Skip Links

Network World

Jon Oltsik

IT Networking Organizations In a State of Transition

Data center networking discontinuity is driving cross-IT collaboration, tasks, and skills requirements
Submitted by joltsik on Thu, 02/09/12 - 2:11pm.

In a number of recent blogs, I’ve described an ESG thesis called data center networking discontinuity. Simply stated, data center networking discontinuity describes the growing gap between data center scale and complexity on one hand and legacy data center networking equipment and manual management and operations on the other.

Read more

Software-Defined Networking Evolution (Not Revolution) Under Way

Service providers may jump but enterprises need a smooth migration path
Submitted by joltsik on Tue, 02/07/12 - 11:15am.

Is it too early or too late to declare 2012 the year of SDN? A few weeks ago, IBM and NEC introduced integrated technologies around OpenFlow for enterprise data centers. Last week, HP announced OpenFlow support with 16 switch models. Finally, early this week, Nicira went public with its Distributed Virtual Network Infrastructure (DVNI).

Read more

Anticipating the RSA Conference 2012

Serious discussions and massive marketing hype starts on February 27
Submitted by joltsik on Thu, 02/02/12 - 1:41pm.

It’s now February although you’d never know it from the balmy winter here in Boston. Aside from Valentine’s Day, February is significant because it is when security geeks from around the world get together in San Francisco for the RSA Conference.

The show doesn’t start until 2/27 but you can feel the anticipation in the air across the whole security community. That’s a good thing since 2011 was an especially difficult year – some have even labeled it, “the year of the breach.” Hmm, what happens if 2012 is even worse – which is not unlikely?

Read more

F5 Shakes Up the Firewall Market

Potential game changer but lots of work remains
Submitted by joltsik on Wed, 02/01/12 - 9:19am.

The high-end of the firewall market has really been dominated by two companies: Crossbeam Systems (with Check Point Software) and Juniper Networks. Over the past few years, these two firms won most of the high revenue/high margin enterprise and service provider deals.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

Read more

Cybersecurity Lessons from the Battlefields of Europe

Defenses, skills, and tactics must adjust to technology shifts
Submitted by joltsik on Tue, 01/31/12 - 9:25am.

At the beginning of WWI, battlefield tactics had not advanced much since the U.S. Civil War. The general goal was to continually advance on the enemy with waves of infantry attacks and eventually break through the lines by overwhelming enemy defenses.

Read more

My Thoughts on IBM, NEC, and OpenFlow

Announcement builds momentum and brings SDN to the enterprise
Submitted by joltsik on Wed, 01/25/12 - 2:56pm.

IBM and NEC announced this week that the two companies will work together to offer networking solutions based upon SDN and OpenFlow. IBM provides the switches which are integrated with the NEC Programmable Flow Controller.

To me, this is bigger than just a press release and some joint marketing programs. Here’s why:

Read more

Information Security Budgets Will Increase in 2012

Submitted by joltsik on Tue, 01/24/12 - 10:56am.

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year.  Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Read more

Information Security Budgets Will Increase in 2012

Submitted by joltsik on Tue, 01/24/12 - 10:56am.

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year.  Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Read more

Information Security Skills Shortage Continues

Large enterprises feel the pain most acutely
Submitted by joltsik on Thu, 01/19/12 - 2:26pm.

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. One of the things we track is IT hiring plans in all areas including IT security.

In 2011:

• 35% of all mid-market and enterprise organizations planned on hiring security staff

• 22% believed they had a “problematic shortage” of security skills at their organizations

The situation has not improved at all over the past year. In 2012:

• 39% of mid-market and enterprise organizations plan on hiring security staff

Read more

Data Center Networking Discontinuity Impacts Network Security

Data center scale and complexity is no match for existing security controls
Submitted by joltsik on Wed, 01/18/12 - 11:09am.

Data center consolidation and server virtualization are creating data centers of massive scale, and thus radically changing the data center environment. Unfortunately, legacy data center networking equipment was not designed for this type of scale and dynamic use case. ESG calls this state data center networking discontinuity.

Read more

Data Center Networking Discontinuity

Data center environmental changes will open the door for technologies like fabric architectures, SDN, and OpenFlow in 2012
Submitted by joltsik on Wed, 01/11/12 - 4:01pm.

Why did dinosaurs become extinct? I’m no paleontologist but allow me to provide an over-simplified explanation: When the environment went through radical alterations, dinosaurs couldn’t adequately adapt to these changes. In a binary, “adapt or die” world, the dinosaurs died.

A similar binary situation is developing with data center networks. On the one hand, the environment is going through some radical changes. According to ESG Research:

Read more

ESG Video Highlights APT Research

Video talks about cybersecurity threats and their impact on enterprises and society
Submitted by joltsik on Thu, 01/05/12 - 11:41am.

I've written many blogs about the recently-published ESG Research Report, U.S. Advanced Persistent Threat Analysis, but there is a lot of data I haven't detailed. Since I can talk faster than I can type, ESG just posted this video that highlights the report data and some of its most important implications (http://www.esg-global.com/2011/11/apt/?utm_source=Homepage&utm_medium=Sl...). Let me know what you think.

2012 Should Be The Year of Security Incident Response

Large organizations need best practices for inevitable security events
Submitted by joltsik on Tue, 01/03/12 - 1:14pm.

According to ESG Research, 20% of large organizations are certain that they’ve been the target of an APT attack while another 39% say that it is likely they have been targeted. Can organizations detect and react to sophisticated attacks like APTs?

Unfortunately, the answer is likely “no” in both cases. ESG asked 244 security professionals working at enterprise (i.e. more than 1,000 employees) organizations to define their biggest incident response challenges. The list indicates both IT and organizational weaknesses. On the technical side:

Read more

APTs: Unfortunately, There Is No Silver Bullet Solution

ESG Research illustrates best security practices for people, process, and technology
Submitted by joltsik on Mon, 12/19/11 - 2:57pm.

Since publishing the ESG Research Report, U.S. Advanced Persistent Threat Analysis, I’ve been asked one question over and over: How can large organizations protect themselves against APTs?

Good question but I find that most people who ask me this are expecting a simple answer. This attitude may have historical roots: Want to get rid of pesky SPAM emails? Buy a SPAM filter. Unfortunately, there is no magic bullet here so don’t believe any vendor who tells you otherwise.

Read more

Access to Social Networking Sites Increases the Risk of APTs

Security professionals try to address this but young workers often find loopholes
Submitted by joltsik on Thu, 12/15/11 - 11:03am.

If you are reading this blog, you should also peruse Jim Duffy’s blog about the security behavior of young adults. Jim highlights a Cisco research study that reveals the callous indifference young people have for workplace IT and security policies.

Read more

Cybersecurity demands an ounce of prevention and a pound of cure

Risk management must be accompanied by strong incident response
Submitted by joltsik on Wed, 12/14/11 - 10:16am.

What’s the best way to protect against security incidents? Most security professionals would agree with the old colloquialism that, “an ounce of prevention is worth a pound of cure.” The theory here is that if you lock down your IT infrastructure, applications, and sensitive data, you’ll make it much harder for bad guys from the start.

Read more

Some Thoughts on The SANS 20 Critical Security Controls

My input on a few of these focused and highly intelligent security recommendations
Submitted by joltsik on Mon, 12/12/11 - 12:01pm.

As I transitioned from the weekend to the work week last night, I settled down to review the 20 Critical Security Controls (v3) published by the SANS Institute. If you haven’t seen this list, you really should take a look as it’s an extremely focused, well written, metrics-based strategy for protecting your organization against the most likely security risks.
The first two controls are:

1. Inventory of authorized and unauthorized devices.
2. Inventory of authorized and unauthorized software.

Read more

Blue Coat Goes Private

Company is in good shape for next phase
Submitted by joltsik on Fri, 12/09/11 - 11:10am.

Early this morning, I received a press release announcing that Blue Coat Systems was being acquired by private equity firm Thoma Bravo for approximately $1.3 billion. This news didn’t surprise me. Blue Coat recently posted good quarterly revenue numbers and all indications are that its financial and operational woes were in the past.

In addition to its financial progress, I believe that Blue Coat is positioned for strong growth over the next few years because:

Read more

Changes Coming To The CISO Position

Security executive role needs fine tuning
Submitted by joltsik on Wed, 12/07/11 - 1:52pm.

It’s that time of year when industry experts of all types look into their crystal balls and make bold predictions for what’s coming in 2012. As far as security goes, lots of these predictions will center on threats (i.e. new attacks patterns, malicious code, etc.) and defenses (i.e. security technologies, services, etc.). Allow me to make offer a trend that has nothing to do with either area.

Read more

Automated Security Remediation On The Rise

APTs are driving more use of security technology aids
Submitted by joltsik on Mon, 12/05/11 - 12:01pm.

APTs and other types of sophisticated attacks are undoubtedly changing information security processes, technologies, and skills, but ESG found another interesting transition in progress: Given the volume, sophistication, and surreptitious nature of APTs, large organizations are apparently willing to adopt more automated security technologies as a means for attack remediation.

Read more

About Networking Nuggets and Security Snippets
Jon Oltsik is a principal analyst at Enterprise Strategy Group responsible for the networking and security services at ESG. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. Mr. Oltsik previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all marketing activities and defined the company’s strategic vision. Jon was also a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics. In this role, he was frequently quoted in business journals, including the Wall Street Journal, Business Week, and the New York Times, and was also the recipient of a prestigious "best research" award for his breakthrough report, "The Internet Computing Voyage."
 

Most Discussed Posts