Top IT Security Bloggers
Network World - Networking Nuggets and Security Snippets
-
The most important attributes of a cybersecurity platform
Network World - Networking Nuggets and Security SnippetsWe’ve seen an ongoing cybersecurity technology trend that goes something like this:
Enterprise organizations address cybersecurity using disconnected point tools. This strategy is no longer adequate, as it impacts security efficacy and adds operational overhead.
Security teams address these problems by consolidating and integrating the security tools they use. Many are building security technology architectures a la SOAPA (i.e. security operations and analytics platform architecture).
Seeing this trend in process, security technology vendors push internal development teams to integrate point tools across their portfolio. They then pitch integrated security "platforms" to customers.
This story has been unfolding for many years and is now reaching a climax. According to ESG research, 62% of enterprise organizations are now willing to buy a majority of security technologies from a single vendor. (Note: I am an employee of ESG.)To read this article in full, please click here -
The Transition Toward Enterprise-class cybersecurity Vendors
Network World - Networking Nuggets and Security SnippetsRecently, ESG completed its second annual enterprise-class cybersecurity vendor research. The story behind this project goes something like this: Enterprise organizations (i.e. those with 1,000 employees or more) have too many point tools and are now engaged in projects to integrate security technologies while eliminating some tools and vendors along the way.This sets up a security market where enterprises buy more products from fewer vendors, and this will have a big market impact – fewer transactions, more large deals, longer sales cycles, increased CISO oversight over procurement, intense competition, etc. I realize that this is antithetical to the way the security industry has always worked in the past when large organizations bought best-of-breed technologies for every layer of a defense-in-depth architecture. The data indicates that this historical mindset is changing however – 62% of survey respondents say that their organization would now consider buying a majority of its security technologies (as well as managed security services) from a single enterprise-class cybersecurity vendor.To read this article in full, please click here -
What Are Small Organizations Doing About Cybersecurity?
Network World - Networking Nuggets and Security SnippetsLast week, I published a blog on the state of cybersecurity at small organizations. As a review, two-thirds of firms with 50 to 499 employees have experienced at least one cybersecurity incident over the past few years, leading to lost productivity and business disruptions. Survey respondents claim that the biggest contributing factors to these cybersecurity incidents included human error, a lack of knowledge about cyber risk, and new IT initiatives lacking proper cybersecurity oversight.Based upon this data, many small organizations don’t have the skills, staff, or cybersecurity infrastructure to keep up with the threat landscape. To read this article in full, please click here -
The state of cybersecurity at small organizations
Network World - Networking Nuggets and Security SnippetsESG recently completed a research survey of 400 cybersecurity and IT professionals working at small organizations (i.e. 50 to 499 employees) in North America. As you can imagine, these firms tend to have a small staff responsible for cybersecurity and IT, reporting to business management rather than CIOs or CISOs. (Note: I am an employee of ESG.)How are these firms doing with cybersecurity? Not so good. Two-thirds of the organizations surveyed experienced at least one cybersecurity incident (i.e. system compromise, malware incident, DDoS, targeted phishing attack, data breach, etc.) over the past two years.
[ How much does a cyber attack really cost? Take a look at the numbers. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here -
Take-aways from Black Hat USA 2018
Network World - Networking Nuggets and Security SnippetsI’m not sure how many people attended Black Hat in Las Vegas last week, but it surely felt like a record crowd. Optimistic attendees lauded the show for its threat research and focus on cybersecurity skills while skeptics bemoaned Black Hat changes, disparagingly referring to the show as ‘RSA in the desert.’As for yours truly, my week was educational, albeit exhausting. I started early by participating in the CISO Summit on Tuesday where I hosted a panel on AI and machine learning in cybersecurity. My week ended with a Thursday dinner brainstorming session on cybersecurity operations. There were dozens of formal and informal meetings in between. To read this article in full, please click here -
Cisco Buys Duo Security to Address a ‘New’ Security Perimeter
Network World - Networking Nuggets and Security SnippetsLast week, Cisco jumped head first into the identity and access management (IAM) market with its acquisition of Duo Security for over $2.3 billion. Now, I’ve been chatting with Cisco about identity management for many years. Cisco always understood the importance of identity management in the security stack but remained reluctant to jump into this area. Why the change of heart? Because cloud and mobile computing have all but erased the network perimeter. These days, mobile users access SaaS and cloud-based applications and never touch internal networks at all. As one CISO told me years ago, “Because of cloud and mobile computing, I’m losing control of my IT infrastructure. To address this change, I’m really forced into gaining more control in two areas: Identity and data security. Like it or not, these two areas are the ‘new’ security perimeters.”To read this article in full, please click here -
Anticipating Black Hat USA 2018
Network World - Networking Nuggets and Security SnippetsI’m about to leave New England and brave temperatures of 110 degrees or above. It may sound crazy, but I’m actually looking forward to the trip next week. Why? I’m heading to Black Hat USA in Las Vegas, and I’m excited to learn more about:
Artificial intelligence in cybersecurity. I am hosting a panel at the CISO Summit titled, The Real Impact of AI on Cybersecurity. As part of this panel discussion, we will cut through the industry hype around AI/ML and talk about how real enterprise organizations are using and benefiting from the technology. It should be a fruitful and enlightening discussion.
The clouding of enterprise security. ESG research indicates that 85% of organizations use public cloud services today, up from 78% in 2017 and 75% in 2016. As more and more workloads move to the cloud, cybersecurity controls and operations tools must come along for the ride. This will lead to a radical shift where cloud security dominates the overall cybersecurity strategy, forcing organizations to re-think how security is managed across the enterprise. Although this trend is in a genesis phase today, I can’t overstate how big a transition this is. I’m curious to hear how the industry and enterprise organizations are reacting and planning.
The new security perimeters. As I’ve written many times, CISOs tell me that they are losing control of their infrastructure, driven by cloud computing and mobility. As countermeasures to these trends, many organizations are doubling down on ‘new’ security perimeters: Data security and identity management. This is one reason why Cisco announced its intent to acquire Duo Security just this morning. My colleague Doug Cahill and I will be monitoring data security and identity management through many discussions with CASB, DLP, and SDP vendors amongst others. We’ll also be talking to security executives about topics like privacy and GDPR.
The platform wars. New ESG research reveals that 62% of organizations claim that they’d be willing to spend the majority of their security technology budgets with a single enterprise-class cybersecurity vendor. So, rather than buying endpoint security software, network security appliances, and email and web security gateways and then cobbling things together themselves, enterprises will start buying comprehensive security platforms offering end-to-end coverage across endpoints, networks, data centers, and the public cloud. This will lead to fewer transactions but bigger potential deals with long sales cycles. How will vendors like Check Point, Cisco, FireEye, Fortinet, McAfee, Palo Alto Networks, Symantec, and Trend Micro address changing market conditions? That’s what we want to find out at Black Hat.
Enterprise risk management. CISOs are also being asked to do a better job of reporting risk to corporate boards, so they can better understand how cyber-risks can impact the business. This means presenting cyber-risk status in a business context. Unfortunately, many CISOs complain that it’s difficult to collect the right data on a continuous basis or turn geeky data points into useful business risk metrics. I’ll look to the CISO summit and Black Hat at large to gain insight into how CISOs and industry players like BitSight, Kenna Security, Rapid7, RSA, and Tenable Networks that may help bridge this gap.
Aside from these technology topics, I’m also curious about how organizations are coping with the perpetual cybersecurity skills shortage that I believe is getting worse over time. This means perusing the Black Hat menu for thoughtful sessions on training and skills development. To read this article in full, please click here -
Google Intends on Making GCP the Most Secure Cloud Platform
Network World - Networking Nuggets and Security SnippetsI attended my first Google Next conference last week in San Francisco and came away quite impressed. Clearly, Google is throwing its more and more of its engineering prowess and financial resources at GCP to grab a share of enterprise cloud computing dough and plans to differentiate itself based upon comprehensive enterprise-class cybersecurity feature/functionality.CEO Diane Greene started her keynote saying that Google intends to lead the cloud computing market in two areas – AI and security. Greene declared that AI and security represent the “#1 worry for customers and the #1 opportunity for GCP.” This surely got my attention as I was there for the sole purpose of learning about GCP security. After attending Google Next, here are a few of my take-aways:To read this article in full, please click here -
What makes CISOs successful?
Network World - Networking Nuggets and Security SnippetsThe chief information security officer (CISO) role has evolved over the past few years from tactical IT manager to strategic business executive. Given this transition, what qualities are most important for making CISOs successful?To answer this question, I went back to the data from last year’s research report from ESG and the information systems security association (ISSA). I then cut the data by respondent’s role to understand what CISOs think is most important. (Note: I am employee of ESG.)To read this article in full, please click here -
What I learned at Tufin's customer conference (Tufinnovate)
Network World - Networking Nuggets and Security SnippetsLast week, I attended Tufin’s annual customer conference, Tufinnovate, in Boston. If you don’t know Tufin, the company focuses on network security policy management for enterprise organizations.Here are a few of my take-aways from the event:
It’s all about operational efficiency. Despite industry banter about artificial intelligence (AI) and process automation, many large organizations still rely on people power to get most tasks done. This creates a serious bottleneck when tasks like network provisioning or firewall audits take weeks to accomplish. This is where tools like Tufin come into play. One customer talked about reducing network provisioning time from days to minutes, while another used Tufin as an alternative to hiring three full-time employees. Yes, some cautious organizations continue to slow-roll the transition from humans to machines, but every organization wants to do things better, faster, and cheaper. Tufin and others are at the tip of this spear.
Think abstraction layers, connectors, and APIs. I recently wrote about the need for centralized network security policy management for hybrid cloud deployments. This is increasingly where Tufin lives. Vendors that play in this space must become leaders in three areas: Abstraction layers, connectors, and APIs. Abstraction layers provide the ability for centralized command and control over heterogeneous infrastructure and security tools. Connectors give customers fully baked and tested integration to common security technologies, while APIs accelerate development for custom configurations.
Firewall consolidation is well underway. Large organizations tend to have a mixed portfolio of network firewalls from vendors such as Check Point, Cisco, Fortinet, and Palo Alto Networks. This situation is changing, however, as enterprises winnow down to one or two vendors. Oh, and more often than not, they choose vendors that can support their firewall needs in corporate data centers AND pubic cloud services. Tufin customers use its products to manage firewall migration, configure/monitor network segmentation, and audit firewall rule sets.
DevOps is attractive but remains immature. Just about every large organization I spoke with was actively embracing a DevOps model, but most were still in the “toe-dipping” stage. How were they proceeding? A few told me that they assigned a security team member to the development team and told them to figure things out. That's not very sophisticated, but it is a step in the right direction. Ultimately, the goal is to inject security controls within the CI/CD pipeline. Organizations are getting there, albeit slowly.
[ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here