Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Take-aways from Black Hat USA 2018

    Network World - Networking Nuggets and Security Snippets
    I’m not sure how many people attended Black Hat in Las Vegas last week, but it surely felt like a record crowd.  Optimistic attendees lauded the show for its threat research and focus on cybersecurity skills while skeptics bemoaned Black Hat changes, disparagingly referring to the show as ‘RSA in the desert.’As for yours truly, my week was educational, albeit exhausting.  I started early by participating in the CISO Summit on Tuesday where I hosted a panel on AI and machine learning in cybersecurity.  My week ended with a Thursday dinner brainstorming session on cybersecurity operations.  There were dozens of formal and informal meetings in between. To read this article in full, please click here
  • Cisco Buys Duo Security to Address a ‘New’ Security Perimeter

    Network World - Networking Nuggets and Security Snippets
    Last week, Cisco jumped head first into the identity and access management (IAM) market with its acquisition of Duo Security for over $2.3 billion.  Now, I’ve been chatting with Cisco about identity management for many years.  Cisco always understood the importance of identity management in the security stack but remained reluctant to jump into this area. Why the change of heart?  Because cloud and mobile computing have all but erased the network perimeter.  These days, mobile users access SaaS and cloud-based applications and never touch internal networks at all.  As one CISO told me years ago, “Because of cloud and mobile computing, I’m losing control of my IT infrastructure.  To address this change, I’m really forced into gaining more control in two areas: Identity and data security.  Like it or not, these two areas are the ‘new’ security perimeters.”To read this article in full, please click here
  • Anticipating Black Hat USA 2018

    Network World - Networking Nuggets and Security Snippets
    I’m about to leave New England and brave temperatures of 110 degrees or above.  It may sound crazy, but I’m actually looking forward to the trip next week.  Why?  I’m heading to Black Hat USA in Las Vegas, and I’m excited to learn more about:
    Artificial intelligence in cybersecurity. I am hosting a panel at the CISO Summit titled, The Real Impact of AI on Cybersecurity.  As part of this panel discussion, we will cut through the industry hype around AI/ML and talk about how real enterprise organizations are using and benefiting from the technology.  It should be a fruitful and enlightening discussion.
    The clouding of enterprise security. ESG research indicates that 85% of organizations use public cloud services today, up from 78% in 2017 and 75% in 2016.  As more and more workloads move to the cloud, cybersecurity controls and operations tools must come along for the ride.  This will lead to a radical shift where cloud security dominates the overall cybersecurity strategy, forcing organizations to re-think how security is managed across the enterprise.  Although this trend is in a genesis phase today, I can’t overstate how big a transition this is.  I’m curious to hear how the industry and enterprise organizations are reacting and planning.
    The new security perimeters. As I’ve written many times, CISOs tell me that they are losing control of their infrastructure, driven by cloud computing and mobility.  As countermeasures to these trends, many organizations are doubling down on ‘new’ security perimeters: Data security and identity management.  This is one reason why Cisco announced its intent to acquire Duo Security just this morning.  My colleague Doug Cahill and I will be monitoring data security and identity management through many discussions with CASB, DLP, and SDP vendors amongst others.  We’ll also be talking to security executives about topics like privacy and GDPR. 
    The platform wars. New ESG research reveals that 62% of organizations claim that they’d be willing to spend the majority of their security technology budgets with a single enterprise-class cybersecurity vendor.  So, rather than buying endpoint security software, network security appliances, and email and web security gateways and then cobbling things together themselves, enterprises will start buying comprehensive security platforms offering end-to-end coverage across endpoints, networks, data centers, and the public cloud.  This will lead to fewer transactions but bigger potential deals with long sales cycles.  How will vendors like Check Point, Cisco, FireEye, Fortinet, McAfee, Palo Alto Networks, Symantec, and Trend Micro address changing market conditions?  That’s what we want to find out at Black Hat.
    Enterprise risk management. CISOs are also being asked to do a better job of reporting risk to corporate boards, so they can better understand how cyber-risks can impact the business.  This means presenting cyber-risk status in a business context.  Unfortunately, many CISOs complain that it’s difficult to collect the right data on a continuous basis or turn geeky data points into useful business risk metrics.  I’ll look to the CISO summit and Black Hat at large to gain insight into how CISOs and industry players like BitSight, Kenna Security, Rapid7, RSA, and Tenable Networks that may help bridge this gap. 

    Aside from these technology topics, I’m also curious about how organizations are coping with the perpetual cybersecurity skills shortage that I believe is getting worse over time.  This means perusing the Black Hat menu for thoughtful sessions on training and skills development. To read this article in full, please click here
  • Google Intends on Making GCP the Most Secure Cloud Platform

    Network World - Networking Nuggets and Security Snippets
    I attended my first Google Next conference last week in San Francisco and came away quite impressed.  Clearly, Google is throwing its more and more of its engineering prowess and financial resources at GCP to grab a share of enterprise cloud computing dough and plans to differentiate itself based upon comprehensive enterprise-class cybersecurity feature/functionality.CEO Diane Greene started her keynote saying that Google intends to lead the cloud computing market in two areas – AI and security.  Greene declared that AI and security represent the “#1 worry for customers and the #1 opportunity for GCP.” This surely got my attention as I was there for the sole purpose of learning about GCP security.  After attending Google Next, here are a few of my take-aways:To read this article in full, please click here
  • What makes CISOs successful?

    Network World - Networking Nuggets and Security Snippets
    The chief information security officer (CISO) role has evolved over the past few years from tactical IT manager to strategic business executive. Given this transition, what qualities are most important for making CISOs successful?To answer this question, I went back to the data from last year’s research report from ESG and the information systems security association (ISSA). I then cut the data by respondent’s role to understand what CISOs think is most important. (Note: I am employee of ESG.)To read this article in full, please click here
  • What I learned at Tufin's customer conference (Tufinnovate)

    Network World - Networking Nuggets and Security Snippets
    Last week, I attended Tufin’s annual customer conference, Tufinnovate, in Boston. If you don’t know Tufin, the company focuses on network security policy management for enterprise organizations.Here are a few of my take-aways from the event:
    It’s all about operational efficiency. Despite industry banter about artificial intelligence (AI) and process automation, many large organizations still rely on people power to get most tasks done. This creates a serious bottleneck when tasks like network provisioning or firewall audits take weeks to accomplish. This is where tools like Tufin come into play. One customer talked about reducing network provisioning time from days to minutes, while another used Tufin as an alternative to hiring three full-time employees. Yes, some cautious organizations continue to slow-roll the transition from humans to machines, but every organization wants to do things better, faster, and cheaper. Tufin and others are at the tip of this spear.
    Think abstraction layers, connectors, and APIs. I recently wrote about the need for centralized network security policy management for hybrid cloud deployments. This is increasingly where Tufin lives. Vendors that play in this space must become leaders in three areas: Abstraction layers, connectors, and APIs. Abstraction layers provide the ability for centralized command and control over heterogeneous infrastructure and security tools. Connectors give customers fully baked and tested integration to common security technologies, while APIs accelerate development for custom configurations. 
    Firewall consolidation is well underway. Large organizations tend to have a mixed portfolio of network firewalls from vendors such as Check Point, Cisco, Fortinet, and Palo Alto Networks. This situation is changing, however, as enterprises winnow down to one or two vendors. Oh, and more often than not, they choose vendors that can support their firewall needs in corporate data centers AND pubic cloud services. Tufin customers use its products to manage firewall migration, configure/monitor network segmentation, and audit firewall rule sets.
    DevOps is attractive but remains immature. Just about every large organization I spoke with was actively embracing a DevOps model, but most were still in the “toe-dipping” stage. How were they proceeding? A few told me that they assigned a security team member to the development team and told them to figure things out. That's not very sophisticated, but it is a step in the right direction. Ultimately, the goal is to inject security controls within the CI/CD pipeline. Organizations are getting there, albeit slowly. 


    [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here
  • The New Endpoint Security Market: Growing in Size and Scope

    Network World - Networking Nuggets and Security Snippets
    Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless.  Cylance announced a round of $120 million led by Blackstone Tactical Opportunities.  Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint. Prior to the Cylance announcement, CrowdStrike announced a round of $200m, funded by Accel, General Atlantic, and IVP, and now claims a valuation of more than $3 billion.  Like its rival, CrowdStrike says that the new funding will go toward sales and marketing as well as product development.These two “unicorns” are not alone.  Tanium and Cybereason have also enjoyed funding rounds of $100m while SentinelOne raised $70m in a series C round last year.  Holy antivirus, Batman!To read this article in full, please click here
  • Cisco Security Synopsis from CiscoLive

    Network World - Networking Nuggets and Security Snippets
    Cisco held its annual customer event this week in Orlando FLA and invited the industry analysts to attend.  CEO Chuck Robbins highlighted the company’s commitment to security in his CiscoLive keynote while other executives elaborated on more security product and services details.After a few days of meetings, I believe Cisco’s cybersecurity strategy focuses on:
    Product integration. Cisco wants a common cybersecurity product architecture that spans endpoints, networks, data centers, and the public cloud, that can service most of its customers cybersecurity technology needs.  As a result, Cisco is busy integrating products and services like AMP, Umbrella, Firepower, Talos, etc.  Cisco demonstrated its platform and discussed its future roadmap in detail.
    Openness and programmability. Beyond gluing its own products together, Cisco’s cybersecurity platform is built with connectors and APIs for third-party integration and programmability.  To illustrate its technology alliance partner ecosystem, Cisco crowed about dozens of partners including Anomali, IBM, LogRhythm, and McAfee.  Cisco’s intent-based networking programmability also extends to security for service providers taking advantage of APIs and building value-added services on top of Cisco security tools.
    A foundation of threat intelligence. CiscoLive started last Sunday with a day-long session by the Talos team on security research and threat intelligence.  Beyond the data, the Cisco team focused on teaching customers how to operationalize threat intelligence for threat detection, hunting, and risk management.  Clearly, Cisco believes that Talos threat intelligence can give the company a strategic advantage versus narrowband security vendors, so it is anchoring all security products with Talos threat feeds.  The company is also bolstering market education to get the Talos word out more broadly. 
    Comprehensive cloud security. Cisco wants customers to know that it can protect workloads in the public cloud with a one-two punch of Tetration and StealthWatch cloud.  Beyond IaaS and PaaS, Cisco also promoted its CloudLock CASB product for SaaS management and data protection.  Finally, Cisco is offering several ‘security from the cloud’ services, such as Umbrella and email security to safeguard mobile workers and branch offices.
    Operational simplicity. When it comes to security operations, Cisco understands that many of its customers are under-staffed, lack advanced skills, have too many point tools and still rely on manual processes.  To address these shortcomings, Cisco demonstrated a security operations platform called Visibility, a common SOC analyst workbench for threat detection, incident response, and risk remediation.  In its current iteration, Visibility supports a handful of Cisco products, but the company previewed an aggressive roadmap for integration of additional Cisco and third-party products.
    Professional and managed services. What many customers may not realize is that Cisco professional and managed cybersecurity services are growing like a weed.  Cisco plans to expand its services portfolio to provide flexible consumption options and help customers benefit further from all its security products. 

    While Cisco realizes it must compete with best-of-breed products, its security go-to-market is now focused on campaigns, providing solutions for security threats like Ransomware defense, breach response, and data center security.  These strategic solutions often encompass an integrated bundle of several Cisco products at once.  To read this article in full, please click here
  • Moving to central network security policy management for hybrid clouds

    Network World - Networking Nuggets and Security Snippets
    As organizations embraced the public cloud over the past few years, security teams were on the hook to modify network security policies and implement security controls to protect cloud-based workloads. The goal was simple: Protect cloud-based workloads with network security polices and controls that were equal to or better than existing safeguards for physical and virtual servers in corporate data centers.This turned out to be far more difficult than expected. Many organizations tried to force fit their existing security controls (firewalls, ACLs, network segments, VPNs, etc.) to accommodate cloud-based workloads. This turned out to be a technology mismatch – security controls built for physical and virtual servers were too inflexible to service the public cloud. To read this article in full, please click here
  • The rise of analyst-centric security operations technologies

    Network World - Networking Nuggets and Security Snippets
    Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.This technical purview has been a highlight of security operations products since their inception. In the early days (late 1990s), security analysts’ jobs depended upon technical tools such as TCPdump and Ethereal/Wireshark to look for suspicious activities within network packets. The next step was searching for clues through Syslog and then this led to the use of log management tools and then the evolution of SIEM in the 1999-2000 timeframe.To read this article in full, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release