Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Anticipating Black Hat

    Network World - Networking Nuggets and Security Snippets
    I was at CiscoLive a few weeks ago in the 100 degree+ heat of Las Vegas and like other cybersecurity professionals I am off to Sin City again next week for Black Hat.Now Black Hat has become a technically-focused little brother of the RSA Security Conference, chock full of cybersecurity geeks at the beginning of the week and forensic investigators, researchers, analysts, and hackers as Black Hat turns to Defcon.  Given this focus, I’m looking forward to hearing about a number of things including:1.      Anti-ransomware fact and hyperbole.  Last December, I predicted a rise in ransomware in my blog, even going so far to talk about enterprise ransomware that impacted multiple systems on the network simultaneously.  Unfortunately, I was right about this one as ransomware has become a cybersecurity scourge of 2016.  Nasty stuff and once you’re hit, there is little you can do except replace the hard drive, reimage systems and hope you’ve done a recent full backup.  Alternatively, you can pony up a bunch of rubles to Vladimir in Odessa.  Nevertheless, there are in fact ways to prevent ransomware before it bricks your system.  New types of algorithms can scan files before execution and finger ransomware.  Virtual sandboxes can execute malware without impacting system resources.  You can also condition your employees to ignore social engineering scams using tools like PhishMe and Wombat Security.  Anyway, I expect everyone to be talking about ransomware and am anxious to learn the latest about threats, countermeasures and industry rhetoric.   To read this article in full or to leave a comment, please click here
  • Russian DNC hack – A cybersecurity microcosm

    Network World - Networking Nuggets and Security Snippets
    According to ESG research, 31 percent of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe the threat landscape is much worse today than it was two years ago. While another 36 percent say the threat landscape is somewhat worse today than it was two years ago.Why the cynicism? Look no further than the Russian hack of the DNC as this particular data breach is a microcosm of cybersecurity at large. This one incident illustrates a few important points:
    All data is at risk. Way back when, state-sponsored cyber attacks were government-on-government affairs, typically focused on military and intelligence.  The cyber theft of design documents for the F-22 and F-35 are perfect examples here. Unfortunately, state-sponsored attacks have gone beyond spooks and soldiers. China went after The New York Times, North Korea breached Sony Pictures, and Russia blew the lid off the DNC. When matched against sophisticated state-sponsored actors, pedestrian cybersecurity defenders are simply fighting out of their weight class.
    The list of adversaries continues to grow. Beyond China, North Korea and Russia, it’s fair to add Iran, the Syrian Electronic Army, and dozens of other countries investing in offensive cyber operations. There are also plenty of private hackers with good enough skills to do extensive damages. Remember Anonymous and Lulzsec? There are plenty of loosely organized individuals and groups capable of collaborating on devastating attacks for the right political cause or price tag.
    Good guys are underprepared. Based upon my intelligence, it certainly appears like the DNC wasn’t nearly as well defended as it should have been. I’m not sure if this was because of neglect, miscalculations or hubris, but suffice it to say that this was the case. Yes, this was a mistake, but the DNC is far from alone. In spite of all the data breaches we’ve seen over the past few years, I estimate that half of all organizations have inadequate defenses and cybersecurity skills to counteract today’s threats. Oh, and let’s not forget the global cybersecurity skills shortage. Want to hire skilled cybersecurity professionals to bolster your defenses? Good luck, so do a lot of others.

    Just yesterday, President Obama warned of a "revolution" of computer-generated threats to the U.S. and issued an executive directive to outline a response plan. Good effort, but not nearly enough. In truth, we as a nation are extremely vulnerable and the DNC hack may be just the beginning. To read this article in full or to leave a comment, please click here
  • Cybersecurity: A vertical industry application?

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity has always been a horizontal technology practice that’s roughly the same across all industry sectors. Yes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS/IPS, threat management gateways and antivirus software regardless.Generic security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application. These drivers include:
    Increasing business focus on cybersecurity. While it sounds like industry hype, cybersecurity has actually become a boardroom issue and corporate boards understand industry-specific risks much better than technology gibberish about malware and exploits. To accommodate these corporate executives, CISOs will need communications skills, as well as tools and technologies that help translate cybersecurity data into meaningful industry and corporate risk intelligence that can drive investment and decision making. Security intelligence vendors like BitSight and SecurityScorecard are already exploiting this need, offering industry-centric cybersecurity metrics for business use.
    CISO progression. The present generation of CISOs grew up through the ranks of IT and security with career development responsibilities such as network operations and firewall administration. Yes, the next generation of CISOs will still need some technology chops, but this role is moving closer and closer to business management. In fact, the best CISOs understand industry business processes, regulations and risk above and beyond technology.  Business-centric CISO resumes are a “nice-to-have” today but will evolve into a true requirement over the next few years. In the near future, cybersecurity executives will build their careers as financial services CISO, healthcare CISO or public sector CISO rather than vanilla CISO.
    Advancing regulations. While there are already a lot of industry regulations, such as FISMA, HIPAA/HITECH and NERC, additional industry regulations are bound to occur. This will happen quite quickly if a major data breach disrupts operations in a particular industry.   
    Industry-focused threats. Targeted threats can generally be traced back to cyber adversaries that specialize on a particular industry in a particular geography. This makes sense: Attacking a U.S. bank demands language skills and business process and regulatory knowledge that isn’t applicable for attacking banks in France or Germany.  These industry-centric threats are precisely why we have specific industry Information Sharing and Analysis Centers (ISACs). Cybersecurity professionals are often encouraged to “think like the enemy.” Increasingly, this demands industry-specific business and IT knowledge—not just a broad understanding of cyber adversary tactics, techniques and procedures (TTPs).
    IoT. This is the big Papi of change agents for cybersecurity, as industry IoT applications will radically alter business processes, technology elements and threats. And while we’ve created an uber technology category called IoT, the fact remains that IoT healthcare applications will be vastly different than those designed for energy, manufacturing, retail or transportation. As an example, think about the specific industry, business process and technology knowledge you would need to prevent, detect or remediate a Stuxnet-like attack. 

    As I previously mentioned, there will always be a need for horizontal security technologies, but CISOs will increasingly judge these technologies based upon two criteria: 1) best-of-breed security efficacy and 2) how well these point tools can be integrated into enterprise solutions that encompass vertical industry-specific requirements.To read this article in full or to leave a comment, please click here
  • Crypto: Nominated to the Cybersecurity Canon

    Network World - Networking Nuggets and Security Snippets
    If you are a cybersecurity professional or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. What is a canon? There are lots of definitions, but the one that applies here is “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is:
    “To identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”To read this article in full or to leave a comment, please click here
  • Cybersecurity highlights from Cisco Live

    Network World - Networking Nuggets and Security Snippets
    Cisco is wrapping up its annual Cisco Live customer event. This year’s proceedings took over Las Vegas, occupying the Bellagio, Luxor, Mandalay Bay and MGM Grand hotel. At least for this week, Cisco was bigger in Vegas than Wayne Newton, Steve Wynn and even Carrot Top.
    While digital transformation served as the main theme at Cisco Live, cybersecurity had a strong supporting role throughout the event. For example, of all of the technology and business initiatives at Cisco, CEO Chuck Robbins highlighted cybersecurity in his keynote presentation by bringing the GM of Cisco’s cybersecurity business unit, David Goeckeler, on stage to describe his division’s progress. To read this article in full or to leave a comment, please click here
  • Operationalizing Threat Intelligence

    Network World - Networking Nuggets and Security Snippets
    In 2015, I conducted some in-depth research around enterprise organizations’ consumption, use, and sharing of threat intelligence.  Time and time again, I heard cybersecurity professionals proclaim that their organizations had to do a better job “operationalizing” threat intelligence. Hmm, sounds like a worthwhile security management goal if I’ve ever heard one but what exactly does this mean?  Some ESG research may be helpful here (note: I am an ESG analyst).  ESG surveyed 304 IT and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them to identify their organization’s top threat intelligence challenges.  The data reveals that:To read this article in full or to leave a comment, please click here
  • A FireEye Chat with Kevin Mandia

    Network World - Networking Nuggets and Security Snippets
    In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO.  My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others.  Here are a few highlights:On FireEye’s direction:  In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye.  Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well.  This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation.  To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis.  The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here
  • Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)

    Network World - Networking Nuggets and Security Snippets
    Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP).  As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits.  I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste.  In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here
  • Quick Take: Symantec Buys Blue Coat

    Network World - Networking Nuggets and Security Snippets
    When former CEO Mike Brown left Symantec in April of this year, I wrote a blog about what I would do if I were recruited as Mike’s replacement.  While one of my suggestions was for Symantec to resume M&A activities, I was really thinking about a strategy for filling in product gaps – perhaps Symantec could pick up LogRhythm to add a leading SIEM to its portfolio, or grab Carbon Black for endpoint security analytics and forensics.Hmm, I never even contemplated a big-time merger, so I was as surprised as anyone when Symantec announced its plan to acquire Blue Coat.  I’ve had a few hours to digest this news and will certainly learn more in the days to come.  Nevertheless, as an industry analyst, I can’t help but voice my early opinion on this deal.To read this article in full or to leave a comment, please click here
  • Endpoint detection and response: What’s important?

    Network World - Networking Nuggets and Security Snippets
    My colleagues Doug Cahill, Kyle Prigmore and I recently completed a research project on next-generation endpoint security. We determined that there are actually two distinct product categories within next-generation endpoint security: advanced prevention and advanced detection and response (EDR). While most firms seem to be gravitating toward advanced prevention, massive enterprise organizations tend to move in the opposite direction by evaluating, testing and deploying EDR products. Why? These organizations have large cybersecurity teams with lots of experience, so they are willing to dedicate resources toward more complex projects.Furthermore, many of these enterprise organizations are already investing in security analytics by collecting, processing and analyzing data from numerous disparate sources (i.e., network forensics, events/logs, threat intelligence, etc.). Endpoint forensic data is a natural extension of these cybersecurity analytics efforts. To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place