Network World - Networking Nuggets and Security SnippetsAh, December. Time to reflect on the past year and look ahead to 2014. In retrospect, 2013 was a banner year for the security industry as the world finally woke up to the very real perils of cybersecurity. Of all many events of this year however, FireEye’s IPO may have trumped them all. As I write this blog on December 11, 2013, FireEye’s market cap is just north of $4.5 billion. Wow!
Network World - Networking Nuggets and Security SnippetsI’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so they will likely focus on real-time big data analytics investments in 2014.
Network World - Networking Nuggets and Security SnippetsAs the old adage states, “security is a process, not a product.” True, but understated. In reality, enterprise security is a plethora of processes requiring constant management and oversight. Your organizations can be fabulously adept in 99% of all security processes but weaknesses in the remaining 1% can still result to massive vulnerabilities.
In a recent research survey, ESG asked enterprise...
Network World - Networking Nuggets and Security SnippetsNearly every day, some security vendor reaches out to me describing how its products and services could have prevented the Edward Snowden public-disclosure of NSA surveillance programs. These vendors talk about strong authentication, privileged account auditing, sensitive data controls, etc.
Network World - Networking Nuggets and Security SnippetsA few years ago, IBM’s information security assets were haphazardly scattered throughout its business units. RACF sat with the mainframe crew, IAM lived within the Tivoli group, and what remained of ISS gathered dust within IBM Global Services (IGS).
Network World - Networking Nuggets and Security SnippetsA few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last vendor to embrace this type of architecture. In fact, just about everyone now has a toe in the cloud-based security intelligence pool. For example, Blue Coat...
Network World - Networking Nuggets and Security SnippetsLast week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.
It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as...
Network World - Networking Nuggets and Security SnippetsWe analysts are known for our bold predictions about the future. Well here’s one from me though I don’t really think it is the least bit audacious. In a few years, we will look back at the iPhone 5s as a milestone in terms of biometrics, strong authentication, and a wave of new types of trusted applications.
Network World - Networking Nuggets and Security SnippetsWe’ve all read the marketing hype about “shadow IT” where business managers make their own IT decisions without the CIO’s knowledge or approval. According to ESG research, this risk is actually overstated at most organizations but there is no denying that IT is getting harder to manage as a result of BYOD, cloud computing, IT consumerization, and mobility.
As these trends perpetuate, CISOs...
Enterprise Security Professionals Offer Their Suggestions for U.S. Governement Cybersecurity ProgramsNetwork World - Networking Nuggets and Security SnippetsAccording to ESG research, 66% of enterprise security professionals believe that the U.S. federal government should be doing “significantly more” or “somewhat more” to help the private sector cope with the current cybersecurity situation and threat landscape.
Okay but what exactly should the feds be doing? Here is some additional research on enterprise security professionals’ suggestions...
Sign up now »
Create and deliver online assessments to identify business risks and track their mitigation and resolution.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.