Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • If I were the next CEO of Symantec – Redux

    Network World - Networking Nuggets and Security Snippets
    I just read a Bloomberg article proclaiming that Symantec cut its quarterly revenue forecast and announcing that CEO Michael Brown will step down. Unfortunately for Symantec, the company has had a revolving door of chief executives—four different individuals since 2008, and now onward to a fifth.When Symantec went through a similar CEO transition in 2014, I posted a blog to suggest what I would do as its next CEO, but surprisingly my phone never rang.  Nevertheless, I reviewed my two-year-old recommendations this morning and many of Symantec’s issues back then still need fixing. Given this, allow me to review and update my CEO action plan for Symantec:To read this article in full or to leave a comment, please click here
  • Cybersecurity Salary Inflation – A Red Flag

    Network World - Networking Nuggets and Security Snippets
    If you follow my blog at all you know that I am quite passionate about the cybersecurity skills shortage and its ramifications.  Just to put this issue in perspective, ESG research indicates that 46% of organizations claim they have a “problematic shortage” of cybersecurity skills in 2016 as compared to 28% in 2015 (note: I am an ESG employee). Yup, the ESG research seems to indicate that things are getting worse on an annual basis, and ESG isn’t alone in this belief.  For example:
    According to Peninsula Press (a project of the Stanford University Journalism Program), more than 209,000 US-based cybersecurity jobs remained unfilled and postings are up 74% over the past 5 years.
    Analysis of the US Bureau of Labor Statistics indicates that the demand for cybersecurity professionals is expected to grow 53% by 2018.

    Adding to this trend, Computerworld research indicates that more than half of security managers expect their organizations to increase cybersecurity headcount this year adding more pressure to the pot. To read this article in full or to leave a comment, please click here
  • AV software: “I’m not quite dead yet”

    Network World - Networking Nuggets and Security Snippets
    If you are a cybersecurity professional, you’ve probably read the quote, “AV is dead” hundreds or even thousands of times. The thought here is that antivirus software is no longer effective at blocking modern exploits and malware, thus its useful lifespan is effectively over. Now, when any technology is declared “dead,” it is usually an industry analyst (like me) who makes this type of provocative statement. I remember the analyst declaration “mainframe is dead” from the early 1990s and the more recent refrain portending the death of the PC. In this case, however, many people attribute the “AV is dead” soundbite to a former Symantec VP quote in the Wall Street Journal, which seems to give it more credibility. After all, if Symantec, the market leader, thinks AV is dead, then it sure as heck must be.To read this article in full or to leave a comment, please click here
  • Learning about SDP via Google BeyondCorp

    Network World - Networking Nuggets and Security Snippets
    I’ve been following Google’s BeyondCorp project for a while.  In fact, I was recently quoted in a Wall Street Journal blog on this topic. If you are not familiar with BeyondCorp, it is Google’s spin on what’s become known as a software-defined perimeter (SDP).  SDP, also called a “black cloud” originated at the Defense Information Systems Agency (DISA) and is now being driven by the Cloud Security Alliance (CSA).  To read this article in full or to leave a comment, please click here
  • Cloud Security Challenges

    Network World - Networking Nuggets and Security Snippets
    Large organizations are embracing public and private cloud computing at a rapid pace. According to ESG research, one-third of organizations have been using public and private cloud infrastructure for more than three years, and more than half of organizations (57%) have production workloads running on cloud computing infrastructure (note: I am an ESG employee).Of course, cloud computing is very different than physical or virtual servers, which translates into a different cybersecurity model as well. And these differences lead to a variety of security challenges. ESG recently surveyed 303 cybersecurity and IT professionals working at enterprise organizations (i.e. more than 1,000 employees) and posed a series of questions about cloud computing and cloud security. When asked to identify their top challenges with cloud security:To read this article in full or to leave a comment, please click here
  • Data and Identity: Two New Security Perimeters

    Network World - Networking Nuggets and Security Snippets
    CISOs tend to spend the bulk of their cybersecurity technology budgets on endpoint, server, and network security controls.  Okay, this makes sense from a historical perspective but these IT assets are in a state of flux today.  Endpoints are often mobile devices rather than Windows PCs while servers are virtual or cloud-based workloads.  Meanwhile, networks are also moving to a virtual model composed of public and private network segments.It’s clear that organizations embracing new cloud and mobile infrastructure have less control of some IT assets than they did in the past.  What does this mean for security?  One CISO I spoke with a while ago gave me a very succinct answer to this question: “As I lose control over IT infrastructure, I better make sure I have tight control over two other areas – sensitive data and user identity.”  In this security executive’s mind, data security and identity and access management (IAM) are rapidly becoming new security perimeters.To read this article in full or to leave a comment, please click here
  • Cybersecurity as a Business Issue

    Network World - Networking Nuggets and Security Snippets
    It’s become a cliché in the industry to say that cybersecurity has become a board room-level issue but what evidence do we have to support this claim?  Well, here are a few tidbits from some recent ESG research that certainly lend credibility to the business-driven cybersecurity thesis (note: I am an ESG employee):
    When asked to identify business initiatives that are driving IT spending, 43% of respondents said, “increasing cybersecurity.”  This was the top business initiative selected followed by “reducing costs” (38%), “improving data analytics for real-time business intelligence” (32%), and “ensuring regulatory compliance” (27%).
    On a similar vein, survey respondents were asked to identify the most important IT “meta-trend” to their organization.  Forty-two percent of respondents selected, “increasing cybersecurity.”  The next most popular response, “using data analytics for real-time business intelligence,” came in at 17%.
    69% of organizations are increasing their spending on cybersecurity in 2016.  These budget increases are being approved by business managers who are now willing to spend more money to improve cybersecurity at their organizations. 

    As if the ESG data wasn’t enough, we also know that cyber-insurance policies grew by about 35% last year.  So aside from increasing cybersecurity budgets, business executives are hedging their bets by transferring risk to third-parties.To read this article in full or to leave a comment, please click here
  • The Endpoint Security Continuum (Part 2)

    Network World - Networking Nuggets and Security Snippets
    Way back at the beginning of February, I wrote a blog titled, The Endpoint Security Continuum.  In this blog I described how enterprise organizations were now deploying next-generation endpoint security solutions along a continuum flanked by two poles:  Advanced prevention at one end and advanced detection and response at the other.  I actually presented some research describing next-generation endpoint security a few weeks ago at this year’s RSA Security Conference (note: Send me an email if you want a copy of my slides). To read this article in full or to leave a comment, please click here
  • Cybersecurity Skills Shortage Impact on Cloud Computing

    Network World - Networking Nuggets and Security Snippets
    Look at any industry data and you’ll see a consistent trend – the march toward cloud computing continues to gain momentum.  According to ESG research, 75% of organizations are currently using public cloud services (note: I am an ESG employee).  This is dominated by the use of SaaS today but ESG research reveals that 38% of organizations use IaaS while 33% use PaaS.  The research also indicates that these numbers will continue to increase in the future.Now before you short HP and double-down on AWS, there is also a potential fly in the ointment – the global cybersecurity skills shortage.  ESG research indicates that 46% of organizations say that they have a “problematic shortage” of cybersecurity skills in 2016, up from 28% last year.  ESG also asked survey respondents to identify the area where they have the biggest cybersecurity skills shortage.  Not surprisingly, 33% say that their biggest deficiency was cloud security specialists, followed by 28% who pointed to a deficiency with network security specialists, and 27% who have a shortage of security analysts – pretty scary stuff when you think about cloud security defense along with incident detection and response for cloud-based cyber-threats. To read this article in full or to leave a comment, please click here
  • An Abundance of Incident Response Bottlenecks

    Network World - Networking Nuggets and Security Snippets
    Manual processes represent a major incident response bottleneck at enterprise organizations.  Here are a few alarming data points from some recent ESG research (note: I am an ESG employee):1.       27% of enterprise organizations (i.e. those with more than 1,000 employees) spend at least 50% of their incident response time on manual processes like filling out paper work, finding a particular person, physically viewing multiple security management tools, etc.2.       93% of organizations believe that their incident response efficiency and effectiveness is limited by the time and effort required for manual processes.As if this wasn’t bad enough, IR process issues are exacerbated by a few other challenges:To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place