Corporate Partners

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Black Hat Is About Cybersecurity People and Processes

    Network World - Networking Nuggets and Security Snippets
    Over the past few years, the RSA Security Conference has become a marquis technology industry event.  It has really outgrown its humble roots in cryptography and Layer 3 and 4 packet filtering – now RSA is where technology industry bigwigs meet, drink exquisite Napa Valley wine, get a broad perspective of the cybersecurity industry, and do deals.RSA’s emergence as a “must-attend” technology industry event is a good thing on balance.  For one week of the year, business, government, and technology leaders descend on San Francisco and shed a spotlight on the global state of cybersecurity.  But while this attention is a good thing, RSA has evolved into a high-level affair, focusing on the “why” questions surrounding cybersecurity.To read this article in full or to leave a comment, please click here
  • Cybersecurity Technology Integration Changes Everything

    Network World - Networking Nuggets and Security Snippets
    I have been writing about cybersecurity technology integration a lot lately.  For example, here’s a blog I posted in May of this year about cybersecurity technology integration trends I see in the market. Yup, I’ve increased my rants on this topic lately but I’ve actually been preaching this message for a number of years.  Cybersecurity technology integration activities remind me of what happened in the 1990s when departmental applications gave way to big ERP systems from Baan, Oracle, and SAP.  This was a difficult transition but organizations that persevered benefited from improved data analytics, real-time decision making, and new types of automated business processes.  CISOs are clearly looking for similar results. To read this article in full or to leave a comment, please click here
  • Cybersecurity Canon and The Florentine Deception

    Network World - Networking Nuggets and Security Snippets
    I first met cybersecurity veteran, Rick Howard, when he joined Palo Alto Networks as Chief Security Officer.  During our discussion, Rick mentioned an idea he was promoting for a cybersecurity canon: A list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and that, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.Rick’s notion of a cybersecurity canon hit home for a few reasons.  I am an avid reader of cybersecurity books and am usually reading or re-reading something.  And whenever someone asked me how they could learn about cybersecurity concepts, I would tell them to eschew text books and begin their education by reading more mainstream works like Cyberwar by Richard Clarke, Fatal System Error by Joseph Menn, Worm by Mark Bowden, and Kingpin by Kevin Poulsen.To read this article in full or to leave a comment, please click here
  • Measuring the Quality of Commercial Threat Intelligence

    Network World - Networking Nuggets and Security Snippets
    In my most recent blog, I described how a recently-published ESG research report on threat intelligence revealed a number of issues around commercial threat intelligence quality (note: I am an ESG employee).  As part of a recent survey of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees), ESG found that:
    72% of enterprise cybersecurity professionals believe that at least half of the information contained in commercial threat intelligence feeds /services is redundant regardless of the source.
    74% of enterprise cybersecurity professionals say that it is extremely difficult or somewhat difficult to determine the quality and efficacy of each individual threat intelligence feed.

    I suggested that large organizations may overcome this problem over time as they deploy threat intelligence consolidation and analysis platforms (TICAPs) based upon open source CRITS, or purchase commercial offerings from vendors like BrightPoint Security, ThreatGRID, and TreatQuotient, or use threat intelligence integration features in SIEM platforms like LogRhythm, QRadar, and Splunk.  Since TICAPs provide correlation tools and common dashboards, SOC personnel and malware analysts will be able to assess which threat intelligence feeds recognizes each threat first, which provide the most details about cyberattacks, which contains the fewest false positives, etc.To read this article in full or to leave a comment, please click here
  • Are There Differences Between Threat Intelligence Feeds?

    Network World - Networking Nuggets and Security Snippets
    While cyber threat intelligence hype is at an all-time high across the industry, many enterprise organizations are actually building internal programs and processes for threat intelligence consumption, analysis, and operationalization. This trend will likely continue. According to ESG research, 27% of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) say that spending on their organizations’ threat intelligence programs will increase significantly over the next 12 to 18 months, while another 45% say that threat intelligence spending will increase somewhat during this timeframe (note: I am an ESG employee). To read this article in full or to leave a comment, please click here
  • Cybersecurity Lessons from W. Edwards Deming

    Network World - Networking Nuggets and Security Snippets
    In 2014, ESG published a research report on network security (note: I am an ESG employee).  Cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify some of their biggest network security challenges.  The data revealed that:
    28% said that their organizations had too many overlapping controls and processes which caused numerous problems.
    27% said that their cybersecurity staff was too busy responding to alerts/events so it does not spend enough time with training, planning, or network security strategy.
    26% said that their organizations’ security policies were too complex and so they can’t be enforced with current security processes or controls.

    There is a common theme here.  Network security challenges are really centered on operations rather than technology.  Given this, I did a bit of research to see whether cybersecurity process issues were similar to other operations problems and if CISOS could learn anything from the groundbreaking work done in the 20th century by business operations guru, W. Edwards Deming, sometimes referred to as the Father of the Quality Evolution in manufacturing.To read this article in full or to leave a comment, please click here
  • Enterprise Objectives for Threat Intelligence Programs

    Network World - Networking Nuggets and Security Snippets
    It wouldn't be a stretch to call 2015 the year of threat intelligence. In February, President Obama signed an executive order at a cybersecurity event held at Stanford University that encourages and promotes threat intelligence sharing between the private sector and federal government. Meanwhile, the U.S. Congress has introduced several threat sharing bills of their own. And at the annual RSA Security Conference in April, threat intelligence was clearly one of the primary topics of discussion among cybersecurity professionals, technology vendors, and government representatives.Yup, there's a lot of jawboning going on about threat intelligence, but it's not just idle industry chatter – large organizations are actively adopting formal threat intelligence programs and consuming threat intelligence feeds. According to a recent ESG research report, 41% of enterprise organizations (i.e. more than 1,000 employees) use 6 to 10 different threat intelligence sources as part of their threat intelligence program, 21% of enterprise organizations) use 11 to 20 different threat intelligence sources as part of their threat intelligence program, and 7% of enterprise organizations use more than 20 different threat intelligence sources as part of their threat intelligence program (note: I am an ESG employee).To read this article in full or to leave a comment, please click here
  • Beware Cybersecurity Charlatanism

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity headlines have a new angle lately.  Aside from discussions about the OPM breach and Chinese cyber-espionage, there are also lots of stories about 52-week high stock prices of cybersecurity darlings like CyberArk, FireEye, Palo Alto Networks, and Splunk.  I’ve also read reports about imminent IPOs and investment firms that created several new cybersecurity ETFs. For those of us old enough to live through the Internet boom (i.e. like yours truly), this all has a familiar ring to it.  And just like the time when on-line pet food companies had multi-billion dollar valuations, the cybersecurity industry is starting to sound a bit like a sock puppet.  In other words, the intersection of cybersecurity and big money has led to the rise of cybersecurity charlatanism. To read this article in full or to leave a comment, please click here
  • Enterprise Threat Intelligence Programs are Immature

    Network World - Networking Nuggets and Security Snippets
    Seems like everyone is talking about threat intelligence these days.  The feds are promoting public/private threat intelligence sharing across the executive and legislative branches while the industry is buzzing about threat intelligence feeds, sharing platforms, and advanced analytics. Lots of talk about threat intelligence but what’s really going on here?  Is all of this talk real or nothing but hot air?  Most importantly, are enterprise organizations on board with threat intelligence or not?I was very curious about threat intelligence myself so I’ve spent the last 6 months or so doing research to answer these very questions.  This effort culminated with the publication of a new ESG research report titled, Threat Intelligence and its Role within Enterprise Cybersecurity Practices (note:  I am an ESG employee).  To read this article in full or to leave a comment, please click here
  • Enterprises Need Advanced Incident Prevention

    Network World - Networking Nuggets and Security Snippets
    Given the booming state of the cybersecurity market, industry rhetoric is at an all-time high. One of the more nonsensical infosec banalities goes something like this:  Cybersecurity has always been anchored by incident prevention technologies like AV software, firewalls, and IDS/IPS systems, but sophisticated cyber-adversaries have become extremely adept at circumventing status quo security controls. Therefore, organizations should give up on prevention and focus all their attention on incident detection and response.Now, I certainly get the logic of this platitude. Yes, the bad guys do know how to get around our defenses and organizations should in fact improve their detection and response capabilities. But abandon or minimize incident prevention? Poppycock! To read this article in full or to leave a comment, please click here

Market Place