A take on information security reports

There are almost as many information security reports out there as the number of security vendors. Keeping up to date about these reports could be a challenge and sometimes these reports may become an information overload for security professionals.

Verizon Data Breach Investigations Report (DBIR) provides the largest data set and trends analysis for data breaches. Other reports also provide useful information if one knows where and what to look for and which reports are relevant.

We can place these reports in the following major categories:

  1. Reports Based Upon Data – Reports based upon real data collected from the field
  2. Survey Reports – Reports based upon surveys and opinion of security professionals
  3. Technology Specific Reports – Some reports that are specific to certain technologies like DDoS, or Web Applications
  4. Research Reports – Examples include Ponemon Institute’s report on cost of data breaches

Following is a summary of some of these reports.

Verizon DBIR

Verizon Data Breach Investigations Report or DBIR is the leading source of data on data breaches and is based upon investigation performed by Verizon and a large number of Verizon partners. Verizon uses VERIS (Vocabulary of Event Recording and Incident Sharing) framework to collect and analyze data. VERIS, a free framework designed by Verizon, is being used by many organizations. The report is a must read and very well respected in information security profession. It analyzes trends and provides recommendations to stop data breaches, early detection, and reducing cost if a data breach does happen.

Symantec Internet Security Threat Report

The report notes numerous ways Symantec collects data used for this report (combination of data from Symantec products, managed services, and third party data sources). Symantec also uses its vulnerability database, spam, phishing, and malware data according to this report. The report analyzes these data sources and has useful information.

McAfee Labs Threat Report

“Millions of mobile app users are still exposed to SSL vulnerabilities”, states the latest McAfee Labs Threat Report. Like Symantec, McAfee also collects data from a large install base of its products across the globe. McAfee Labs, which is part of Intel now, delivers this report based upon analysis of this data.

McAfee report covers some specific topics and statistics and is an interesting read for InfoSec professionals.

RSA Breach Readiness Report

RSA Recently published an e-book to identify gaps in breach readiness. This report is based upon interviews and opinions of executives from large number of organizations. The report shows gaps in areas of (a) incident response, (b) content intelligence, (c) analytics intelligence, and (d) threat intelligence. The report notes that people and processes are more important than the technology when it comes to incident response.

Trustwave Global Security Report

Trustwave global security report is based upon data collected by Trustwave from its own intelligence gathering and investigations. The report shows trends of data breaches based upon Trustwave’s data set.

FireEye and Mandiant Reports

FireEye and Mandiants also publish their reports. The latest 2015 M-Trends Report provides some interesting statistics about the state of information security. This reports shows trends that FireEye is seeing in the marketplace. It also includes a detailed case study.

Imperva Web Application Attack Report

Web applications attack report is very interesting for those who are interested in web applications security. I would strongly recommend reading Imperva report which shows web application attack methods and analysis. It provides analysis of attack vectors and issues with different technologies/frameworks.

Arbor Networks DDoS Reports

Arbor Networks report on DDoS is a good read for people focused on network security.


A number of other reports are available from vendors like Cisco, PwC, E&Y. I have included some URLs for these reports below. With so much information being put forward from different vendors, it may feel like information overload. Information provided in these reports is helpful depending upon one’s interests and needs. However, each business is different and care must be exercised in using the data provided by these reports in a specific context.


About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in InfoSec and tagged , , . Bookmark the permalink.

Comments are closed.