Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets

  • The New Endpoint Security Market: Growing in Size and Scope

    Network World - Networking Nuggets and Security Snippets
    Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless.  Cylance announced a round of $120 million led by Blackstone Tactical Opportunities.  Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint. Prior to the Cylance announcement, CrowdStrike announced a round of $200m, funded by Accel, General Atlantic, and IVP, and now claims a valuation of more than $3 billion.  Like its rival, CrowdStrike says that the new funding will go toward sales and marketing as well as product development.These two “unicorns” are not alone.  Tanium and Cybereason have also enjoyed funding rounds of $100m while SentinelOne raised $70m in a series C round last year.  Holy antivirus, Batman!To read this article in full, please click here

  • Cisco Security Synopsis from CiscoLive

    Network World - Networking Nuggets and Security Snippets
    Cisco held its annual customer event this week in Orlando FLA and invited the industry analysts to attend.  CEO Chuck Robbins highlighted the company’s commitment to security in his CiscoLive keynote while other executives elaborated on more security product and services details.After a few days of meetings, I believe Cisco’s cybersecurity strategy focuses on:
    Product integration. Cisco wants a common cybersecurity product architecture that spans endpoints, networks, data centers, and the public cloud, that can service most of its customers cybersecurity technology needs.  As a result, Cisco is busy integrating products and services like AMP, Umbrella, Firepower, Talos, etc.  Cisco demonstrated its platform and discussed its future roadmap in detail.
    Openness and programmability. Beyond gluing its own products together, Cisco’s cybersecurity platform is built with connectors and APIs for third-party integration and programmability.  To illustrate its technology alliance partner ecosystem, Cisco crowed about dozens of partners including Anomali, IBM, LogRhythm, and McAfee.  Cisco’s intent-based networking programmability also extends to security for service providers taking advantage of APIs and building value-added services on top of Cisco security tools.
    A foundation of threat intelligence. CiscoLive started last Sunday with a day-long session by the Talos team on security research and threat intelligence.  Beyond the data, the Cisco team focused on teaching customers how to operationalize threat intelligence for threat detection, hunting, and risk management.  Clearly, Cisco believes that Talos threat intelligence can give the company a strategic advantage versus narrowband security vendors, so it is anchoring all security products with Talos threat feeds.  The company is also bolstering market education to get the Talos word out more broadly. 
    Comprehensive cloud security. Cisco wants customers to know that it can protect workloads in the public cloud with a one-two punch of Tetration and StealthWatch cloud.  Beyond IaaS and PaaS, Cisco also promoted its CloudLock CASB product for SaaS management and data protection.  Finally, Cisco is offering several ‘security from the cloud’ services, such as Umbrella and email security to safeguard mobile workers and branch offices.
    Operational simplicity. When it comes to security operations, Cisco understands that many of its customers are under-staffed, lack advanced skills, have too many point tools and still rely on manual processes.  To address these shortcomings, Cisco demonstrated a security operations platform called Visibility, a common SOC analyst workbench for threat detection, incident response, and risk remediation.  In its current iteration, Visibility supports a handful of Cisco products, but the company previewed an aggressive roadmap for integration of additional Cisco and third-party products.
    Professional and managed services. What many customers may not realize is that Cisco professional and managed cybersecurity services are growing like a weed.  Cisco plans to expand its services portfolio to provide flexible consumption options and help customers benefit further from all its security products. 

    While Cisco realizes it must compete with best-of-breed products, its security go-to-market is now focused on campaigns, providing solutions for security threats like Ransomware defense, breach response, and data center security.  These strategic solutions often encompass an integrated bundle of several Cisco products at once.  To read this article in full, please click here

  • Moving to central network security policy management for hybrid clouds

    Network World - Networking Nuggets and Security Snippets
    As organizations embraced the public cloud over the past few years, security teams were on the hook to modify network security policies and implement security controls to protect cloud-based workloads. The goal was simple: Protect cloud-based workloads with network security polices and controls that were equal to or better than existing safeguards for physical and virtual servers in corporate data centers.This turned out to be far more difficult than expected. Many organizations tried to force fit their existing security controls (firewalls, ACLs, network segments, VPNs, etc.) to accommodate cloud-based workloads. This turned out to be a technology mismatch – security controls built for physical and virtual servers were too inflexible to service the public cloud. To read this article in full, please click here

  • The rise of analyst-centric security operations technologies

    Network World - Networking Nuggets and Security Snippets
    Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.This technical purview has been a highlight of security operations products since their inception. In the early days (late 1990s), security analysts’ jobs depended upon technical tools such as TCPdump and Ethereal/Wireshark to look for suspicious activities within network packets. The next step was searching for clues through Syslog and then this led to the use of log management tools and then the evolution of SIEM in the 1999-2000 timeframe.To read this article in full, please click here

  • Symantec in a position to progress and prosper

    Network World - Networking Nuggets and Security Snippets
    When Symantec and Veritas joined forces, Symantec Vision (its customer and analyst event) was a regular spring ritual. Like the swallows coming back to Capistrano, I made an annual pilgrimage to Las Vegas, parked myself at the MGM or Venetian, and spent a few days catching up on the latest Symantec buzz.Alas, when Symantec divested Veritas and acquired Blue Coat, Symantec Vision was put on sabbatical for a few years. Yesterday, Symantec renewed its analyst outreach, however, with a new-look analyst event here in Boston. The company highlighted:
    Its integrated cyber defense platform. Since the Blue Coat marriage, Symantec has been quite busy gluing its products together. It started with basic point-to-point integration but has since evolved into the creation of an end-to-end architecture, integrated cyber defense (ICDx). Symantec touts that ICDx is a single point of integration for security telemetry, threat intelligence, and data management. Furthermore, ICDx provides publish/subscribe middleware and message bus services to support heterogeneous cybersecurity tools. ICDx is also an open architecture (similar to ESG’s SOAPA), based upon open standards and APIs, and Symantec is even working to champion open cybersecurity software architectural with OpenC2, a standards effort led by OASIS. To further promote ICDx across the industry, Symantec crowed about its technology integration partners program (TIPP) and a laundry list of other cybersec vendors already signed up.
    It’s focus on termination points… Symantec talked about a "dark" internet where nearly all traffic is encrypted. In this scenario, Symantec believes that security oversight must migrate to termination points. In Symantec’s view, this equates to four central termination points: Endpoints (of all kinds), network proxies, email, and cloud-based applications. Symantec then reminded the analyst community about its well-established real estate in each area.
    …And modern operating systems. Symantec rightly points out that the world has moved well beyond Windows PCs and servers, while many competitors have not. Yes, these systems are still highly targeted, but Symantec believes enterprise customers need similar protection on mobile devices (iOS, Android), cloud-based workloads, IoT devices, etc. Symantec claims it can protect this potpourri of systems with a bright yellow security blanket.
    Data security. It was appropriate for Symantec to focus on data security the day before GDPR took effect. Symantec has been a leader in this space since its acquisition of Vontu – way back in 2007. (Author’s note: Wow, do I feel old!)  While much of the industry continues to ignore data security, Symantec has been innovating in this area by marrying DLP with machine learning analytics from Bay Dynamics, integrating DLP and identity management tools, and using data access patterns in concert with its threat detection tools. Symantec rightly points out that as organizations have less security control over their infrastructure, they need more security control over their data. 
    An evolving consumer security agenda. While many of its AV competitors are walking away from the consumer market, Symantec is doubling down. It acquired LifeLock in 2016 and now offers creating bundles of LifeLock and Norton products. Symantec is also dipping its toe into the connected home market with the introduction of Norton Core, an all-in-one device designed to offer easy management, security, and data privacy for connected devices on the home front. 

    Key points about Symantec
    Symantec addressed a lot at the event, far more than can be covered in a short blog post. Nevertheless, here are a few of my take-aways:To read this article in full, please click here

  • Containers are here. What about container security?

    Network World - Networking Nuggets and Security Snippets
    The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issues
    Not surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:
    35 percent say their organization’s current server workload security solutions do no support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.
    34 percent say they need to verify that images stored in container registries meet their organization’s security and compliance requirements. Again, they tend to need specialized tools to accomplish this task.
    33% say there is a lack of mature solutions available for container security. This is understandable, as container security is dominated by startups and point tools at present (i.e. Aporeto, Aqua Security, Cavirin, CloudPassage, Layered Insight, Neuvector, StackRox, Twistlock, etc.). We are seeing more and more coverage from established players, as well, including Tenable Networks, Trend Micro, VMware, etc. Cybersecurity pros should pay close attention to this market because vendors and tools are evolving quickly. 
    30% say the potential for container sprawl creates loose access controls between containers that could leave their production environment more vulnerable. This indicates process and management problems that lead to security vulnerabilities. 
    27% say portability makes containers more susceptible to “in motion” compromises. And a lot of security pros don’t have the tools to monitor transient containers and microservices as they appear and disappear. 


    [ Learn why you need an API security program, not a piecemeal approach. | Get the latest from CSO by signing up for our newsletters. ]

    Like server virtualization and public cloud workloads of the past, containers remain an unfamiliar animal to many security professionals today, but this is unacceptable given the number of production containers deployed today (as well as aggressive future container deployment plans). In cybersecurity, uncertainty and limited knowledge equal increased risk. To read this article in full, please click here

  • It’s Time to Think Harder About Security Data Management

    Network World - Networking Nuggets and Security Snippets
    According to ESG research, 28% of enterprise organizations collect, process and analyze substantially more security data then they did two years ago while another 49% collect, process, and analyze somewhat more data than they did in the past (note: I am an ESG employee). What’s happening here?  Well first of all, organizations are collecting more data from traditional sources – system logs, vulnerability scans, network flows, etc.  They are also grabbing security data from supplementary security sources like EDR tools, behavioral analytics systems, threat intelligence feeds, etc.  Oh, and over the last few years, enterprises started gathering data from IoT devices, public cloud services, SaaS, etc.  It all adds up to a growing pile of terabytes of security data. To read this article in full, please click here

  • The evolution of security operations, automation and orchestration

    Network World - Networking Nuggets and Security Snippets
    The market for security operations, automation and orchestration products is rapidly maturing. The most recent proof point of this maturation was Splunk’s acquisition of Phantom in February, but other vendors, such as FireEye (acquired Invotas), IBM (acquired Resilient), Microsoft (acquired Hexadite), and Rapid7 (acquired Komand), saw the light and bought into this market over the past few years.I first discovered this market several years ago. In a 2015 blog post, I introduced the concept of integrated cybersecurity orchestration platforms (ICOPs). I stated that ICOPs would be used to integrate inputs (i.e. alerts and data from different security tools), correlate, enrich, and manage security data, and initiate outputs (i.e. trigger remediation actions and workflows). To read this article in full, please click here

  • Cloud computing security chaos continued at RSA Conference 2018

    Network World - Networking Nuggets and Security Snippets
    My esteemed colleague Doug Cahill did a great job at the RSA Conference with a killer presentation on hybrid cloud security. Unfortunately, Doug’s presentation occurred on Thursday afternoon, when many conference attendees were catching flights home, packing up their booths, or recovering at a bar somewhere else in San Francisco. Despite the timing, about 150 souls showed up, but I’m guessing that Doug’s conference room would have been overflowing if his presentation had been on Tuesday rather than Thursday.As I wrote in a recent blog post, it was important to focus on cloud security at RSA 2018. Why? Because organizations are rapidly adopting hybrid clouds, with DevOps leading the charge. This places a double whammy on security teams that have little cloud computing experience and a limited relationship with DevOps teams.To read this article in full, please click here

  • What is a Cybersecurity Technology Platform Anyway?

    Network World - Networking Nuggets and Security Snippets
    At last week’s RSA Conference, you couldn’t walk more than 10 feet on the show floor without a security vendor pitching you on its technology “platform.”  Yup, Check Point, Cisco, FireEye, Forcepoint, Fortinet, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot, and lots of other are now busy pitching platforms and will continue to do so. Okay, but what is the actual definition of this term?  In general, vendors use the word “platform” to describe an integrated amalgamation of point products that creates a common and interoperable architecture.  It’s safe to say that all vendor agree upon this platform characteristic.  Beyond this basic functionality however, there doesn’t seem to be much consensus on security technology platform requirements.To read this article in full, please click here