Corporate Partners

Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Sony Baloney

    Network World - Networking Nuggets and Security Snippets
    As an information security analyst, I’ve been following the cyberattack details at Sony Pictures for some time now, just as I followed other events (i.e. Home Depot, JP Morgan Chase, Staples, UPS, etc.) earlier this year.Yup, each of these events received its fair share of publicity, but nowhere near the amount of press that Sony is getting. Maybe it’s the Hollywood angle, maybe it’s the intrigue of geopolitical tensions between the U.S. and North Korea, or maybe it’s the general impression that this hack is juxtaposed to our first amendment rights. Whatever the reason, it’s big. I participated in a webinar yesterday with security guru Bruce Schneier (CTO of Co3), focused on security predictions for 2015. The Sony Pictures cyberattack dominated the conversation, and we both agreed that we could have discussed it for hours more. To read this article in full or to leave a comment, please click here
  • NAC Renaissance

    Network World - Networking Nuggets and Security Snippets
    Remember NAC? Cisco first introduced the concept of Network Admission Control back around 2004. Back then, NAC’s primary role was checking the security status of PCs before granting them access to the network. This type of functionality was really in response to a wave of Internet worms in the early 2000s that were infecting and clogging up corporate networks.NAC became an instant network security fad that everyone wanted a part of. Microsoft introduced a competing initiative called Network Access Protection (NAP) for its “Longhorn” operating system (Vista) followed by a wave of long-lost startups like ConSentry Networks, Lockdown Networks, Mirage Networks, and Vernier. Heck, NAC was even highlighted at the RSA Conference during this timeframe.To read this article in full or to leave a comment, please click here
  • Cisco Acquires Neohapsis: A Sign of the Times

    Network World - Networking Nuggets and Security Snippets
    Yesterday, Cisco Systems announced the acquisition of Neohapsis, a Chicago-based security consulting and services firm.  Now Cisco’s forte is in moving bits from source to destination and inspecting packets to enforce security rules and policies.  So why is an equipment manufacturer buying a cybersecurity body shop?  Several reasons:
    Security skills are in short supply.  ESG research indicates that 25% of organizations have a problematic shortage of IT security skills and this isn’t likely to change anytime soon (note:  I am an ESG employee).  Given this, every CISO I speak with is going over their security requirements with a fine-tooth comb and figuring out where they can use external security services to supplement internal skills or offload tasks. 
    Network security is getting more difficult.  Aside from a general lack of security skills, CISOs are also being asked to make security decisions for mobile computing, cloud applications, and software-defined networks.  This is heady and esoteric stuff!  Large organizations need help securing leading-edge technology initiatives sooner rather than later.
    Enterprises are building plans for an integrated infosec architecture.  Large organizations don’t want to buy more one-off threat management point tools from a potpourri of vendors.  Rather, they are in the process of building an integrated security architecture featuring central command-and-control and distributed enforcement, anchored by security intelligence and analytics.  This is a relatively new technology model – more art than science.  CISOs need help in all areas of their planning here:  Design, test, implementation, integration, support, etc. 

    Security services demand was front-and-center in a recent ESG research report on network security.  Enterprise security professionals (i.e. those working at organizations with over 1,000 employees) were asked to identify the types of network security services that would be most helpful for their organizations.  Respondents said that they need help in a multitude of areas:To read this article in full or to leave a comment, please click here
  • Cybersecurity Skills Shortage Panic in 2015?

    Network World - Networking Nuggets and Security Snippets
    As part of its annual IT spending intentions research, ESG asks IT professionals around the world to identify areas where they have a problematic shortage of IT skills.  Over the past three years, information security skills topped this list.  In 2014, 25% of all organizations said they had a problematic shortage of infosec skills (note: I am an ESG employee).So where are information security skills shortages most acute?  When we asked security professionals this question a few years ago, the results show shortages across the board:
    43% of organizations have a problematic shortage of cloud computing and server virtualization security skills
    31% of organizations have a problematic shortage of endpoint security skills
    31% of organizations have a problematic shortage of network security skills
    30% of organizations have a problematic shortage of data security skills
    30% of organizations have a problematic shortage of security analytics/forensic skills

    Now I’ve been one of the louder voices screaming about the cybersecurity skills shortage for a while but thankfully I’m not alone.  In November, a special Parliamentary Select Committee in the United Kingdom’s House of Lords reported a global shortage of ” no less than two million cybersecurity professionals” by the year 2017.  In 2013, a Government Accountability Office (GAO) report stated that the DHS’s National Protection and Programs Directorate’s Office of Cybersecurity and Communications had a vacancy rate of 22%.  Similar data is coming from other geographic areas as well.To read this article in full or to leave a comment, please click here
  • CISOs Should Become Proactive and Influential in SDN Planning, Deployment, and Strategy

    Network World - Networking Nuggets and Security Snippets
    In 2014, SDN gained a lot of momentum and many organizations are already piloting SDN or planning deployment projects for next year.  Good news for network security as SDN holds a lot of promise for improving the role of the network with incident prevention, detection, and response.So who controls SDN infrastructure decisions and who gets input into these decisions?  ESG looked into this question by surveying organizations already deploying SDN.  According to ESG research (note:  I am an ESG employee):
    41% of organizations say that the networking team owns SDN infrastructure decisions with no input from any other functional IT groups including infosec.
    35% of organizations say that the networking team owns SDN infrastructure decisions but sought out some input from other functional IT groups including infosec.
    17% of organizations say that the networking team owns SDN infrastructure decisions but sought out a lot of input from other functional IT groups including infosec.
    7% of organizations say that SDN infrastructure decisions are owned by a cross-functional IT team including networking and infosec. 

    SDN is an innovative networking technology that will greatly impact core switching and routing functions so it’s understandable why networking owns technology decisions.  That said, SDN could have an equally important influence on the future of network security.  Kind of makes you wonder why 41% of organizations consider SDN a networking monopoly -- this makes no sense to me.To read this article in full or to leave a comment, please click here
  • Cybersecurity Recommendation: Don't Poke the Bear

    Network World - Networking Nuggets and Security Snippets
    The website Urban Dictionary defines the expression “don’t poke the bear” as follows:
    A phrase of warning used to prevent oneself or others from asking or doing something that might provoke a negative response from someone or something else. 
    In literal terms, if you poke a bear for fun it may respond by mauling you. Within cybersecurity, however, “don’t poke the bear” is also a useful rule of thumb. If you antagonize a skilled cyber-adversary, you may quickly find that your organization has been hacked, your website defaced, and your sensitive data stolen. Oh, and if any of these things occur, they will likely result in weeks of unflattering news stories broadcast across the media.To read this article in full or to leave a comment, please click here
  • SDN Networking Followed by SDN Security

    Network World - Networking Nuggets and Security Snippets
    Earlier this year, ESG published a research report titled, Network Security Trends In the Era of Cloud and Mobile Computing (note: I am an ESG employee). As part of this report, ESG surveyed 321 security professionals working at enterprise organizations (i.e. more than 1,000 employees) about their networking and network security strategies. It turns out that SDN is front-and-center. When asked if their organizations were deploying or planning to deploy SDN technology, 22% said that SDN was already deployed to some extent, 39% were currently testing SDN technology, 23% were planning to deploy SDN within the next 24 months, and 12% had no plans but were interested in deploying SDN in the future.To read this article in full or to leave a comment, please click here
  • Confusion Persists around Cyber Threat Intelligence for Enterprise Organizations

    Network World - Networking Nuggets and Security Snippets
    Over the last few months, I’ve talked to a number of CISOs and security analytics professionals about threat intelligence, as I’m about to dig into this topic with some primary research. One of the things I’ve learned is that large enterprises are consuming lots of open source and commercial threat intelligence feeds. In some cases, these feeds are discrete services from vendors like iSight Partners, Norse, or Vorstack. Alternatively, they also purchase threat intelligence along with products from security vendors like Blue Coat, Check Point, Cisco, FireEye, Fortinet, IBM, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot and a cast of a thousand others. To read this article in full or to leave a comment, please click here
  • Time to Address Basic Organizational Issues that Impact IT Security

    Network World - Networking Nuggets and Security Snippets
    In the past, cybersecurity was thought of as an IT problem where CISOs were given meager budgets and told to handle IT security with basic technical safeguards and a small staff of security administrators.  Fast forward to 2014 and things have certainly changed now that business mucky-mucks read about data breaches in the Wall Street Journal on a daily basis. CEOs and corporate boards are now struggling to understand cyber risk and gain greater oversight of infosec strategies.  They are also willingly increasing IT security budgets.  According to ESG research, 62% of organizations planned to increase information security spending in 2014 and it’s likely that even more will do so next year (note: I am an ESG employee).To read this article in full or to leave a comment, please click here
  • Book Report: Tubes: A Journey to the Center of the Internet

    Network World - Networking Nuggets and Security Snippets
    Okay, I admit that I’m a geek and have read numerous books on the history of IT and the Internet.  Katie Hafner’s, Where Wizards Stay up Late, The Origins of the Internet, is a particular favorite of mine. Along these lines, I just finished a book called, Tubes. A Journey to the Center of the Internet, by Andrew Blum, a Wired Magazine correspondent.  Now Tubes does provide a bit of Internet history around the Arpanet project, BBN, the Interface Message Processor (IMP), and the original Internet node at UCLA but it takes the story in a different direction.  Tubes goes on to look at the physical stuff like routers, cables, buildings, spinning disk drives, etc. – where they are, how they got there, who built them, and who manages them.To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place