INTRODUCTORY SECTION 1. How would you describe your security architecture when it comes to the expanded attack surface?A. We have isolated security in silos and lack visibility across the entirety of our security elements. We also do not have any centralized policy controls.B. We have some security visibility and controls across our legacy technology infrastructure, but we struggle to extend it to include new digital additions such as IoT, the cloud (public, private, hybrid, SaaS), and mobile.C. We have fully transparent visibility and centralized controls across our entire security infrastructure. We are able to extend security to include new digital elements such as IoT, the cloud (public, private, hybrid, SaaS), and mobile. 2. How would you rate the level of complexity required to manage your security infrastructure?A. Our security team is burdened by multiple manual processes and workflows. The complexity of managing our security infrastructure has grown significantly with the addition of point security products. We also struggle to address new compliance requirements.B. While we have automated some processes and workflows to improve security and compliance, we still spend valuable time and resources on tying together our different security areas.C. We have adopted a fully integrated security architecture that supports comprehensive automation of security processes—including compliance reporting, governance, and threat-intelligence sharing. This, in turn, allows our security staff to focus on business-critical initiatives. 3. What best describes how your organization is dealing with the advanced threat landscape?A. We struggle to keep pace with the variety and velocity of today’s advanced threats. It feels like we are in a constant state of reacting to new malware and attack vectors and approaches.B. We try to implement advanced technologies and measures, such as threat intelligence, segmentation, and sandboxing, to address known, unknown, and zero-day threats. However, they have been added piecemeal over time rather than as part of a coordinated security strategy and architecture. This inhibits automated security responses and extends the time to prevent, detect, and remediate attacks.C. We regularly add the latest advanced security capabilities as part of a coordinated risk management strategy that enables us to stay abreast of the ever-evolving threat landscape, preventing as many threats as possible while limiting the spread of intrusions when they do occur. NETWORK SECURITY 4. Which one of the following best describes your network security strategy and approach?A. As the attack surface expanded and new compliance requirements increased, we deployed a patchwork of point network-security firewall solutions that are inefficient to manage and impede response to advanced threats. Additionally, these disparate network solutions cannot scale to meet new requirements, such as SSL inspection.B. Our data-center and campus networks rely on a consolidated network-security firewall technology. However, our network edge relies on disparate technologies that make the network difficult to manage and pose inherent risks. Additionally, due to network performance, we have intentionally refrained from turning on or fully activating SSL/TLS inspection capabilities.C. Our data-center and campus networks rely on consolidated network-security firewall technology and we are inspecting the majority of SSL/TLS traffic for malicious code. But our branch and remote office networks run on disparate network-security technologies that leverage expensive MPLS bandwidth and are based on point security and network solutions that lack integration while delivering subpar protection.D. We have end-to-end network security integration from the data center to the remote branch office. The latter includes SD-WAN capabilities that are fully integrated into the next-generation firewall infrastructure at each branch. MULTI-CLOUD SECURITY 5. Which one of the following best describes your data center or cloud strategy and security approach?A. We currently have a traditional "data-center-only" model in place with on-premises security. We've made no plans for cloud adoption or extending security to cloud environments and believe we are not exposed to cloud risks.B. Our data center has evolved to include only a private cloud (virtualization, SDN) with on-premises security only. We currently do not permit public cloud initiatives and believe we have no threat exposure.C. We have adopted a mix of both private and public cloud technologies and manage our cloud security in a silo. We lack security visibility into each cloud environment and across each cloud and struggle to measure the risk posed by our cloud adoption.D. We have an extensive mix of private and public clouds and maintain a multi-cloud environment. We maintain unified security and single-pane-of-glass visibility that includes centralized policy controls across our entire organizational infrastructure. MANAGEMENT AND ANALYTICS 6. Which one of the following best describes your security management and analytics?A. Our management and analytics tools are largely in silos and do not scale to address the challenges of the advanced threat landscape. We lack transparent visibility across the entire attack surface and the ability to manage policies in a centralized manner. Additionally, our information and event management is reactive, as we must manually pull and aggregate data.B. We have centralized security management and analytics but lack a security information and event management (SIEM) capability. We also are not using automation to minimize operational impact and to address security events proactively.C. While we have SIEM and centralized security management, our network and security operations teams struggle to correlate data and communications with each other (manual versus automated). This increases inefficiencies while slowing our response to threats.D. We have integrated security management and analytics and have automated tracking and reporting of compliance and threat intelligence. This provides us with a proactive risk posture while enabling us to scale our security staff/skills. ENDPOINT SECURITY 7. Which one of the following best describes your endpoint security posture?A. We lack comprehensive endpoint visibility and are unable to track device vulnerability and compliance status. Our endpoint security lacks significant integration points with our broader security elements, and threat-intelligence sharing is too often reactive.B. We are not very happy with our current solution for endpoint security, but we are hesitant to go through the trouble of ripping and replacing it. We cannot monitor our endpoints and track and report based on regulatory and security standard requirements. Additionally, we struggle to respond to broad attacks and breaches with speed, efficiency, and efficacy.C. We use some form of isolated/siloed endpoint security, but we need to do a better job of patching and mitigating vulnerabilities. We are still concerned about malware intrusions (such as ransomware) that could evade device protection and then spread through the network.D. We take a best-of-breed approach to endpoint security and supplement it with next-generation antivirus or endpoint detection response capabilities. Our solution integrates with the broader security architecture for coordinated defenses to protect the network from inadvertent endpoint-borne infections. INTERNET OF THINGS 8. Which one of the following best describes your Internet of Things (IoT) posture?A. We do not have any IoT devices because we do not allow them for security reasons. B. We have a BYOD policy and management controls, but still need to develop and implement an effective security strategy for IoT-based threat exposures. We lack IoT visibility and cannot control or track what IoT devices are connected to our network. C. While we manage known IoT devices, there may be some Shadow IoT connected to the network that we are unaware of. Our current security posture does not provide comprehensive visibility, and we can control and track only some IoT devices. Additionally, we are unable to measure risk posed by IoT to our overall risk posture.D. We have complete IoT device visibility from end to end across our organization. Our security architecture includes capabilities for inventorying and monitoring all connected IoT products, wherever they occur. It also supports access controls and automated responses to mitigate potential risks. UNIFIED ACCESS 9. Which one of the following best describes your organization's switching and wireless networks?A. Our switching and wireless networks are each managed by separate stand-alone solutions. We lack transparent visibility and centralized controls that increase risk and inefficiencies. Additionally, our switching and wireless networks are only loosely connected to our broader security infrastructure.B. Our switching and wireless networks are managed cohesively by a single stand-alone solution. But our switching and wireless networks are not integrated into our broader security infrastructure. This slows threat-intelligence sharing and impedes security staff productivity.C. Our switching and wireless networks are managed cohesively as an integrated feature in a firewall or unified threat management (UTM) solution. However, we do not have automated security policy management and threat-intelligence sharing. This creates inefficiencies while impacting our risk management posture.D. Our switching and wireless networks are managed cohesively as an integrated feature in a firewall or unified threat management (UTM) solution. This includes best-of-breed capabilities and integration with security elements for automatically responding to security threats. MAIL SECURITY 10. Which one of the following best describes your organization's email security strategy?A. Our email security has been in place so long that I am not sure how effective it is against the latest sophisticated threats and attack strategies.B. We have outsourced our email to a cloud provider (e.g., Microsoft Office 365, Google G Suite) and they handle the security. Thus, our mail security resides within its own silo and we have little threat-intelligence sharing between email and our broader security infrastructure. We also only block known threats and lack a cohesive strategy for dealing with unknown or zero-day threats.C. We recently improved our mail security posture to ensure that we have the latest protections in place—including sandboxing, content disarm, and impersonation analysis. But we still lack the ability to address the full life cycle of attacks that includes automatic threat-intelligence sharing with the entire security infrastructure.D. Our current email security includes all of the latest protections (e.g., sandboxing, content disarm, impersonation analysis, etc.). In addition, it includes threat-intelligence sharing that allows us to address mail security issues across the full attack life cycle in real time. ADVANCED THREAT PROTECTION 11. Which one of the following best describes your defense against advanced threats?A. While we have deployed individual solutions such as network firewalls, endpoint security, email gateways, and web application firewalls, we are not sure if these are enough to protect against the latest advanced threats. We have signatures and processes for detecting known threats but nothing in place to identify and remediate unknown or zero-day threats.B. We have upgraded one or two stand-alone security controls that integrate with advanced threat protection to respond to the latest sophisticated threats. However, our ATP does not cover all of our different security areas and that which is deployed is in silos. Threat intelligence gathered in the sandboxes is also not shared in real time with our broader security infrastructure.C. We have upgraded all of our security controls to respond to both known and unknown threats, but these controls are not integrated into the organization's broader security architecture. While we have sandboxing deployed in each of our different security areas, these are each managed in silos and threat-intelligence is inhibited.D. We have a fully integrated security architecture that can respond to both known and unknown threats and share intelligence in real time. This extends across all on-premises, cloud, and virtualized environments from end to end across our organization. Our sandboxes are integrated and share intelligence with each other and across our security infrastructure in real time.