Corporate Partners

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Valuable Federal Cybersecurity Training for Critical Infrastructure Organizations

    Network World - Networking Nuggets and Security Snippets
    Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government. In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee).  In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.To read this article in full or to leave a comment, please click here
  • Federal Cybersecurity Carrots and Sticks

    Network World - Networking Nuggets and Security Snippets
    In my last blog, I highlighted a recent ESG research survey of cybersecurity professionals working at critical infrastructure organizations (note: I am an ESG employee). As a review:
    Only 22% of critical infrastructure cybersecurity professionals believe that the U.S. government's cybersecurity strategy is extremely clear and thorough. The vast majority remain confused and/or underwhelmed.
    In spite of this misconception, 83% of cybersecurity professionals working within critical infrastructure industries say that the U.S. government should be more active with cybersecurity strategies and defenses.

    So the infosec crowd wants Uncle Sam to put more skin in the game, but what specific actions should the U.S. government take? Survey respondents were given a list of potential federal cybersecurity actions and asked to select which of these the government should move forward. Here's what they said:To read this article in full or to leave a comment, please click here
  • Cybersecurity, Critical Infrastructure, and the Federal Government

    Network World - Networking Nuggets and Security Snippets
    The term “critical infrastructure” is used by governments around the world to describe industries and physical assets deemed essential to their economies and national security.  Critical infrastructure industries include agriculture, electricity generation, financial services, health care, telecommunications, and government services like law enforcement and the water supply (i.e. drinking water, waste water, dams, etc.).Cybersecurity vulnerabilities within the US critical infrastructure were first recognized during the administration of George H.W. Bush in the early 1990s, and President Clinton first addressed Critical Infrastructure Protection (CIP) with Presidential Decision Directive 63 (PDD-63) in 1998. Soon thereafter, Deputy Defense Secretary John Hamre cautioned the U.S. Congress about CIP by warning of a potential “cyber Pearl Harbor.” Hamre stated that a devastating cyber-attack, “is not going to be against Navy ships sitting in a Navy shipyard. It is going to be against commercial infrastructure.” To read this article in full or to leave a comment, please click here
  • Takeaways from RSA 2015: The stars of the show

    Network World - Networking Nuggets and Security Snippets
    As expected, the 2015 RSA Conference was bigger than ever – more attendees, presentations, exhibitors, etc. Since I live in the cybersecurity space, there were few surprises, but there were a few major highlights to this year's show:
    Visibility. As the old management adage goes, "you can't manage what you can't measure." Cybersecurity professionals are taking this saying to heart with a focus on gaining better visibility of everything on the network at all times. This includes endpoint profiling (ForeScout, Great Bay Software, Promisec, Tanium), endpoint forensics (Carbon Black, Guidance Software, RSA ECAT), and network forensics (Blue Coat/Solera, Click Security, FireEye, WildPackets). In some cases, it's all of the above with tools from IBM, Intel Security, LogRhythm, Splunk, or Symantec. Users are now telling me that they are postponing security technology purchases until they can collect, process, and analyze the right data in real-time in order to accelerate and improve their cybersecurity decisions. In my humble opinion, this is a prudent decision – especially as enterprise organizations increase their use of cloud computing, mobile devices, and IoT.
    Data center security. The data center security buzz really concentrated on cloud/virtual data center security, and this makes sense. Virtual workloads are moving across private and public clouds and this activity is antithetical to traditional network security controls. There is a lot of innovation in this area as well. Cisco is trumpeting the marriage of ACI and network security while VMware NSX gains traction in the market with support from partners like Check Point and Palo Alto Networks. Meanwhile, startups like Illumio and vArmour pitch a software-defined approach for the whole heterogeneous cloud computing enchilada while Tufin had a similar message around network security automation and orchestration. In the meantime, Juniper flexed some hardware muscle by introducing a 2tbps version of its SRX firewall. With all of the software-defined rhetoric, hardware remains important – the winning formula here is bridging the old physical network security with the new virtual security to deliver security efficacy and operational efficiency.
    Two-factor authentication. If the RSA Conference was the Emmy Awards, multi-factor authentication would have been quietly nominated for a best supporting actor award. Why the secondary role? Security veterans remain skeptical after an annual prediction, declaring it "the year of two-factor authentication and PKI." Nevertheless, there is finally a reason to be optimistic. Between the Apple iPhone and FIDO specification, biometrics and two-factor authentication are moving toward commodity status. RSA jumped on this trend with the introduction of its Via identity solutions while a Nok Nok Labs panel (hosted by yours truly) pointed toward a future of identity consumerization. The IT and cybersecurity industries were caught off guard by the tidal wave of mobile device proliferation. These same groups will likely be equally blindsided when new employees want to eschew passwords and use biometrics on their smartphone to log onto corporate applications. 
    Services, services, services. While cybersecurity products (endpoint security, ATP, etc.) grabbed the spotlight at RSA, security services are actually more successful in the market – ESG (and other analysts) believe that organizations are spending $2 on cybersecurity services for every $1 of cybersecurity products they purchase (disclosure: I am an employee at ESG). This trend was evident in many of my RSA meetings. Dell SecureWorks business is growing like a weed. FireEye incident response services have assumed the role of first responder after a breach. HP anchors its cybersecurity business with professional and managed services supplemented with infosec architectures, frameworks, products, and partners. Symantec managed services will act as a foundation for the company as it splits apart. Accuvant is also reaping services benefits along with the traditional big guys like Accenture, E&Y, and PWC. Finally, pure-play managed cybersecurity services vendors like Okta, Ping Identity, Proofpoint and Zscaler probably don't mind playing second-fiddle at RSA since they continue to win in the market. The biggest obstacle to continued cybersecurity services success is the same across all of these players – recruiting, hiring, and training new services employees to keep up with market demand. 
    Diversity. Finally, cybersecurity has finally come out of its geeky shell and attracted an assorted crowd of participants. DHS had its own booth at the show while the State of Maryland crowed about its cybersecurity education and public/private partnership. There was also an area of the show floor dedicated to Israeli cybersecurity innovation, ditto for Germany. 

    Yes, it's nice to see that our little industry has grown up, but let's remember that the RSA Conference popularity is a function of just how dangerous the threat landscape has become. This reality should sober up the industry after its annual RSA party and subsequent hangover.  To read this article in full or to leave a comment, please click here
  • Making Sense of Raytheon and Websense

    Network World - Networking Nuggets and Security Snippets
    I was just getting on my flight to the RSA Security Conference in San Francisco on Monday morning when I received an email announcing an intriguing cybersecurity deal.  Defense contractor Raytheon announced its acquisition of security veteran Websense for approximately $1.6 billion.  Vista Equity Partners, Websense’s previous owner, also contributed $335 million and will retain some skin in the game.When I arrived at the RSA Conference, I asked a number of my contacts with deep federal experience what they thought of the deal.  For the most part, the common response was something like, “every federal integrator has tried to crack the commercial market and everyone has failed.  This won’t be any different.”To read this article in full or to leave a comment, please click here
  • Somber Message at RSA

    Network World - Networking Nuggets and Security Snippets
    As the 2015 RSA Conference got underway this week, I attended a dinner hosted by Pacific Crest Securities.  Our host began the dinner by asking former cyber czar Richard Clarke to say a few words.Now this was a rather festive dinner as the cybersecurity industry is in the midst of a robust boom.  Nevertheless, Clarke’s brief talk was a reminder of where we’ve been and the state of cybersecurity today. I didn’t record Richard’s words but to paraphrase, he said something like the following:A lot of us have been to this show for at least 10 years.  Now if you had asked anyone in this room ten years ago to predict the state of the cybersecurity industry in 2015, I don’t believe that anyone would have dreamed that the industry would be as big as it is today.  So we’ve all had a good ride and made a little bit of money along the way.  To read this article in full or to leave a comment, please click here
  • RSA Conference Should Push For Technology Integration

    Network World - Networking Nuggets and Security Snippets
    Just a few days until the start of the RSA Conference and I expect an even bigger event than last year – more presentations, vendors, cocktail parties, etc.  The conference will likely focus on security technologies like endpoint security, cloud, security, threat intelligence, IAM, and others which I described in a recent blog. While these individual technologies will own the spotlight, there is another pervasive security technology trend (and enterprise security requirement) that will be far less visible – technology integration. To be clear, large organizations are certainly in the market for more effective security technology solutions in a number of areas.  For example, ESG research reveals that 51% of organizations plan to add new endpoint security controls as a countermeasure for advanced threats (note: I am an ESG employee).  Nevertheless, these individual tools will have to exchange data, plug into messaging buses, and accept commands from a variety of other security analytics, policy management, and command-and-control systems. To read this article in full or to leave a comment, please click here
  • Threat Intelligence Sharing Momentum and Needs

    Network World - Networking Nuggets and Security Snippets
    Threat intelligence sharing is certainly riding a wave of momentum as we head into the RSA Conference next week.  Over the past 6 months, we’ve seen things like:
    Lots of federal activity.  To consolidate and distribute threat intelligence amongst federal agencies and with the private sector, Washington created the National Cybersecurity and Communications Integration Center (NCCIC) and the Cybersecurity Intelligence and Integration Center (NCIIC).  The feds have also kept busy with President Obama’s executive order and pending legislation in the House and Senate.
    Further adoption of threat intelligence standards.  FS-ISAC took the lead in promoting STIX and TAXII while other vendors like ThreatStream and Vorstack are pushing a similar agenda.  Now the retail ISAC is following this lead by establishing a threat intelligence sharing portal managed by FS-ISAC.  In addition to this industry effort, many enterprises continue to expand their use of Mandiant’s OpenIOC.
    Industry actions.  Security vendors like iSight Partners, Norse, and Webroot offer their threat intelligence to users while others like Fortinet, Intel Security, Palo Alto Networks, and Symantec have established their own sharing group called the Threat Intelligence Alliance.  Others like Facebook and Microsoft have also proposed threat sharing collaboration using their cloud services.

    Yup, threat intelligence is already red hot and the RSA conference will only fan these flames.  This is good news but there are still a few underlying problems here.  Threat intelligence sharing is extremely immature, a lot of enterprise activity is still associated with static information distributed and shared via email, file hashes, and manual processes.  Many firms also struggle with threat intelligence processing, correlation, and analytics, often depending upon homegrown tools in this area.  Finally, security professionals complain that it is still quite difficult to operationalize threat intelligence programs so they can prioritize actions and measure success.To read this article in full or to leave a comment, please click here
  • Anticipating RSA 2015

    Network World - Networking Nuggets and Security Snippets
    The annual security geek-fest known as the RSA Security Conference is just two weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics. As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites, and a constant barrage of hokey themed cocktail parties.As far as "buzz-worthy" topics at RSA 2015, I anticipate the following:
    Advanced threat detection/response. Lots of security vendors have been chasing this rabbit since FireEye's IPO, so I expect a lot of hype at RSA. Rather than discuss discrete technologies like Sandboxing, however, many vendors will pitch an integrated threat detection architecture built upon endpoint forensics, full-packet capture, and static/dynamic malware inspection spanning from on-premise appliances to cloud-based services. Check Point, Click Security, FireEye, Fortinet, Hexis Cyber Solutions, IBM, LogRhythm, Raytheon Cyber Products, and Splunk will likely articulate this type of message. In the past the emphasis was really on detection, but I presume that incident response will have an equal role this year. Given this, I anticipate buzz around the Forum for Incident Response and Security Teams (FIRST) as well as vendors like FireEye/Mandiant and Resilient Systems. 
    Threat intelligence. Between President Obama's executive order and the chatter on Capitol Hill, threat intelligence is garnering quite a few headlines these days, so the momentum will continue at RSA. I expect these discussions to include threat intelligence standards (i.e. CybOX, OpenIOC, STIX/TAXII), threat sharing (ISACs, legislation, etc.), threat intelligence consortiums (i.e. Cyber Threat Alliance.) threat intelligence feeds/services (Arbor Networks, Dell SecureWorks, iSight Partners, Norse, ThreatMetrix, Verisign, Webroot), and threat intelligence correlation/analysis platforms (CRITs, IBM, Symantec, Vorstack, etc.).
    Endpoint security. According to ESG research, 58% of enterprise organizations would prefer an integrated endpoint security suite that covers incident prevention, detection, and response (note: I am an ESG analyst). From a market perspective, every vendor wants a piece of the action, including the AV crowd (Kaspersky, McAfee, Symantec, Trend, etc.) and startups (Bit9, Confer Crowdstrike, and Cylance). Others like Cisco, FireEye, IBM, Palo Alto, and RSA plan to approach the endpoint from other high ground in the security market, while Bromium, Invincea, and Spikes will center their discussions on that insecure piece of software known as a browser. 
    Cloud and SDN security. While these two areas are quite different, I am putting them together here as products in each category are built for automation, virtualization, and orchestration. Cloud and SDN security is also all about extending security controls and monitoring to new types of virtual technologies. Cisco will trumpet SDN, Tufin will crow about network security automation, and Evident io, HyTrust, ThreatConnect, and vArmour will yack about new requirements for hybrid data center security.
    Identity and Access Management. In my humble opinion, IAM is increasingly important for security but doesn't get nearly the attention it should. I am sure that FIDO Alliance supporters like ARM, PayPal, and Nok Nok Labs will want to elevate these IAM discussions. Microsoft is also ready to advance IAM thought leadership by spreading the word about Azure Active Directory. 

    While security products always grab center stage at RSA, I hope there is ample discussion about security services as well. Mid-market and small enterprise organizations that can't keep up with cybersecurity requirements on their own are flocking to service providers en masse so services should get more air play. To read this article in full or to leave a comment, please click here
  • Could SDN Revolutionize Network Security?

    Network World - Networking Nuggets and Security Snippets
    Network security grows more and more difficult all the time. According to recent ESG research, 79% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that network security is more difficult than it was two years ago (note: I am an ESG employee). Why? Threats are getting more targeted, voluminous, and sophisticated while networks grow more complex with the addition of more users, devices, traffic, etc.Yup, traditional network security technologies can’t keep up with all of the internal and external changes happening simultaneously, but there may be help on the horizon – Software-defined Networking (SDN). To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place