Corporate Partners

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Enterprises Need Advanced Incident Prevention

    Network World - Networking Nuggets and Security Snippets
    Given the booming state of the cybersecurity market, industry rhetoric is at an all-time high. One of the more nonsensical infosec banalities goes something like this:  Cybersecurity has always been anchored by incident prevention technologies like AV software, firewalls, and IDS/IPS systems, but sophisticated cyber-adversaries have become extremely adept at circumventing status quo security controls. Therefore, organizations should give up on prevention and focus all their attention on incident detection and response.Now, I certainly get the logic of this platitude. Yes, the bad guys do know how to get around our defenses and organizations should in fact improve their detection and response capabilities. But abandon or minimize incident prevention? Poppycock! To read this article in full or to leave a comment, please click here
  • Malware? Cyber-crime? Call the ICOPs!

    Network World - Networking Nuggets and Security Snippets
    To fully understand the state of cybersecurity at enterprise organizations, it’s worthwhile to review a bit of history.  In the early days of Internet connectivity, information security was viewed as a necessary evil, so enterprise security budgets tended to be pretty stingy.  CEOs didn’t want good security, they wanted “good enough” security so they were only willing to provide minimal funding. Given measly cybersecurity budget dollars, security managers spent money where they had to – mostly on host-based security software (aka antivirus), and perimeter defenses like email security gateways, firewalls, IDS/IPS, etc.  Additional security defenses were added organically as countermeasures to new types of cyber-threats (i.e. web threats, APTs, etc.).To read this article in full or to leave a comment, please click here
  • Endpoint Security Technology Nirvana

    Network World - Networking Nuggets and Security Snippets
    For years, endpoint security was defined by antivirus software and a few leading vendors like Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro, and Webroot.  This perception has changed over the past few years.  CISOs are now demanding endpoint profiling, advanced threat detection, and forensic capabilities opening the door for other vendors like Bit9/Carbon Black, Cisco, Confer, Digital Guardian, FireEye, ForeScout, Great Bay Software, Guidance Software, Invincea, Palo Alto, RSA, SentinelOne, Tanium, etc.Yup, endpoint security is in-play again, but software implementation is leading to yet another IT and security issue as organizations install multiple agents on endpoints and add a plethora of management systems for centralized control of each endpoint security function.  In this scenario, organizations are addressing IT risk while adding operational complexity at the same time – far from an ideal situation.To read this article in full or to leave a comment, please click here
  • Cybersecurity Industry Blame Game at RSA Conference

    Network World - Networking Nuggets and Security Snippets
    I’ve been meaning to write this blog since returning from San Francisco in April and I’ve finally gotten around to it.  With the dangerous threat landscape and seemingly endless string of data breaches, there was quite a bit of industry bashing at this year’s RSA conference.  Discussions featured numerous sound bites accusing the cybersecurity industry of ‘being stuck in the dark ages,’ and claiming that the industry ‘has failed its customers.’  Pretty strong stuff.Now I certainly agree with one of the underlying premises.  In spite of billions of dollars in infosec technology purchases over the past few years, organizations like the US Office of Personnel Management (OPM), Sony Pictures, and Target continue to experience devastating cyber-attacks and data breaches.  Yup, there’s certainly a supply/demand disconnect but I think it’s worthwhile to explore how we got to this point before simply shooting the messenger. To read this article in full or to leave a comment, please click here
  • Grading Cisco Cybersecurity after CiscoLive

    Network World - Networking Nuggets and Security Snippets
    In anticipation of CiscoLive in San Diego, I posted a blog last week describing my thoughts on Cisco’s cybersecurity portfolio.  After attending the event this week, I’m ready to further elaborate on these opinions by grading Cisco Cybersecurity in a number of areas:
    Cybersecurity commitment, A.  A few years ago, many people believed that Cisco was in the security market in order to bundle firewalls into big switching and routing deals.  This cynical attitude was a stretch back then but it is an absolute fallacy today.  Cisco is actively developing products and security architectures, hiring talent, building its security services prowess, and even actively working with partners like Arbor Networks, Lancope, Radware, and Splunk.  John Chambers publicly stated his goal of making Cisco “#1 in cybersecurity and embedding security everywhere,” in his keynote speech, while incoming CEO Chuck Robbins mentioned that he has asked Chambers to remain active in overseeing the cybersecurity business unit.  Cisco is also linking cybersecurity products, services, and skills with its work with large customers on disruptive Internet of Everything (IoE) applications.  All-in-all, Cisco exhibited a passion for cybersecurity that belies its historical position.
    Cybersecurity products, B+.  Cisco is quite competitive just about everywhere it plays, and has leading products in areas like data center firewalls, advanced malware detection/prevention (AMD/P) for endpoints, and of course Sourcefire IDS/IPS.  Nevertheless, it still has some work ahead in order to gain market acceptance for some of its new product revisions and architectures.  Cisco must remember that it faces strong competitors like FireEye, Fortinet, IBM, Juniper, and Palo Alto across all of its products so it will need to use its resources and make sure its products remain on par or ahead at all times. 
    Cybersecurity services, A-.  Cisco infosec professional and managed services are far more extensive than most people believe and the company continues to invest heavily in acquisitions (like Neohapsis), recruiting, and training.  The company is also rolling out some strong managed services for advanced threat defense that should gain traction in the market.  The only knock of Cisco cybersecurity services is its lack of market visibility.  Cisco marketing needs to step up with a dedicated air cover campaign to make sure that its cybersecurity services become much more familiar to CEOs, CIOs, CISOs, corporate boards, and cybersecurity professionals working in the trenches.
    Cybersecurity architectures, B.  Cisco is on the right path here with cybersecurity architectures like its security services architecture (SSA) and the combination of ISE/pxGrid/TrustSec.  The issues here are immaturity and market confusion.  SSA is somewhat new and Cisco still needs to work on articulating a clear description to a skeptical customer base, quick to equate Cisco with a proprietary agenda.  Similarly, Cisco needs to flex some market muscle on ISE/pxGrid/TrustSec market education while bridging the gap between security, networking, and IT operations folks by pushing mutually-beneficial architectural benefits.  Finally, Cisco has to make sure that customers aren’t overwhelmed by the intersections between cybersecurity and various additional architectures like ACI.  Cisco’s technology development heavy lifting is fairly complete, but massive market conditioning work remains.
    Cisco Cybersecurity marketing, B-.  This grade is probably self-evident and may be a bit generous based on my previous comments but allow me to elaborate a bit.  First, Cisco must remember that its customers have long memories.  So while Cisco FireAMP is a strong endpoint security product, some customers will disregard it outright based upon their experiences with the Cisco Security Agent (CSA, Okena).  Cisco needs to change minds here.  Second, Cisco needs to educate and convince the market with regard to its security architectures by pushing reference implementations, proof-points, and implementation guides.  And like all other cybersecurity vendors, Cisco needs more emphasis on vertical industry cybersecurity solutions.  Finally, Cisco has to shift its marketing tactics from FUD to true cybersecurity thought leadership applicable for boardroom and grassroots discussions.  In other words, Cisco should challenge the cybersecurity market with innovative ideas rather than tired scare tactic clichés in order to move the entire cybersecurity community beyond the status quo.  A lofty goal, but Cisco has the resources and skills to pull this off. 

    I would be remiss if I didn’t end this blog by giving Cisco an A+ on CiscoLive.  The event was worthwhile as it helped get me up to speed on Cisco cybersecurity products, services, and strategy.  Furthermore, the Cisco management team – all the way up to John Chambers and Chuck Robbins – were accessible and truly engaged with analysts, customers, and the press.  Oh yeah, as an old Boston rockah (intentional misspelling for local emphasis), Aerosmith was a fantastic bonus!To read this article in full or to leave a comment, please click here
  • Cisco Cybersecurity Renaissance and Opportunity

    Network World - Networking Nuggets and Security Snippets
    A few short years ago Cisco was deep in the cybersecurity doldrums. In spite of years of market leadership with products like Cisco PIX firewalls, IronPort (email security) and IDS/IPS blades on Catalyst switches, the company seemed to have squandered its enviable market position. Alas, Cisco had swung and missed on security management (MARS) and endpoint (Okena) and had fallen behind companies like Fortinet, Juniper, and Palo Alto in its own network security backyard.There was no question that Cisco needed to make a bold move to stay relevant, and to its credit, the company did just that. In 2013, Cisco scooped up Sourcefire and did a good job of blending the two companies, retaining key employees, and maintaining the goodwill of the open source SNORT community. To read this article in full or to leave a comment, please click here
  • Cybersecurity Views from a National Intelligence Officer

    Network World - Networking Nuggets and Security Snippets
    I participated in the Cyber Exchange Forum earlier today, an event sponsored by the Advanced Cyber Security Center (ACSC). The featured speaker was Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence. In this role, Sean directs the production of national intelligence estimates (for cyber-threats), leads the intelligence community (IC) in cyber analysis, and writes personal assessments about strategic developments in cyberspace.Here are a few of the highlights:
    On the scope of threats. Sean does not subscribe to the notion of a "cyber Pearl Harbor" for the most part. He stated that there are only a few nation states capable of this type of attack (i.e. China and Russia) and that an attack of this magnitude was highly unlikely during peace time. His caveat to this was that we already face a series of disruptive attacks like those at the Sands Hotel of Las Vegas and Sony Pictures that are having a cumulative impact on the U.S. economy and national security.
    On future attacks. Sean spoke of a growing concern around data integrity using the Syrian Electronic Army hack of the Associated Press's Twitter account in 2013. This particular event led to a decrease of $137 billion in stock market valuation. He emphasized the fact that a relatively small crime moved billions of dollars and that these types of scams are often used to fund all types of other malicious activities.
    On non-state actors. While these groups don't have the sophistication of nation states, Kanuck described the threat from non-state actors as being "as good as what can be purchased online from the cyber black market." In other words, the bad guys will improve malware attacks as well as their tactics, techniques, and procedures (TTPs) as the cybercrime industry becomes more organized and market-like. Unfortunately, this advancement is already well underway. 
    On political will. Sean stated that there are about 30 countries that are now developing offensive cyber capabilities. It's cheap and effective with very little risk.
    On commercial cybersecurity innovation. New products like automated penetration testing software can really help companies identify IT risk, but Kanuck pointed out that they are also making it easier for the black hat community. 

    Sean said that organizations can expect to encounter cyber-attacks that cause IT attrition and degradation. Much like disaster recovery, organizations should then create a plan that allows them to operate in a degraded state when this occurs – not optimal but not out of business either. To read this article in full or to leave a comment, please click here
  • The Highs and Lows of Cybersecurity Integration

    Network World - Networking Nuggets and Security Snippets
    Based upon anecdotal evidence, I estimate that the average large enterprise organization uses more than 70 different security tools from an assortment of vendors. As they say in Texas, "that dog don't hunt." In other words, it's nearly impossible to maintain strong security hygiene or establish best practices when the security organization is chasing cybersecurity optimization on a tool-by-tool basis.Recognizing this problem, I've been preaching the need for an integrated cybersecurity technology architecture for years, often comparing the evolution from point tools to the departmental application to ERP transition that occurred in the 1990s. The good news is that this is actually starting to happen.To read this article in full or to leave a comment, please click here
  • Mr. CISO: Tear Down These Legacy Cybersecurity Walls!

    Network World - Networking Nuggets and Security Snippets
    Here’s a scenario we’ve all encountered:  You go to a nice restaurant to enjoy a meal and the whole experience turns sour.  The service is terrible, your entrée arrives before your salad and your food is overcooked and virtually inedible.When you explain all of these issues with the restaurant manager, she apologizes and proceeds to respond with her own problems – a waiter quit and the cook called in sick that day making it difficult to keep up with business, and several big parties disrupted workflow in the kitchen. Yes, you may be sympathetic but these issues really aren’t your problem.  You want to enjoy a good meal, you are willing to pay good money for fine dining so that’s what you expected.  You really don’t care about the restaurant’s internal problems and you absolutely don’t want them to interfere with your experience. To read this article in full or to leave a comment, please click here
  • Toward Omniscient Cybersecurity Systems

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity systems suffer from compartmentalization.  Vulnerability management systems know which software revisions are installed on which systems, but have no idea how endpoints and servers are connected together.  Similarly, an anti-malware gateway can perform static and dynamic analysis on a suspicious file but doesn't know if a user downloaded analogous malware when she was connected to the Internet on a public network. Yup, cybersecurity is simply a classic example of one hand not knowing what the other is doing. CISOs recognize this disjointed situation and many are undertaking cybersecurity integration projects to address this problem.  This is certainly a step in the right direction, but I find that a lot of these projects are one-off point-to-point integration efforts.  Good idea, but CISOs should be pushing toward an ambitious endgame – omniscient cybersecurity systems.To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place