Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • The 6 phases of adopting cloud security practices

    Network World - Networking Nuggets and Security Snippets
    My colleague Doug Cahill and I have been following the development of cloud security for the past few years. What we’ve noticed is that many organizations tend to track through a pattern of actions as their organization embraces public cloud computing. The sequence goes through the following order:1. The pushback phase. During this period, CISOs resist cloud computing, claiming that workloads won’t be adequately protected in the public cloud. This behavior may still occur for late-comers or very conservative firms, but the cloud computing ship has definitely sailed at most large enterprises. In other words, CISOs aren’t given an out clause, rather they must figure out how to secure cloud-based workloads whether they like it or not.To read this article in full or to leave a comment, please click here
  • Security Operations Spending and ROI

    Network World - Networking Nuggets and Security Snippets
    ESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations.  Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills.  These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches.  Just ask Equifax.The data indicates that organizations know they have problems and are willing to address them.  For example, 33% say that their spending on security operations will increase significantly while another 49% indicate that their security operations spending will increase somewhat.To read this article in full or to leave a comment, please click here
  • Cybersecurity pros reveal what they think about their organizations

    Network World - Networking Nuggets and Security Snippets
    Security has become a boardroom issue, but many organizations face challenges when trying to address cybersecurity concerns, according to a new ESG research report titled Cybersecurity Analytics and Operations in Transition. The report is based on a survey of 412 cybersecurity and IT professionals directly involved in their organizations' security operations processes.As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.To read this article in full or to leave a comment, please click here
  • Vectra Networks: SOAPA is having a positive impact on cybersecurity

    Network World - Networking Nuggets and Security Snippets
    ESG’s security operations and analytics platform architecture (SOAPA) is catching on in the industry, but the goal here goes beyond ESG. An open, flexible, event-driven, security software architecture could help improve security efficacy and operational efficiency, thus benefitting large organizations and all of our data.Just this week, old friend and vice president of marketing at Vectra Networks, Mike Banic, stopped by to discuss SOAPA and its impact on cybersecurity. Some of the points Mike made:To read this article in full or to leave a comment, please click here
  • VMware advances application security with AppDefense

    Network World - Networking Nuggets and Security Snippets
    This week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior and then provide a series of least privilege controls for applications and options for security incident remediation.Now, in some respects, AppDefense is a lot like application whitelisting/blacklisting, which can be very effective for limiting the attack surface, but the historical problem with application controls is operational overhead. If you want to implement whitelisting, you have to know what workloads are running and what they are allowed to do, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior. To read this article in full or to leave a comment, please click here
  • Companies face legion of security operations challenges

    Network World - Networking Nuggets and Security Snippets
    After a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals identified some of the biggest security analytics and operations challenges. Some of the survey results:
    30% of respondents say their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
    27% of respondents say their biggest cybersecurity operations challenge is that the SOC team spends most of its time on high-priority/emergency issues and not enough time on strategy and process improvement. Imagine the work environment at these organizations — constant firefighting, high stress, employee burnout, and staff attrition. This alarming situation is not exactly a recipe for success.
    23% of respondents say their biggest cybersecurity operations challenge is that it takes too long to remediate security incidents. Many of these firms have too many manual processes or a rocky relationship between security and IT operations teams. Either way, lengthy remediation cycles leave organizations at risk. 
    21% of respondents say their biggest cybersecurity operations challenge is that their organization does not have the tools and processes in place to operationalize threat intelligence, making it difficult to compare on-premises security issues with what’s happening “in the wild.” Operationalizing threat intelligence remains a difficult task, requiring advanced skills and the right tools. This is one reason why threat intelligence platforms (TIPs) and managed services are gaining traction.
    21% of respondents say their biggest cybersecurity operations challenge is that their organization doesn’t have the appropriate skills or staff size to keep up with all the tasks associated with security analytics and operations. Ah, the global cybersecurity skills shortage rears its ugly head yet again. Little wonder then why security services revenue is growing twice as fast as security product revenue.
    21% of respondents say their biggest cybersecurity operations challenge is that their organization has added new network hosts, applications and/or users, so it is difficult for the cybersecurity team to keep up with the scale of IT infrastructure. In this case, IT and cybersecurity priorities remain out of sync. Here’s one of Oltsik’s laws: When you ask the cybersecurity staff to play catch up, it never, ever actually catches up.
    21% of respondents say their biggest cybersecurity operations challenge is that security alerts don't provide enough context or fidelity, so it’s difficult to know what to do with them. This is one reason why the industry is gaga over automation/orchestration tools, as they can help combine, enrich and contextualize the increasing flood of prosaic security alerts.

    As the ESG research indicates, when it comes to cybersecurity operations, many organizations suffer from "death by a thousand cuts" syndrome with multiple issues across people, processes and technologies. Given that, CISOs should think in terms of three-year strategic security operations planning rather than adding the latest next-generation security tool and only exacerbating operational inefficiencies. To read this article in full or to leave a comment, please click here
  • What is an enterprise-class cybersecurity vendor?

    Network World - Networking Nuggets and Security Snippets
    Earlier this week, I wrote a post about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec and McAfee top the list. This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of ESG's research survey, it asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:To read this article in full or to leave a comment, please click here
  • Security pros choose their top enterprise-class cybersecurity vendors

    Network World - Networking Nuggets and Security Snippets
    Based upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:1. Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.2. Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.To read this article in full or to leave a comment, please click here
  • How to address the cybersecurity analytics and operations skills shortage

    Network World - Networking Nuggets and Security Snippets
    If you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news — things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year: 45% of organizations say they have a problematic shortage of cybersecurity skills.These numbers point to an overall dearth of talent, but the cybersecurity skills shortage is especially pronounced in cybersecurity analytics and operations. For example:
    According to 2016 research conducted by ESG and the Information Systems Security Association (ISSA), 33% of respondents said their biggest shortage of cybersecurity skills was in security analysis and investigations. Security analysis and investigations represented the highest shortage of all security skill sets.
    Recent ESG research reveals that 54% of survey respondents believe their cybersecurity analytics and operations skill levels are inappropriate, while 57% of survey respondents believe their cybersecurity analytics and operations staff size is inappropriate. 

    The ramifications of skills and staff deficiencies are also apparent in the research. Cybersecurity operations staffs are particularly weak at things such as threat hunting, assessing and prioritizing security alerts, computer forensics, and tracking the lifecycle of security incidents.To read this article in full or to leave a comment, please click here
  • How to improve security analytics and operations

    Network World - Networking Nuggets and Security Snippets
    Security budgets are up in 2017, and in many cases, dollars are earmarked for enhancing security operations. According to recent ESG research, 81% of cybersecurity professionals agree that improving security analytics and operations is a high priority at their organizations.So, what exactly needs improving? The research also provides visibility into where things are lacking. For example:
    72% of survey respondents strongly agree or agree with the statement: My organization’s security analytics and operations are anchored by a few key individuals. Of course, these individuals are in high demand and could easily increase their compensation by 20% or so elsewhere. CISOs must do all they can to retain these key individuals with financial, educational, career building and lifestyle incentives.
    64% of survey respondents strongly agree or agree with the statement: It is difficult to keep up with security analytics and operations due to the number of new IT initiatives in progress. In these instances, the security team is asked to “bolt on” security once new IT initiatives are ready for production. Alleviating this issue really depends upon security teams getting more involved in the business itself. 
    63% of survey respondents strongly agree or agree with the statement: Security analytics and operations processes are not as formal as they should be. In this case, key individuals take over security operations with their own methodologies and everyone else gets out of the way. Unfortunately, informal processes like these don’t scale or help new employees. CISOs must study formal cybersecurity frameworks, such as ISO and NIST; pick the most appropriate aspects; build their own documented frameworks; and follow them religiously. 
    60% of survey respondents strongly agree or agree with the statement: Security analytics and operations effectiveness is limited because it is based upon too many manual processes. In this case, CISOs must assess and document these processes, create formal runbooks and then use automation/orchestration technologies to improve operational efficiency. Addressing this reliance on manual processes has caused a flurry of activity in the technology market. Witness IBM’s acquisition of Resilient, FireEye’s grab of Invotas, Rapid7’s purchase of Komand, and Microsoft’s stealthy procurement of Hexadite.
    59% of survey respondents strongly agree or agree with the statement: Security analytics and operations effectiveness is limited due to problems in the working relationship between cybersecurity and IT operations team. If you want to know why ServiceNow has been so successful with SaaS for incident response, look no further than this data point. Security and IT operations teams often have different goals, metrics and compensation plans, causing the two groups to clash on collaboration. CISOs and CIOs need to provide leadership here. It doesn’t hurt when the two teams are “singing from the same hymn book,” as well, so common tools or an integrated architecture (like ESG’s SOAPA) can also be beneficial.
    58% of survey respondents strongly agree or agree with the statement: Security analytics and operations effectiveness is limited because of employee skills gaps. Once again, the global cybersecurity skills shortage is in play. Other than hiring and training, CISOs must look for new types of intelligent security analytics technologies, automate/orchestrate security operations processes, or find managed service providers who can fill these gaps to bolster the productivity of the existing cybersecurity staff. 

    Security analytics and operations is complex work that requires more than just a crackerjack staff. Formal processes, process automation/orchestration, and strong collaboration across security and IT should be top priorities for all CISOs. To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place