Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Cyber risk management challenges are impacting the business

    Network World - Networking Nuggets and Security Snippets
    There was quite a bit of banter about boardroom cybersecurity actions at this year’s RSA Security Conference. No surprise here; business executives understand what’s at stake and are asking CISOs to provide more cyber risk data and metrics, so they can work with them on intelligent risk mitigation strategies.This is a positive development for the long term, but it also exposes an underappreciated issue – many organizations aren’t very good at monitoring, measuring, or mitigating cyber risk in a timely manner.
    [ Read also: 12 tips for effectively presenting cybersecurity to the board | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here
  • The buzz at RSA 2019: Cloud security, network security, managed services and more

    Network World - Networking Nuggets and Security Snippets
    Like many other cybersecurity professionals, I spent last week at the RSA security conference in rainy San Francisco. Here are a few of my impressions:
    Cybersecurity and business leaders are coming together – awkwardly. Remember when we used to wish that business executives would get more involved with cybersecurity? Well, be careful what you wish for. Yup, business leaders understand there is a tight bond between digital transformation and cybersecurity and are now asking CISOs to provide the right data and metrics, so they can measure risk and implement the right controls. Alas, you can’t measure a dynamic environment like cybersecurity with static data, and most CISOs have nothing but static data. Since this situation won’t change, RSA was full of new innovations to quantify risk on a continual basis and help CISOs and business executives make better risk mitigation decisions. This is a big step in the right direction.
    Every layer of the security technology stack is in play. Remember a few years ago when we were all shocked by dual exhibition floors in Moscone north and south? Well, the RSA conference addressed this by making one contiguous show floor in and between both buildings. Why so many vendors? Because every individual technology in the security technology stack is in play, driven by things like machine learning algorithms, cloud-based resources, automation, managed services components, etc. All these vendors may be a boon to industry trade shows, but they are confusing the heck out of cybersecurity pros. Instead of buzz words and hyperbole, successful vendors will invest in user education and thought leadership, offering guidance and support for customers and prospects.
    The market is absolutely moving toward consolidation, integration, and platforms. CISOs I talked with at RSA have a 2019 goal of eliminating some percentage of vendors and tools from their networks, and many are just getting started. Large cybersecurity vendors are jumping on this trend with integrated cybersecurity technology platforms and moving toward enterprise license agreements and subscription-based pricing. Many of the vendors I met with are now tracking multi-product deals and incenting direct sales and distributors in this direction. To succeed, vendors need best-of-breed products that come together through central management consoles for configuration management, policy management, and reporting. It’s early on in this transition and none of the big vendors have a distinct advantage, but I predict that we’ll see a few break from the pack by 2020. Furthermore, we’ll see at least one $5 billion cybersecurity vendor by 2021.
    Cybersecurity analytics meets cloud-scale. Earlier this year, I predicted that 2019 would be the year of cloud-based security analytics. At RSA, Google and Microsoft did what they could to reinforce this prophecy with announcements of Chronicle Backstory and Azure Sentinel. Both are SaaS offerings that capitalize on a cloud “home court advantage” by accommodating massive amounts of data, storage, processing, etc. Both vendors readily admit that these are Rev 1 products, but each has an aggressive roadmap. Will these announcements usurp category leaders? No. Will they disrupt the status quo in terms of architecture and pricing? Heck, yes.
    Professional and managed services everywhere – by necessity. Amongst the widget vendors, there were lots of architects, consultants, designers, and managed services offerings for hire at RSA. Everyone equates this upsurge with the cybersecurity skills shortage, which is true but misses an essential point. Cybersecurity is perpetually evolving, with new demands for data analysis, scale, and incident response, risk management decision making, etc. Most organizations don’t have the advanced skills to keep up with all the change. Cybersecurity technology may be sexy, but the future of enterprise security will depend more on third-party brainpower than ever before. This may shift the balance of power (and topics) at RSA from products to services in the near future. 
    Cloud security immaturity continues. Large organizations are getting their arms around cloud computing technologies, but there is still a large and growing gap between the pace of general cloud innovation and security controls and skills. So, while we may be figuring out container security, we remain behind in areas such as securing microservices and the APIs they depend upon. This gap represents a true opportunity, but only for vendors who understand various cloud technologies, native controls, and what’s needed for central management. In the meantime, services vendors are acting as the tip of the spear yet again. 
    The network still doesn’t lie. I’m please to see a renaissance in network traffic analysis (NTA) tools. Some are based upon open-source technologies such as Bro/Zeek, Snort, and Suricata. Some use machine learning to detect anomalous/malicious traffic. Some are tightly integrated with endpoint detection and response (EDR) tools. Why network security? ESG research indicates that network security monitoring is most often the center of gravity for threat detection. In other words, SOC analysts detect suspicious activity on the network first and then pivot elsewhere for further investigation. This makes the network an important source of security truth, which in truth, it always has been. In my humble opinion, CISOs can get a big bang for their buck by implementing one of the more modern network security monitoring/analytics tools, which may be why they seemed to be ubiquitous at RSA.

    One additional note: There was lots of discussion at RSA about the MITRE ATT&CK framework. Bravo! This is one industry effort where everyone seems to agree and crow about its benefits. To read this article in full, please click here
  • What to expect at the RSA Conference 2019

    Network World - Networking Nuggets and Security Snippets
    I’ve attended the RSA security conference for the past 15 years, and things have changed quite a bit. The event has gone from a few thousand to around 50,000 attendees, leading to a confluence of humanity and traffic around the Moscone Center. Hotel room prices exceed $500 per night – even at some of the “boutique” (i.e. flea bag) hotels in and around Union Square. The RSA event has become the nexus where cybersecurity meets high-end capitalism.Overpriced hotels and massive crowds are no accident – the RSA Security Conference has morphed from an industry to a global event where some of the smartest cybersecurity minds come together to share information about the latest threats and discuss what defensive countermeasures can be most effective.To read this article in full, please click here
  • Enterprises need to embrace top-down cybersecurity management

    Network World - Networking Nuggets and Security Snippets
    When I first entered the cybersecurity market in 2003, I’d already been working in the IT industry for about 16 years in storage, networking, and telecommunications previously. By the early 2000s, all three sectors had moved on from bits and bytes to focusing on how each technology could help organizations meet their business goals. Oh sure, we still talked speeds and feeds, but we led with things like business agility, productivity, and cost cutting. The technology was a means to an end rather than an end in itself.When I got to the cybersecurity industry, I was surprised by what I saw. Unlike other areas of IT, cybersecurity was still deep in the weeds, focused on things such as IP packets, application protocols, and malicious code. In other words, cybersecurity remained a “bottom-up” discipline as the cybersecurity team viewed the world from networks and devices “up the stack” to applications and the business.To read this article in full, please click here
  • IBM sets forth with a strong cybersecurity message

    Network World - Networking Nuggets and Security Snippets
    I just got back from attending IBM Think in San Francisco. Though it was a quick trip across the country, I was inundated with IBM’s vision, covering topics from A (i.e. artificial intelligence) to Z (i.e. System Z) and everything in between.Despite the wide-ranging discussion, IBM’s main focus was on three areas: 1) hybrid cloud, 2) advanced analytics, and 3) security. For example, IBM’s hybrid cloud discussion centered on digital transformation and leaned heavily on its Red Hat acquisition, while advanced analytics included artificial intelligence (AI), cognitive computing (Watson), neural networks, etc. To demonstrate its capabilities in these areas, IBM paraded out customers such as Geico, Hyundai Credit Corporation, and Santander Bank, who are betting on IBM for game-changing digital transformation projects.To read this article in full, please click here
  • Cyber risk management: There's a disconnect between business and security teams

    Network World - Networking Nuggets and Security Snippets
    A few years ago, cybersecurity professionals often lamented that executives didn’t want good security; they wanted “good enough” security. This axiom reflected that many CEOs equated cybersecurity with regulatory compliance. If the CISO could check all the right PCI, HIPAA, or SOX boxes, cybersecurity concerns would be taken care of.The “good enough” security attitude was an aversion for the cybersecurity crowd. CISOs who wanted to adequately protect corporate assets longed for a time when business executives would truly appreciate cyber risk and be willing to participate and fund cyber risk management efforts adequately.As the saying goes, “Be careful of what you wish for." In 2019, business executives are all in, and that’s created a big problem for cybersecurity teams.To read this article in full, please click here
  • The problems plaguing security point tools

    Network World - Networking Nuggets and Security Snippets
    At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat – antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect malicious files, etc.
    [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here
  • The cybersecurity skills shortage is getting worse

    Network World - Networking Nuggets and Security Snippets
    At the end of each year, ESG conducts a wide-ranging global survey of IT professionals, asking them about challenges, purchasing plans, strategies, etc. As part of this survey, respondents were asked to identify areas where their organization has a problematic shortage of skills.In 2018-2019, cybersecurity skills topped the list — 53 percent of survey respondents reported a problematic shortage of cybersecurity skills at their organization. IT architecture/planning skills came in second at 38 percent.[ Read also: How to reduce security staff turnover? Focus on culture and people | Get more insight: Sign up for CSO newsletters ]
    The cybersecurity skills shortage is nothing new. Alarmingly, the cybersecurity skills deficit has held the top position in ESG’s annual survey every year. (Note: I am an employee of ESG.) Furthermore, the percentage of organizations reporting a problematic shortage of cybersecurity skills continues to increase. Here are the results from the last four surveys:To read this article in full, please click here
  • 2019 will be the year of cloud-based cybersecurity analytics/operations

    Network World - Networking Nuggets and Security Snippets
    Security information and event management (SIEM) systems first appeared around 2000 from vendors such as Intellitactics, NetForensics, and eSecurity. The original functionality centered around event correlation from perimeter security devices such as IDS/IPS and firewalls.The SIEM market evolved over the past 19 years, with different vendors, functionality, and use cases. SIEM has also grown into a $2.5 billion market, dominated by vendors such as Splunk, IBM, LogRhythm, and AT&T (AlienVault).Despite the SIEM evolution, today’s products can be seen as super-sized versions of those of yesteryear. In fact, the original design of SIEM seemed like a knockoff of network and systems management tools CA Unicenter, HP OpenView, and IBM Tivoli. SIEM products were based upon a tiered architecture of distributed data collectors/indexers/processors and a central database used for data analytics, visualization, and reporting.To read this article in full, please click here
  • Security operations activities to watch in 2019

    Network World - Networking Nuggets and Security Snippets
    If you’ve read my columns over the past few years, you’ve seen a security operations effort I’ve been pushing called security operations and analytics platform architecture (SOAPA). I first conceived of SOAPA as an antidote for the existing security operations practice of relying on an army of independent and disconnected security tools.This army formed over time as organizations added different security controls and threat detection systems. And while they didn’t mean to create an unmanageable monster, that’s what they got. Each system requires its own setup and ongoing management. Each one does its own alerting and reporting. Each one demands employee training, etc. Meanwhile, security operations is based on pivoting from one tool to the next and relying on humans to make sense of the whole enchilada.To read this article in full, please click here

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release