Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Cybersecurity Startup Gold Rush for Venture Capitalists

    Network World - Networking Nuggets and Security Snippets
    According to PrivCo, a financial data provider on privately-held companies, venture capital firms are poised to push $788 million into early stage cybersecurity startups this year.  This investment amounts to a 74% increase from last year’s $452 million (note:  see this article for more details).
    If you follow cybersecurity trends, it’s easy to understand why VCs fat cats are throwing money around.  For one thing, the threat landscape continues to become increasingly dangerous.  In fact, ESG research indicates that 57% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that the threat landscape is “significantly worse” or “somewhat worse” than it was 2 years ago (note: I am an ESG employee).  So large organizations clearly need help and there are rich rewards waiting for cybersecurity vendors that can come to their aid – after announcing better than expected financial results, Check Point and Fortinet shares are trading at or near a 52-week high.To read this article in full or to leave a comment, please click here
  • BYOA: Bring Your Own Authentication

    Network World - Networking Nuggets and Security Snippets
    Most people who uses IT or Internet application would agree that the current user name/password mode of authentication is cumbersome, ineffective, and obsolete.  According to ESG research, 55% of information security professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that user/name password authentication should be completely eliminated or relegated to non-business critical applications only (note:  I am an ESG employee).Recognizing the foibles of user names and passwords, ESG research indicates that 57% of enterprise organizations use multi-factor authentication technologies.  Unfortunately, multi-factor authentication technology has been too expensive and complex to roll-out across enterprises or offer to on-line consumers.To read this article in full or to leave a comment, please click here
  • Big data security analytics 'plumbing'

    Network World - Networking Nuggets and Security Snippets
    According to ESG research, 44% of enterprise organizations (i.e. those with more than 1,000 employees) consider their security data collection and analysis a “big data” application, while another 44% believe that their security data collection and analysis will become a “big data” application within the next 2 years (note: I am an ESG employee). Furthermore, 86% of enterprises collect “substantially more” or “somewhat more” security data than they did 2 years ago.The ongoing trend is pretty clear – large organizations are collecting, processing, and retaining more and more data for analysis using an assortment of tools and services from vendors like IBM, Lancope, LogRhythm, Raytheon, RSA Security, and Splunk to make the data “actionable” for risk management and incident prevention/detection/response.To read this article in full or to leave a comment, please click here
  • Threat intelligence lifecycle maturation in the enterprise market

    Network World - Networking Nuggets and Security Snippets
    According to ESG research from 2012, 65% of enterprise organizations (i.e. more than 1,000 employees) used external threat intelligence as part of their information security analytics activities (note: I am an ESG employee). The two most popular threat intelligence types were related to vulnerabilities and malware (each is consumed by 63% of organizations that use external threat intelligence).Maybe it’s me, but threat intelligence seems even more relevant today than it was two short years ago. Technology vendors like Blue Coat, Cisco, IBM, Symantec, and Trend Micro emphasize the strength of their threat intelligence and bundle it into product sales. Others like Webroot follow the same path but also invest in threat intelligence as a product and OEM it to other vendors. New firms like BitSight, Norse, RiskIQ and Vorstack have taken threat intelligence in new directions, focusing on industries, threat actors, outside-in use cases and business metrics.To read this article in full or to leave a comment, please click here
  • The CISO-centric Information Security Triad

    Network World - Networking Nuggets and Security Snippets
    What is the information security triad? Just about everyone knows the answer to this question is CIA – Confidentiality, Integrity, and Availability. Security professionals, service providers, and technology vendors are responsible for these three infosec pillars in one way or another.
    CISOs also take part of CIA oversight, but their responsibilities extend beyond confidentiality, integrity, and availability alone. In fact, the CISO role is changing rapidly and becoming so critical that these security executives deserve a cybersecurity triad of their own. The modern CISO triad equates to:
    Security efficacy. In some ways, this requirement supports the status quo as CISOs have always been accountable for cyber defense. So what’s changed? Security efficacy used to be closely associated with risk management – identifying and quantifying risk, and then putting the right controls in place for risk mitigation. While CISOs still own this part of the job, they are increasingly tasked with putting up security fences as well as overseeing top-notch intelligence and emergency response agencies. These responsibilities require a vast improvement in internal and external security intelligence supported by intensification of specialized security analytics skills, which can be difficult to find. Finally, CISOs need to be able to translate geek speak and a cyber-gumshoe lexicon into business metrics.  
    Operational efficiency. In the past, CISOs tended to disregard security operations in favor of a dogmatic focus on security efficacy. This led to a best-of-breed security technology mentality, where organizations purchased the best email security, AV software, firewalls, and IDS/IPSs they could find. While well-intended, this strategy made mighty enterprise organizations dependent upon an army of point tools, manual processes, and a plethora of individual contributors from the IT security organization. This situation is not only an operational nightmare, but it also detracts from security efficacy as modern malware circumvents security defenses and “kill chain” phases are viewed as autonomous events. Modern CISOs hired over the past few years are in charge of supplanting this mess with a mix of coordinated processes, integrated technologies, organizational cooperation, and far more automation.
    Business enablement. Some industry pundits have dumbed down this necessity with statements like: “Information security can no longer get in the way of the business.” That may be true, but it’s overly simplistic and not the point. CISOs are supposed to hold up a stop sign when the organization embarks on initiatives that exacerbate cyber risk, but this assumes that they understand the IT initiatives and business processes involved. Based upon cybersecurity history, this may be a bold supposition. Modern CISOs have to approach business enablement in two distinct ways: 1) Business process expertise, and 2) Cybersecurity services that can support business initiatives. The latter requirement could include a flexible infrastructure for Identity and Access Management (IAM), flexible security services that are extensible to IaaS and SaaS infrastructure, fine-grained network access control policies/enforcement, and strong data security and enterprise Digital Rights Management (eDRM). In aggregate, it’s not about holding back the business; it’s about enabling the business to be creative while constantly managing IT risk.


    A few final observations:To read this article in full or to leave a comment, please click here
  • Board of directors will have a profound impact on cybersecurity

    Network World - Networking Nuggets and Security Snippets
    According to a recent article in the Wall Street Journal, corporate boards are getting much more involved in cybersecurity. What’s driving this behavior? While the Target breach probably influenced this behavior, corporate boards now realize that cybersecurity has become a pervasive risk that could have an adverse impact on all businesses.This is consistent with recent ESG research that found 29% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) said that executive management (and the corporate board) is much more engaged in cybersecurity situational awareness and strategy than it was two years ago, while another 40% stated that executive management (and the corporate board) is somewhat more engaged in cybersecurity situational awareness and strategy than it was two years ago (note: I am an ESG employee).To read this article in full or to leave a comment, please click here
  • Big data security analytics mantra: Collect and analyze everything

    Network World - Networking Nuggets and Security Snippets
    In a recent research survey, ESG asked security professionals to identify the most important type of data for use in malware detection and analysis (note: I am an employee of ESG). The responses were as follows:
    42% of security professionals said, “Firewall logs”
    28% of security professionals said, “IDS/IPS alerts”
    27% of security professionals said. “PC/laptop forensic data”
    23% of security professionals said, “IP packet capture”
    22% of security professionals said, “Server logs”

    I understand this hierarchy from a historical perspective, but I contend that this list is no longer appropriate for several reasons. First of all, it is skewed toward the network perimeter which no longer makes sense in a mobile device/mobile user world. Second, it appears rooted in SIEM technology which was OK a few years ago, but we no longer want security technologies mandating what types of data we can and cannot collect and analyze.To read this article in full or to leave a comment, please click here
  • End users must be part of cybersecurity solutions

    Network World - Networking Nuggets and Security Snippets
    As the old infosec adage goes, “people are the weakest link in the cybersecurity chain.” Clearly, enterprise security professionals agree with this statement. In a recent ESG research survey, enterprise security professionals were asked to identify the factors most responsible for successful malware attacks. It turns out that 58% point to “a lack of user knowledge about cybersecurity risks” – the most popular answer by far (note: I am an employee of ESG).This data is not unusual; security professionals often bemoan end-user cybersecurity behavior. They don’t pay attention in training classes, they click on suspect links, they are easily fooled by social engineering tactics, etc.To read this article in full or to leave a comment, please click here
  • Endpoint security demands organizational changes

    Network World - Networking Nuggets and Security Snippets
    Pity endpoint security software. Venerable antivirus has gotten a bad reputation for being an ineffective commodity product. This situation is illustrated by some recently published ESG research (note: I am an employee of ESG). Security professionals working at enterprise organizations (i.e. more than 1,000 employees) were given a series of statements and asked whether they agreed or disagreed with each. The research revealed that:
    62% of respondents “strongly agreed” or “agreed” with the statement: “Endpoint security software is effective for detecting/blocking older types of malware but is not effective for detecting/blocking zero day and/or polymorphic malware commonly used for targeted attacks today.”
    52% of respondents “strongly agreed” or “agreed” with the statement: “Our continued use of traditional endpoint security software is driven by regulatory compliance requirements for the most part.”
    44% of respondents “strongly agreed” or “agreed” with the statement: “Endpoint security software is a commodity product with little measurable differences between brands.”

    Wow, it’s no wonder why some have declared that endpoint security software is “dead.” Negative opinions like these have put leading security firms like Kaspersky, McAfee, Sophos, Symantec, Trend Micro, and Webroot on the defensive and opened the door for endpoint antimalware upstarts like Bromium, Cisco/Sourcefire, Cylance, Crowdstrike, IBM, Invincea, Malwarebytes, and Triumfant.To read this article in full or to leave a comment, please click here
  • The two cornerstones of next-generation cybersecurity (Part 2)

    Network World - Networking Nuggets and Security Snippets
    In my last blog post, I described a new security mindset to address the lack of control associated with “shadow IT.” As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.To read this article in full or to leave a comment, please click here
CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security for Enterprise

Encrypt data with easy-to-use key management for virtual, private, and public cloud environments with Trend Micro SecureCloud™.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.