I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so they will likely focus on real-time big data analytics investments in 2014. Read more
As the old adage states, “security is a process, not a product.” True, but understated. In reality, enterprise security is a plethora of processes requiring constant management and oversight. Your organizations can be fabulously adept in 99% of all security processes but weaknesses in the remaining 1% can still result to massive vulnerabilities.
In a recent research survey, ESG asked enterprise security professionals (i.e. more than 1,000 employees) to pinpoint security process weaknesses as they relate to malware prevention. Here are the top five weaknesses identified:
Nearly every day, some security vendor reaches out to me describing how its products and services could have prevented the Edward Snowden public-disclosure of NSA surveillance programs. These vendors talk about strong authentication, privileged account auditing, sensitive data controls, etc.
A few years ago, IBM’s information security assets were haphazardly scattered throughout its business units. RACF sat with the mainframe crew, IAM lived within the Tivoli group, and what remained of ISS gathered dust within IBM Global Services (IGS). Read more
A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last vendor to embrace this type of architecture. In fact, just about everyone now has a toe in the cloud-based security intelligence pool. For example, Blue Coat promotes its WebPulse security intelligence, Cisco champions its Security Intelligence Operations (SIO), and Symantec trumpets DeepSight. Read more
Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.
It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO. Read more
We analysts are known for our bold predictions about the future. Well here’s one from me though I don’t really think it is the least bit audacious. In a few years, we will look back at the iPhone 5s as a milestone in terms of biometrics, strong authentication, and a wave of new types of trusted applications.
We’ve all read the marketing hype about “shadow IT” where business managers make their own IT decisions without the CIO’s knowledge or approval. According to ESG research, this risk is actually overstated at most organizations but there is no denying that IT is getting harder to manage as a result of BYOD, cloud computing, IT consumerization, and mobility.
As these trends perpetuate, CISOs find themselves in the proverbial hot seat – it’s difficult to secure applications, assets, network sessions, and transactions that you don’t own or control. Read more
According to ESG research, 66% of enterprise security professionals believe that the U.S. federal government should be doing “significantly more” or “somewhat more” to help the private sector cope with the current cybersecurity situation and threat landscape.
Okay but what exactly should the feds be doing? Here is some additional research on enterprise security professionals’ suggestions for the U.S. federal government along with my editorial comments:
Now that the federal government is working again, I was wondering: What ever happened to cybersecurity legislation? As far as I can tell the Cybersecurity Act of 2013 (S.1353) and CISPA are dead-in-the-water right now. Why? Edward Snowden and NSA programs put the kybosh on public trust (especially International trust) and Congress has other things it would rather fight about.
When you think of the leading enterprise security vendors, which companies come to mind? Perhaps it’s the network security crowd like Check Point, Cisco, and Juniper. Maybe it’s the big system vendors like HP and IBM, or it could be traditional security firms like McAfee and Symantec. These are the usual suspects here in North America, but it may be high time to include a company that already has this profile in Asia – Trend Micro.
ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).
With the glitz and glamour of Las Vegas as a backdrop, McAfee rolled out its Advanced Threat Defense (ADT) strategy last week.
Yes, McAfee now offers a sandboxing appliance of its own but it would be foolish to judge this announcement as a security device release alone. McAfee’s ATD is actually an integrated architecture that goes beyond detection. McAfee’s ATD message is actually, “find, freeze, fix,” which is meant to describe:
According to ESG research, 49% of enterprise organizations suffered a successful malware attack over the past two years (note: “successful” implies that the malware compromised an IT asset and caused some type of impact such as a system re-imaging, data theft, downtime, etc.). Of these firms, 20% suffered 10 or more successful malware attacks.
When IBM distributed its operating system in the 1950’s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.
One of the most famous quotes attributed to Sun Tzu is, “If you know your enemy and know yourself, you need not fear the results of a hundred battles.” This statement should certainly apply to the current cyber threat landscape. Security professionals should have strong knowledge about new types of malware, the cybercrime market, and the tactics used by cyber adversaries so they can design and implement the appropriate countermeasures.
I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.
Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it. Read more
Most experts agree that security technologies based upon signature files (DATs) alone can no longer provide adequate security protection. Why? There is simply too much malware volume so it’s harder for the security industry to keep up with the bad guys. Furthermore, polymorphic and metamorphic malware is designed to change its appearance. You can’t match a pattern if the pattern keeps changing.
Last week, Cisco announced that it was forming a services group to deliver professional and managed security services. The company also announced that hiring of Bryan Palma as Senior VP and GM to lead this new group. Palma comes to Cisco from Boeing where he held the title of VP of cyber and security solutions.