductions, at 64 and 71 percent respectively.

Average Service Provider Cost Reduction by Tower

Figure 2: Average Service Provider Cost Reduction by Tower. Source: ISG Insights.

Shared services processes using RPA require an average of 37 percent fewer resources. Procure-to-pay, order-to-cash, record-to-report and hire-to-retire processes, as well as a number of vertical-specific processes, such as loan servicing and underwriting, all require significantly fewer resources to execute with the application of RPA than those same processes without RPA.

Average FTE Reduction by Business Process after RPA

Figure 3: Average FTE Reduction by Business Process after RPA. Source: ISG Insights.

Why is it Happening?

For IT service providers, competition is fierce. In one out of every two competitive renegotiations, providers lose all of the scope they once managed for the client. Offshore labor rates and ratios are in flux as well, making labor arbitrage a less effective/certain way to reduce prices for cost-conscious customers. And finally, adoption of Software-as-a-Service and Infrastructure-as-a-Service platforms in on the rise while traditional outsourcing is generally flat. These factors, combined with the need to decouple a business’ potential for growth from the number of people it employees, is driving IT service providers to aggressively incorporate automation into their service delivery model.

For business buyers, the rapid emergence of digital business means that customers, employees and partners need access to products and services in real-time. It also means that transaction volumes created by new digital experiences are increasing. The challenge for business support functions is that their budgets are flat to shrinking – even in the face of new digital requirements. Therefore, buyers are turning to technologies like RPA to execute business processes faster, improve quality and compliance and avoid future costs – usually in the form of hiring new people to handle increased volumes.

Net Impact

For IT service providers, the impact will be sudden and dramatic. While the ITO deals we analyzed for this report do not reflect the entire $114B outsourcing market, they do represent the new types of contracts we see emerging in our client activity. We believe that in the second half of 2017, and into 2018, the size and number of contracts with a significant automation component will grow quickly, which will put even greater pressure on service provider pricing. The question will be: can service providers deliver on productivity commitments? As discussed in the report, we believe providers are committing “ahead of the curve” in some cases, and they have not yet fully proven that their automation software can reach the committed levels of productivity.

Given the newness of the technology and the conflict that exists today between IT and business support functions in areas like security and compliance, business buyers will feel the impact more gradually. However, as successful RPA implementations continue and business benefits accrue, adoption will broaden and accelerate, encompassing even more business support functions. This will, in turn, have a profound impact on the business process outsourcing (BPO) market, as enterprise leaders begin to opt for delivery models that focus on a small number of in-country, high-skilled resources supported by a large number of robots over a traditional outsourcing delivery model that depends on a large number of offshore resources. Additionally, as RPA gets “smarter” with the help of machine learning algorithms, the kinds of business processes that can be automated will only increase.

In both scenarios, today we see “task” automation versus “role” automation. This means slices of jobs are being automated, not entire jobs. In most cases, we see two impacts of this: 1) humans workers simply take on more work with the assistance of a bot or 2) humans have more capacity to accomplish higher-value work. However, as more and more tasks are automated, it is only a matter of time before entire roles will be automated. The tipping point has not yet been reached, but, given how quickly these technologies are maturing, it is not likely far away.