Corporate Partners

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • What IBM Can Learn from its own Cybersecurity Business

    Network World - Networking Nuggets and Security Snippets
    IBM’s recent financial results sent Wall Street into a tizzy as the company missed its targets on multiple counts.  Brooks Brothers-clad equity analysts quickly freaked out, declaring that IBM is too big, has lost its sense of innovation, and needs to be broken up a la HP. 
    I grew up close to Armonk NY so I’ve known IBM my whole life.  While I have some opinions about the IBM Corporation’s problems and what it should do, I’ll hold on that perspective for now.  As food for thought on IBM’s woes, here is an excellent article in Forbes magazine, written by industry veteran Robert Cringely. To read this article in full or to leave a comment, please click here
  • Enterprises Establish a 'Cybersecurity Cavalry'

    Network World - Networking Nuggets and Security Snippets
    In the past, enterprise cybersecurity responsibilities were tilted toward oversight rather than hands-on operations and technology procurement. Security analysts were counted on for incident detection and response, but aside from this function CISOs helped organizations develop and enforce the right policies. Meanwhile, functional IT groups selected, deployed, and operated security products. 
    Take network security for example. A few years ago, there was a pretty common division of labor – security professionals defined requirements and the networking team purchased and operated network security technologies like firewalls, proxy servers, and IDS/IPS. To read this article in full or to leave a comment, please click here
  • Board-level Security Ratings Meets Threat Intelligence (BitSight Acquires AnubisNetworks)

    Network World - Networking Nuggets and Security Snippets
    With the recent avalanche of security breaches including Target, Home Depot, and JP Morgan Chase, cybersecurity companies have become financial darlings from Wall Street to Sand Hill Rd. Investors on both coasts are looking for the next major IPO or acquisition to cash in on the dangerous threat landscape.Along those lines, there was an interesting cybersecurity acquisition announced this morning. Massachusetts-based BitSight, a cybersecurity rating service provider, acquired AnubisNetworks, a threat intelligence firm based in Portugal. Now, it’s likely that the technical analysts in lower Manhattan and the Chardonnay-drinking VCs in Palo Alto will overlook this low-dollar merger, but there is more here than money alone. The combination of BitSight and Anubis has the potential to unite alien populations – business and technology groups. To read this article in full or to leave a comment, please click here
  • Yet another Proofpoint for Network and Endpoint Security Integration

    Network World - Networking Nuggets and Security Snippets
    As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security. Here’s another recent data point that supports this further.  ESG recently published a new research report titled, Network Security Trends in the Era of Cloud and Mobile Computing.  The report is based upon a survey of security professionals working at enterprise organizations (i.e. more than 1,000 employees).  ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?”  Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat” (Note: I am an ESG employee).To read this article in full or to leave a comment, please click here
  • Time to Embrace or Terminate National Cybersecurity Awareness Month

    Network World - Networking Nuggets and Security Snippets
    Most people know that October is National Breast Cancer Awareness Month. Far fewer people know that October is also American Achieves Month, National Book Month, and Pastors Appreciation Month. Oh yeah, October is also National Cybersecurity Awareness Month, and unfortunately few security professionals or industry leaders know about it or pay much attention to this designation. Now, dissing National Cybersecurity Awareness Month isn’t a universal problem. In fact, it’s sort of a big deal in Washington, D.C., where the month actually begins with a Presidential proclamation. In his proclamation issued on September 30, President Obama declared, “I call upon the people of the United States to recognize the importance of cybersecurity and to observe this month with activities, events, and training that will enhance our national security and resilience."To read this article in full or to leave a comment, please click here
  • Proofpoint Report Exposes Details about Cybercrime Division of Labor and Malware Architecture

    Network World - Networking Nuggets and Security Snippets
    One of the more vapid cybersecurity cliché statements goes something like this: “hacking is no longer about alienated teenagers spending countless hours in the basement on their PCs. Rather, it is now the domain of organized crime and nation states.” While this is certainly true, it is also blatantly obvious. It is also nothing more than a meaningless platitude with no details about why this is true, how hackers operate differently than teenagers, or what the implications are.If you want to understand these issues, I strongly suggest that you read a new threat report, Analysis of a Cybercrime Infrastructure, published this week by Proofpoint. The report follows the tactics and techniques used by a Russian organized crime group as it launched an attack on U.S.- and European-based users with the intention of stealing online banking credentials.To read this article in full or to leave a comment, please click here
  • Leading Enterprise Organizations Have Established a Dedicated Network Security Group

    Network World - Networking Nuggets and Security Snippets
    When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn't dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.This “us-and-them” mentality appears to be legacy behavior. According to ESG research, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security (note: I am an ESG employee). Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today, but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor. To read this article in full or to leave a comment, please click here
  • Palo Alto Endpoint Security Announcement: Proof of a Market in Transition

    Network World - Networking Nuggets and Security Snippets
    Did you see the Palo Alto Networks announcement yesterday? If not, here’s my synopsis. PAN introduced a new endpoint security technology named “Traps” that is the ultimate result of the company’s acquisition of Cyvera this past March. In simple terms, Traps provides three core security functions:
    Advanced malware prevention. Traps is designed to deal with the most important attack vectors such as memory corruption, changes in registry settings, and malware persistency, with no prior knowledge about the malware itself.
    Endpoint forensics. Traps captures system-level activities to help security analyst understand what changes, if any, were made to compromised systems.
    Integration of network and endpoint security. Traps ties into PAN Wildfire and NGFW. This integration provides more holistic protection and gives analysts a vantage point across network and endpoint activities. The integration also ties Traps into Palo Alto threat intelligence.

    A few years ago, the endpoint security market was a cozy little oligopoly that was dominated by five vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro. Others, like CA, Check Point, and even mighty Microsoft, couldn't crack the code and either exited the market or minimized their product development, marketing, and sales. To read this article in full or to leave a comment, please click here
  • The Mike Brown Era – and the Associated Pressure – Begins at Symantec

    Network World - Networking Nuggets and Security Snippets
    Last Thursday, Symantec announced that interim CEO Mike Brown has now assumed this role on a permanent basis. Wall Street wasn't exactly dancing a jig when it heard the news; the stock was down from after-hours trading on Thursday through the close of the market on Friday. In fact, of the 28 analyst recommendations currently tracked on Yahoo Finance, 20 are issuing a “hold” recommendation and only 3 classify Symantec as a “strong buy.” Wall Street’s lukewarm reaction to Mike Brown represents what he and the company face moving forward. The market at large (i.e. investors, IT managers, potential employees, etc.) was expecting new blood when Symantec terminated Steve Bennett and promised an “extensive search” for new a new leader and apparently interviewed 100 candidates, with 33 seriously vetted for the top job. When Brown was handed the job last week, market cynics quickly concluded that either the company couldn’t attract a visible software leader, or an inept board wasted time and money before realizing that Brown was the right person for the job. Right or wrong, Symantec faces these and lots of other negative perceptions.To read this article in full or to leave a comment, please click here
  • More Alarming Data on the Cybersecurity Skills Shortage

    Network World - Networking Nuggets and Security Snippets
    ESG recently published a new research report on network security titled, Network Security Trends in the Era of Cloud and Mobile Computing (note:  I am an ESG employee).  Within this project, ESG asked 397 security professionals working at enterprise organizations (i.e. more than 1,000 employees) to rate their security teams in a number of network security areas.  Once again the data points to a pretty substantial skills gap:
    30% of organizations say that the network security skills of the infosec staff are inadequate in some, most, or all cases.
    44% of organizations say that the number of networking/security staff with strong knowledge in both security and networking technology is inadequate in some, most, or all cases.
    38% of organizations say that the ability of the security staff to keep up with network security changes is inadequate in some, most, or all cases.
    37% of organizations say that the ability of the security staff to keep up with the threat landscape is inadequate in some, most, or all cases.
    47% of organizations say that the number of employees dedicated to network security is inadequate in some, most, or all cases.


    What’s most troubling about this data is that network security is nothing new.  Large organizations have been segmenting networks, filtering packets, and managing firewalls, IDS/IPS, network proxies, and assorted gateways for years.  In spite of this experience however, they remained under-skilled and understaffed and thus more vulnerable than they should be.To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place