NOMINATIONS NOW OPEN

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • A FireEye Chat with Kevin Mandia

    Network World - Networking Nuggets and Security Snippets
    In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO.  My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others.  Here are a few highlights:On FireEye’s direction:  In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye.  Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well.  This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation.  To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis.  The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here
  • Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)

    Network World - Networking Nuggets and Security Snippets
    Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP).  As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits.  I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste.  In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here
  • Quick Take: Symantec Buys Blue Coat

    Network World - Networking Nuggets and Security Snippets
    When former CEO Mike Brown left Symantec in April of this year, I wrote a blog about what I would do if I were recruited as Mike’s replacement.  While one of my suggestions was for Symantec to resume M&A activities, I was really thinking about a strategy for filling in product gaps – perhaps Symantec could pick up LogRhythm to add a leading SIEM to its portfolio, or grab Carbon Black for endpoint security analytics and forensics.Hmm, I never even contemplated a big-time merger, so I was as surprised as anyone when Symantec announced its plan to acquire Blue Coat.  I’ve had a few hours to digest this news and will certainly learn more in the days to come.  Nevertheless, as an industry analyst, I can’t help but voice my early opinion on this deal.To read this article in full or to leave a comment, please click here
  • Endpoint detection and response: What’s important?

    Network World - Networking Nuggets and Security Snippets
    My colleagues Doug Cahill, Kyle Prigmore and I recently completed a research project on next-generation endpoint security. We determined that there are actually two distinct product categories within next-generation endpoint security: advanced prevention and advanced detection and response (EDR). While most firms seem to be gravitating toward advanced prevention, massive enterprise organizations tend to move in the opposite direction by evaluating, testing and deploying EDR products. Why? These organizations have large cybersecurity teams with lots of experience, so they are willing to dedicate resources toward more complex projects.Furthermore, many of these enterprise organizations are already investing in security analytics by collecting, processing and analyzing data from numerous disparate sources (i.e., network forensics, events/logs, threat intelligence, etc.). Endpoint forensic data is a natural extension of these cybersecurity analytics efforts. To read this article in full or to leave a comment, please click here
  • Enterprises Are Investing in Network Security Analytics

    Network World - Networking Nuggets and Security Snippets
    If I’ve heard it once, I’ve heard it one thousand times.  Traditional security controls are no longer effective at blocking cyber-threats so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response.Unfortunately, this can be more difficult than it seems.  Why?  Effective Incident detection and response depends upon security analytics technology and this is where the confusion lies.  It turns out that there are lots of security analytics tools out there that approach this problem from different angles.  Given this reality, where the heck do you start?Based upon lots of qualitative and quantitative research, I’m finding that many large organizations with experienced security teams tend to jump into security analytics by focusing their effort on the network for several reasons:To read this article in full or to leave a comment, please click here
  • Software-Defined Perimeter Essentials

    Network World - Networking Nuggets and Security Snippets
    I’ve written about Software-Defined Perimeter (SDP) a few times, as I think this model is a strong fit for today’s IT cocktail made up of mobile applications, public cloud infrastructure and pervasive security threats. What is an SDP? The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis. Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings. In addition, Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly visible. While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly. SDP is clearly associated with numerous innovations and initiatives of the past, including next-generation firewalls, network access control (NAC) and even 802.1X, so there are plenty of SDP-like solutions from vendors such as Cisco, HP (Aruba) and Pulse Secure (formerly part of Juniper). To read this article in full or to leave a comment, please click here
  • Are There Workloads that Don’t Belong in the Public Cloud?

    Network World - Networking Nuggets and Security Snippets
    According to ESG research, 75% of organizations are currently using a public cloud service while another 19% have plans or interest in doing so (note: I am an ESG employee).  Furthermore, 56% of all public cloud-based workloads are considered IT production workloads while the remaining 44% are classified as non-production workloads (i.e. test, development, staging, etc.).This trend has lots of traditional IT vendors somewhat worried, as well they should be.  Nevertheless, some IT veterans believe that there are limitations to this movement.  Yes, pedestrian workloads may move to the public cloud over the next few years but business-critical applications, key network-based business processes, and sensitive data should (and will) remain firmly planted in enterprise data centers now and forever.To read this article in full or to leave a comment, please click here
  • Identity and access management infrastructure is misaligned with security

    Network World - Networking Nuggets and Security Snippets
    Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e., user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.
    Yup, this makes sense. Armed with identity attributes, organizations can make intelligent network access decisions on who gets access to which IT assets regardless of their location. Unfortunately, there is a big problem here. The identity and access management (IAM) infrastructure was built organically over the last 10-15 years, so it depends upon a morass of disconnected and fragile elements. This situation greatly impacts security. To read this article in full or to leave a comment, please click here
  • Cloud security: A mismatch for existing security processes and technology

    Network World - Networking Nuggets and Security Snippets
    To use a long-forgotten metaphor, cloud deployment is moving forward at internet speed at many enterprise organizations. According to ESG research, 57 percent of enterprise organizations use public and private cloud infrastructure to support product applications/workloads today, and an overwhelming majority of organizations will move an increasing number of applications/workloads to cloud infrastructure over the next 24 months (note: I am an ESG employee).Now, no one would argue the fact that cloud computing represents a different compute model, but it is really based upon the use of server virtualization for the most part. And since a VM is meant to emulate a physical server, many organizations approach cloud security by pointing traditional security processes and technologies at cloud-based workloads.To read this article in full or to leave a comment, please click here
  • Next-generation endpoint security market bifurcation

    Network World - Networking Nuggets and Security Snippets
    Just what the heck is next-generation endpoint security? Cybersecurity professionals remain pretty confused around the answer to this question. To help, ESG conducted a research project on the subject that was coordinated by my colleagues Doug Cahill and Kyle Prigmore and me (note: I am an ESG employee).For the purposes of the research project, ESG defined next-generation endpoint security as:Endpoint security software controls designed to prevent, detect and respond to previously unseen exploits and malware.As part of this project, ESG interviewed dozens of organizations that were either supplementing or replacing traditional antivirus software on PCs of all kinds. I’ve written a few blogs about why these organizations were moving beyond AV alone, how they selected new endpoint security products, and some details about their testing and deployment methodologies. Aside from this technology overview, however, I did come away with some strong theories about the next-generation endpoint security market in general. To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place