Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets

  • Best-of-breed security products still dominate -- kind of

    Network World - Networking Nuggets and Security Snippets
    The history of security purchasing centers around best-of-breed products. With each requirement, security professionals would research products, review third-party tests, bring in products for internal testing, and buy those that exhibited a superior ability to prevent, detect, or respond to cyber attacks.Fast forward to 2018, and the cybersecurity market is in a state of transition. Over many years, large organizations have accumulated numerous independent security products, making security operations extremely difficult. ESG research indicates that 36 percent of organizations use between 25 and 49 individual security technologies (i.e. commercial, open source, and homegrown security technologies), while 19 percent use more than 50 products. (Note: I am an employee of ESG.) Security operations challenges have prompted a wave of security consolidation — 22 percent of organizations are actively consolidating security technologies (and vendors) “on a large-scale basis,” while 44 percent are consolidating on a limited basis.To read this article in full, please click here

  • 8 features a cybersecurity technology platform must have

    Network World - Networking Nuggets and Security Snippets
    In a blog post I wrote in August — The most important attributes of a cybersecurity platform — I listed the eight attributes that my colleague Doug Cahill and I believe are critical for a cybersecurity technology platform. The blog post also ranks the eight attributes according to a recent survey of 232 cybersecurity professionals working at enterprise organizations (i.e. those with more than 1,000 employees).It was recently pointed out to me that while I listed the attributes, I did not define them. My apologies for the oversight, so here again is the list of attributes (along with the percentage of survey respondents that rated them as most important) along with definitions for each one.To read this article in full, please click here

  • Cybersecurity professional impressions on cloud-native security

    Network World - Networking Nuggets and Security Snippets
    In a recent research survey, my employer ESG asked a panel of 232 security and IT professionals a series of questions about cloud-native security (i.e. security controls, management, and monitoring options built into cloud infrastructure and offered by cloud service providers).  Here are a few of the data points we uncovered:
    Fifty-seven percent of survey respondents believe that the native security controls provided by cloud service providers (CSPs) are sufficient in some but not all cases. In other words, cloud-native security controls must be supplemented with third-party enhancements occasionally or even regularly.  This speak to a need for cloud security managers of managers – especially in enterprise organizations with multi-cloud environments.
    It appears that survey respondents see a master/slave relationship for cloud services and related cloud security controls. More than half (56%) of cybersecurity and IT professionals believe that security controls provided by a CSP should also support other IaaS/PaaS environments.  So, if 75% of my cloud workloads reside on AWS and 25% reside on Azure and GCP, I probably want to control all cloud-resident security controls through an AWS interface rather than control each security domain separately.
    Not surprisingly, 38% of those surveyed say that the use of multiple CSPs tends to require some third-party security controls for central policy and configuration management of distributed (and heterogeneous) cloud-native security controls. One again, a manager of managers.
    When asked to identify areas where cloud-native security controls need improvement, 32% say network intrusion detection/prevention, 32% say data loss prevention, and 31% say data encryption. Yes, many CSPs can provide controls in these areas but security professionals find these offerings limited and tend to opt for third-party controls with superior feature/functionality.

    My takeaway is that cloud-native security controls are often used as a matter of convenience and probably good enough for organizations betting on a single CSP.  This may characterize mid-market organizations, but it is a mismatch for enterprises.  Thus, enterprises will continue to anchor cloud security with third-party security management tools for the foreseeable future.To read this article in full, please click here

  • McAfee’s Vision at MPower

    Network World - Networking Nuggets and Security Snippets
    I wrapped up my 3-week tour of the cybersecurity industry with a stop in Las Vegas for McAfee MPower.  Here are a few of my take-aways from the event:
    McAfee now positions itself as, “the device to cloud security company.” What this really means is that McAfee will focus on the security of endpoints, cloud assets (i.e. IaaS, PaaS, SaaS) and the security services that connect the two together (i.e. DLP, CASB, proxy services, etc.).  
    McAfee is also betting on security from the cloud with its MVision series of products. MVision moves the control and management plane from customer premises to the cloud, alleviating the need for customers to invest in security technology infrastructure. The MVision lineup includes MVision ePO, MVision endpoint, and MVision mobile.  At MPower, McAfee added MVision EDR and MVision Cloud to the portfolio.  To be clear, MVision is an option, not a mandate.  In other words, customers can still deploy McAfee’s on premises products if they choose to.  MVision simply gives them an option for security from the cloud or hybrid options. 

    ESG sees tremendous growth in cloud-based security options as organizations eschew complex security technology infrastructure deployment, maintenance and operations.  MVision certainly maps to this trend.  McAfee also made sure to provide a simple on premises to cloud migration path for existing customers.  For example, MVision ePO migration can be automated through a series of commands and project steps that move ePO accounts to the cloud.  This orchestrated migration should help McAfee retain and delight its customer base.  Finally, McAfee believes that MVision will become a nexus for its innovation, product integration, and partner integration moving forward.  I can’t really argue with this viewpoint. To read this article in full, please click here

  • Cybersecurity Trends – With Trend Micro

    Network World - Networking Nuggets and Security Snippets
    Last week, Trend Micro came to Boston for its annual Trend Insights industry analyst event.  The company provided an overview of its business, products, and strategy.  Here are a few of my take-aways:
    Trend is prepared for the next chapter in endpoint security. To maintain its market leadership, Trend Micro is rolling out ApexOne, its newest endpoint security product.  ApexOne provides more prevention/detection capabilities while consolidating all endpoint security functions onto a single agent.  Trend has also decided to swim against the industry tide by including EDR as part of its core commercial endpoint security product, thus all customers who upgrade will get Trend EDR, alleviating the need to shop elsewhere.  ApexOne will be an easy decision for existing Trend Micro customers and may be an attractive alternative for CISOs looking for an endpoint security solution will all the bells and whistles.
    Trend product strategy: Better together. Trend talks about connected threat defense which brings together several its individual endpoint, network, and cloud products together as an integrated cybersecurity technology architecture.  Good timing as ESG research indicates that 62% of organizations would be willing to buy a majority of their cybersecurity products from a single enterprise-class vendor.  For example, TippingPoint IDS/IPS is tightly integrated with Deep Discovery, Trend’s malware detection sandbox while Deep Security, Trend’s cloud workload security offering integrates with both of these products.  As part of its business strategy, Trend is working with customers to replace discrete point tools with Trend products and reap integration benefits like improved threat prevention/detection while streamlining security operations.
    Moving toward managed services. While Trend engineered its EDR offering for ease-of-use, it recognizes that many organizations don’t have the resources or skills to deploy, learn, or operate detection/response tools on their own.  To work with these customers, Trend Micro is rolling out a managed detection and response service (MDR) as a complement to its products.  Furthermore, Trend is spinning out a new company called Cysiv which offers several other advanced managed security services.  With these moves, Trend is demonstrating that it wants to play a direct role in the growing market for security services – rather than an indirect role as an arms dealer alone.
    All in on cloud security. Trend Micro jumped on the server virtualization and cloud computing bandwagons early by forming tight partnerships with VMware, Amazon, and Microsoft.  Now that every other established vendor and VC-backed startup are all-in on the cloud, Trend is moving beyond basic cloud security support.  For example, Trend cloud security products are tightly-coupled with its connected threat defense for prevention/detection.  From a cloud perspective, Trend has gotten very familiar with application developers and DevOps to make sure that Trend cloud security products fit seamlessly into a CI/CD pipeline.  Trend has also expanded its purview to cover containers micro-services, and even cloud-based application security.  In this way, Trend Micro is aligning with cloud innovation and culture – not just hawking security products.
    More business investment. Over the past 5 years, Trend Micro business has gone through some significant shifts.  For example, a larger percentage of the company’s revenue comes from commercial sales rather than consumer sales, while Trend has seen rapid market growth in North America.  Trend Micro will hire engineers, expand sales staff, and service channel partners to keep this momentum going. 

    In my humble opinion, Trend Micro remains a bit of a diamond in the rough – its security expertise and advanced technologies are not as well known in the market as they should be.  This may be due to Trend’s engineering focus and humble corporate culture.  With the security market on fire however, Trend Micro needs to do more to get the word out as it’s too easy to get lost in the cacophony of noise coming from the security technology market these days.To read this article in full, please click here

  • Ten Take-Aways from the Splunk User Conference

    Network World - Networking Nuggets and Security Snippets
    I spent the early part of this week in Orlando, attending Splunk .Conf 2018.  Here are a few of my take-aways:
    Splunk articulated a vision of security analytics/operations for 2020 that included 10 areas:

    Data ingestion. Collecting and processing a growing body of security telemetry.
    Detection.  Finding and blocking known threats
    Prediction.  Using advanced analytics to identify new attacks and then spreading the warning around to all connected customers.
    Automation.  Automate all pedestrian tasks and accelerate more complex tasks.
    Orchestration.  Use APIs to connect security controls together for investigations and remediation actions.
    Recommendation.  Monitor and record security operations and then recommend proven actions to the SOC team.
    Investigation.  Provide intuitive tools to figure out what cyber-attacks are happening and why they are happening.
    Collaboration.  Offer a workbench for security operations while connecting to collaboration tools like Slack.
    Case management. Deliver a security-centric tracking system that spans security incident management lifecycles. 
    Reporting.  Providing a central place to measure all aspects of reporting.



    I would add integration (i.e. SOAPA functionality for data management services, software services, etc.) and outsourcing (i.e. choosing which security operations tasks to delegate to partners), but Splunk’s list is pretty complete.To read this article in full, please click here

  • Cloudy future for security analytics

    Network World - Networking Nuggets and Security Snippets
    When you think of security analytics and operations, one technology tends to come to mind — security information and event management (SIEM). SIEM technology was around when I started focusing on cybersecurity in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include AlienVault (AT&T), IBM (QRadar), LogRhythm, McAfee, and Splunk.SIEM has greatly improved over the last 16 years, but the underlying architecture remains similar. SIEM is composed of a data management layer designed to collect and process raw security data. Once the data is processed, it becomes available for upper layers of the stack for data analysis and actions like automated/orchestrated processes.To read this article in full, please click here

  • Form Factor Wars: Cloud-based or On-premises Security Technologies?

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity professionals are paid to be paranoid and tend to want to control everything they can to minimize surprises or third-party dependencies.  This has always been the case with regards to security technology.  Historically, CISOs mistrusted managed services, preferring instead to “own” the deployment and operations associated with their security technologies. While cultural attitudes toward security control remain today, demand- and supply-side changes are influencing new security technology decisions. On the demand-side, CISOs are coping with a global cybersecurity skills shortage.  According to research from ESG and the Information Systems Security Association (ISSA), the skills shortage has an impact on around 70% of organizations, increasing the workload on security teams, forcing them to focus the bulk of their attention on high priority alerts only.  This means that while CISOs may want to “own” everything, they don’t have the resources to do so. To read this article in full, please click here

  • 5 biggest cybersecurity challenges at smaller organizations

    Network World - Networking Nuggets and Security Snippets
    Hello, dedicated readers! My blog is back from a restful week’s vacation on Cape Cod and ready to tackle the falling leaves, changing temperatures, and cybersecurity issues of autumn.Back in August, I wrote a few blog posts about cybersecurity trends in small and mid-sized organizations (i.e. between 50 and 499 employees). The first blog post looked at the state of cybersecurity at SMBs, and the second post examined what SMBs are doing to address these issues.To read this article in full, please click here

  • CISOs recommend future actions for their organizations

    Network World - Networking Nuggets and Security Snippets
    Each year, ESG conducts a research project with the Information Systems Security Association (ISSA) on the mindset of cybersecurity professionals. (The 2017 report is available here.) As part of last year’s research, we asked respondents to identify the top actions their organizations should take in the future to improve cybersecurity. We then looked at this data based upon respondents’ roles, so we could look at the specific recommendations from CISOs (or other titles with equivalent job descriptions). To read this article in full, please click here