Top IT Security Bloggers
Network World - Networking Nuggets and Security Snippets
-
North Dakota: An innovative and leading cybersecurity state
Network World - Networking Nuggets and Security SnippetsWhen you think of U.S. states exhibiting cybersecurity leadership, which ones come to mind? For me, I’d place Maryland at the top of the list, followed by California, Massachusetts, Virginia, Georgia, and a few others. In my view, those states exhibit good efforts around cybersecurity innovation and public/private partnerships.Now, if you pinned me down and asked me to continue my list, I’m not sure where I’d place North Dakota, a state with a population of 755,000. Until recently, I had no knowledge or opinion on the state’s cybersecurity position whatsoever. That changed when someone from the office of the CIO in North Dakota read one of my blog posts about the cybersecurity skills shortage and reached out to fill me in on the state’s cybersecurity efforts. As it turns out, North Dakota is doing quite a bit.To read this article in full, please click here -
5 threat detection and response technologies are coming together
Network World - Networking Nuggets and Security SnippetsThreat detection and response is hard and getting harder. According to ESG research, 76% of cybersecurity professionals claim that threat detection and response is more difficult today than it was two years ago, so this situation may only get worse in the future (note: I am an ESG employee).Why are threat detection and response processes and actions so challenging? One of the primary reasons is that many organizations approach threat detection and response through a maze of disconnected point tools. In fact, ESG research indicates that 66% of organizations agree that threat detection/response effectiveness is limited because it is based upon multiple independent point tools.To read this article in full, please click here -
The growing demand for managed detection and response (MDR)
Network World - Networking Nuggets and Security SnippetsAccording to ESG research, 82% of cybersecurity professionals agree that improving threat detection and response (i.e. mean-time to detect (MTTD), mean-time to respond (MTTR), etc.) is a high priority at their organization. Furthermore, 77% of cybersecurity professionals surveyed say business managers are pressuring the cybersecurity team to improve threat detection and response. (Note: I am an ESG employee.)So, what’s the problem? Threat detection and response ain’t easy. In fact, 76% of those surveyed claim that threat detection and response is either much more difficult or somewhat more difficult than it was two years ago. Why? Cybersecurity professionals point to issues such as an upsurge in the volume and sophistication of threats, an increasing cybersecurity workload, and a growing attack surface. Oh, and let’s not forget the impact of the cybersecurity skills shortage. Many firms lack the right staff and skills to make a significant dent in this area.To read this article in full, please click here -
Endpoint security is consolidating, but what does that mean?
Network World - Networking Nuggets and Security SnippetsIn 2017, my colleague Doug Cahill conducted research on endpoint security. Back then, the research indicated that 87% of organizations were considering a comprehensive endpoint security suite rather than several disconnected endpoint security point tools.Just a few months ago, I did a research project of my own on threat detection and response. When survey respondents were asked to identify the most attractive endpoint detection and response (EDR) option, 52% of organizations prefer EDR technology that is tightly-integrated into endpoint prevention software from a single vendor, while 29% would look for EDR technology that is bundled with endpoint prevention software from a single vendor.To read this article in full, please click here -
The case for continuous automated security validation
Network World - Networking Nuggets and Security SnippetsChinese military strategist Sun Tzu is quoted as saying, “if you know the enemy and you know yourself, you need not fear the results of a hundred battles.” In cybersecurity terms, that means knowing the cyber-adversaries and associated tactics, techniques, and procedures (TTPs) they use to attack your organization.Additionally, Sun Tzu’s quote extends to an organizational reflection where you must know everything about your technical, human, and even physical vulnerabilities in order to apply the best protection for critical assets.
[ Read also: What makes a good application pen test? Metrics | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here -
OpenC2 can accelerate security operations, automation, and orchestration
Network World - Networking Nuggets and Security SnippetsOver the past few years, ESG has promoted the security operations and analytics platform architecture (SOAPA). Just what is SOAPA? It's a multi-layered heterogenous architecture designed to integrate disparate security analytics and operations tools. This architecture glues incongruent security analytics tools together to improve threat detection, and then tightly couples security analytics with operations tools to accelerate and automate risk mitigation and incident response. After all, you can have great security analytics for investigations, threat hunting, and root-cause analysis, but it all means diddlysquat if you can’t use those analytics to make and execute timely incident response and risk mitigation decisions.To read this article in full, please click here -
Vulnerability management woes continue, but there is hope
Network World - Networking Nuggets and Security SnippetsI remember giving a presentation when I first started working in cybersecurity in 2003 (note: It was called information security back then). I talked about the importance of good security hygiene, focusing on deploying secure system configurations, managing access controls, and performing regular vulnerability scans. When it came to the Q&A portion of my presentation, a gentleman in the first row raised his hand. He mentioned that his company was diligent about vulnerability scanning, but then he asked me: “How do you determine which vulnerabilities to prioritize and which ones to ignore?”I don’t remember exactly how I responded, but I am certain that my answer wasn’t very good.To read this article in full, please click here -
The cybersecurity technology consolidation conundrum
Network World - Networking Nuggets and Security SnippetsIf you are in the cybersecurity market, you’ve heard (or read) about the point tools problem hundreds – nee thousands – of times. Enterprise organizations base their cybersecurity defenses on dozens of point tools from different vendors. These point tools don’t talk to one another, making it difficult to get a complete end-to-end picture for situational awareness. This also leads to tremendous operational overhead, as the cybersecurity staff is called upon to act as the glue between disparate tools.CISOs aren’t taking this situation lying down. According to ESG research, two-thirds of organizations (66 percent) are actively consolidating the number of cybersecurity vendors they do business. In other words, they are willingly buying more security technologies from fewer vendors. (Note: I am an employee of ESG.)To read this article in full, please click here -
Cyber risk management challenges are impacting the business
Network World - Networking Nuggets and Security SnippetsThere was quite a bit of banter about boardroom cybersecurity actions at this year’s RSA Security Conference. No surprise here; business executives understand what’s at stake and are asking CISOs to provide more cyber risk data and metrics, so they can work with them on intelligent risk mitigation strategies.This is a positive development for the long term, but it also exposes an underappreciated issue – many organizations aren’t very good at monitoring, measuring, or mitigating cyber risk in a timely manner.
[ Read also: 12 tips for effectively presenting cybersecurity to the board | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here -
The buzz at RSA 2019: Cloud security, network security, managed services and more
Network World - Networking Nuggets and Security SnippetsLike many other cybersecurity professionals, I spent last week at the RSA security conference in rainy San Francisco. Here are a few of my impressions:
Cybersecurity and business leaders are coming together – awkwardly. Remember when we used to wish that business executives would get more involved with cybersecurity? Well, be careful what you wish for. Yup, business leaders understand there is a tight bond between digital transformation and cybersecurity and are now asking CISOs to provide the right data and metrics, so they can measure risk and implement the right controls. Alas, you can’t measure a dynamic environment like cybersecurity with static data, and most CISOs have nothing but static data. Since this situation won’t change, RSA was full of new innovations to quantify risk on a continual basis and help CISOs and business executives make better risk mitigation decisions. This is a big step in the right direction.
Every layer of the security technology stack is in play. Remember a few years ago when we were all shocked by dual exhibition floors in Moscone north and south? Well, the RSA conference addressed this by making one contiguous show floor in and between both buildings. Why so many vendors? Because every individual technology in the security technology stack is in play, driven by things like machine learning algorithms, cloud-based resources, automation, managed services components, etc. All these vendors may be a boon to industry trade shows, but they are confusing the heck out of cybersecurity pros. Instead of buzz words and hyperbole, successful vendors will invest in user education and thought leadership, offering guidance and support for customers and prospects.
The market is absolutely moving toward consolidation, integration, and platforms. CISOs I talked with at RSA have a 2019 goal of eliminating some percentage of vendors and tools from their networks, and many are just getting started. Large cybersecurity vendors are jumping on this trend with integrated cybersecurity technology platforms and moving toward enterprise license agreements and subscription-based pricing. Many of the vendors I met with are now tracking multi-product deals and incenting direct sales and distributors in this direction. To succeed, vendors need best-of-breed products that come together through central management consoles for configuration management, policy management, and reporting. It’s early on in this transition and none of the big vendors have a distinct advantage, but I predict that we’ll see a few break from the pack by 2020. Furthermore, we’ll see at least one $5 billion cybersecurity vendor by 2021.
Cybersecurity analytics meets cloud-scale. Earlier this year, I predicted that 2019 would be the year of cloud-based security analytics. At RSA, Google and Microsoft did what they could to reinforce this prophecy with announcements of Chronicle Backstory and Azure Sentinel. Both are SaaS offerings that capitalize on a cloud “home court advantage” by accommodating massive amounts of data, storage, processing, etc. Both vendors readily admit that these are Rev 1 products, but each has an aggressive roadmap. Will these announcements usurp category leaders? No. Will they disrupt the status quo in terms of architecture and pricing? Heck, yes.
Professional and managed services everywhere – by necessity. Amongst the widget vendors, there were lots of architects, consultants, designers, and managed services offerings for hire at RSA. Everyone equates this upsurge with the cybersecurity skills shortage, which is true but misses an essential point. Cybersecurity is perpetually evolving, with new demands for data analysis, scale, and incident response, risk management decision making, etc. Most organizations don’t have the advanced skills to keep up with all the change. Cybersecurity technology may be sexy, but the future of enterprise security will depend more on third-party brainpower than ever before. This may shift the balance of power (and topics) at RSA from products to services in the near future.
Cloud security immaturity continues. Large organizations are getting their arms around cloud computing technologies, but there is still a large and growing gap between the pace of general cloud innovation and security controls and skills. So, while we may be figuring out container security, we remain behind in areas such as securing microservices and the APIs they depend upon. This gap represents a true opportunity, but only for vendors who understand various cloud technologies, native controls, and what’s needed for central management. In the meantime, services vendors are acting as the tip of the spear yet again.
The network still doesn’t lie. I’m please to see a renaissance in network traffic analysis (NTA) tools. Some are based upon open-source technologies such as Bro/Zeek, Snort, and Suricata. Some use machine learning to detect anomalous/malicious traffic. Some are tightly integrated with endpoint detection and response (EDR) tools. Why network security? ESG research indicates that network security monitoring is most often the center of gravity for threat detection. In other words, SOC analysts detect suspicious activity on the network first and then pivot elsewhere for further investigation. This makes the network an important source of security truth, which in truth, it always has been. In my humble opinion, CISOs can get a big bang for their buck by implementing one of the more modern network security monitoring/analytics tools, which may be why they seemed to be ubiquitous at RSA.
One additional note: There was lots of discussion at RSA about the MITRE ATT&CK framework. Bravo! This is one industry effort where everyone seems to agree and crow about its benefits. To read this article in full, please click here