Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • WannaCry makes me want to cry!

    Network World - Networking Nuggets and Security Snippets
    As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here are my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100 percent year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back, but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
  • SIEM remains an enterprise security architecture requirement

    Network World - Networking Nuggets and Security Snippets
    Enterprises are changing their cybersecurity technology procurement habits and consolidating the number of cybersecurity vendors they do business with and purchasing security products designed for integration, according to ESG research. Eventually, CISOs will buy more products from fewer vendors, leading to the rise of a few enterprise-class cybersecurity technology vendors that dominate the space.  These vendors will offer tightly integrated cybersecurity technology architectures that span across applications, host systems, networks and cloud-based assets, offering capabilities for threat analysis/investigations, as well as prevention, detection and response.To read this article in full or to leave a comment, please click here
  • The rise of enterprise-class cybersecurity vendors

    Network World - Networking Nuggets and Security Snippets
    When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch +
    Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here
  • Are next-generation firewalls legacy technology?

    Network World - Networking Nuggets and Security Snippets
    A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigm—everyone needed, or at least wanted a NGFW at the perimeter or within the internal network.Fast forward to 2017, and the bloom is coming off the NGFW rose for several reasons:
    Requirements have changed. NGFWs followed in the footsteps of earlier firewalls—physical appliances installed inline to protect private networks from the public Internet. Back then, mobile and remote office workers VPNed into the corporate network and traffic was backhauled for Internet ingress/egress. This model is changing rapidly, however. As cloud computing, SaaS, mobility and broadband networks evolved, mobile and remote worker connection are often dual homed, offering direct connections to the public internet. Once this happens, NGFWs lose their usefulness, offering no visibility or control of network traffic.
    Software is eating the world. Remember Marc Andreessen’s famous essay about the rise of software? Ironically, his publication doesn’t dedicate a single word to cybersecurity, but make no mistake, software is eating the cybersecurity world as well. Rather than deploy physical network devices, data center firewalling of east-west traffic is rapidly moving toward software-based micro-segmentation tools (i.e. Cisco ACI, CloudPassage, Illumio, Unisys, vArmour, VMware NSX, etc.). In fact, many large enterprises are not only embracing micro-segmentation to protect cloud, container and VM workloads, but they are also using it to replace, you guessed it, physical data center firewalls. I expect the same type of displacement at network perimeters over the next few years as software-defined perimeter (SDP) technology (i.e. Cryptzone, Google BeyondTrust, Vidder, etc.) becomes de facto brokers between users/devices and network services regardless of location.
    Hybrid “god boxes” are always a compromise. One of the most compelling benefits of NGFWs has always been around consolidation. The thought was that you could replace a bunch of security gateway appliances (i.e. IDS/IPS, web security gateways, SSL decryption gateways, network proxies, etc.) with a single tightly integrated NGFW, thus eliminating network complexity and operations overhead. Unfortunately, consolidation comes at a price. To cram everything into a single box, NGFWs tend to sacrifice network security service functionality, cutting out features that remain important to large organizations. NGFWs also fail to deliver “line speed” performance when multiple filters are activated. This is a deal breaker in the enterprise market—I’m seeing lots of large organizations going back to fixed-function boxes because their NGFWs had too many limitations. 
    NGFWs cross the line between networking and security teams. For the most part, NGFWs are treated as a networking devices, owned and maintained by network operations. Since networking teams don’t want security personnel mucking around with their equipment, security teams often find other tools for their needs. This is one reason why many large organizations continue to deploy standalone IDS/IPS devices behind NGFWs or use IPS boxes for network segmentation within distribution and core network layers. 
    Cloud services are spoiling the NGFW party. Let’s face it, just about anything you can do with a NGFW—application controls, access controls, even layer 3 and 4 packet filtering—can be done by a SaaS provider in the cloud. ZScaler comes to mind, but so do Blue Coat (Symantec), Proofpoint and all the CASB service providers. This trend doesn’t necessarily turn NGFWs into a legacy technology, but it does throw a wrench into the firewall appliance market—especially with mid-market and small enterprise customers.     

    Some of the issues and use cases cited here are fairly limited to advanced organizations (which represent somewhere between 15 and 20 percent of the overall enterprise market), so there is still a massive opportunity for NGFW players with mid-market organizations and most enterprises who lack the maturity and experience of more advanced cybersecurity firms. Nevertheless, these trends will persist, squeezing the NGFW market overtime. To read this article in full or to leave a comment, please click here
  • The move toward enterprise security technology integration

    Network World - Networking Nuggets and Security Snippets
    Last week, I wrote about the move toward cybersecurity vendor and technology consolidation, along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces those conclusions. As part of a recent ESG research project, 176 cybersecurity and IT professionals were presented with several statements and asked whether they agreed or disagreed with each one. Here are the results: 
    82% of survey respondents “strongly agree” or “agree” with the statement: "My organization is actively building a security architecture that integrates multiple individual product." This is likely part of a SOAPA (security operations and analytics platform architecture) project.
    81% of survey respondents “strongly agree” or “agree” with the statement: "Cybersecurity product integration has become an important consideration of our security procurement criteria." In other words, stand-alone point tools don’t make the purchasing cut in most cases.
    78% of survey respondents “strongly agree” or “agree” with the statement: "The security products my organization buys are regularly qualified on their integration capabilities." This aligns with the previous point. 
    73% of survey respondents “strongly agree” or “agree” with the statement: "My organization tends to select best-of-breed products." Once again, the data reflects that best-of-breed functionality and integration capabilities are critical.

    Why the focus on integration and architecture? There is an element of simplifying purchasing and vendor management, but most CISOs want tools that work together so they can improve security prevention/detection while streamlining operations. Remember that most organizations don’t have enough skilled cybersecurity professionals, so CISOs are fixated on getting more effectiveness and efficiency out of their security technologies as soon as possible. To read this article in full or to leave a comment, please click here
  • Enterprise security technology consolidation

    Network World - Networking Nuggets and Security Snippets
    Look around the cybersecurity infrastructure at any enterprise organization, and here’s what you’ll see—dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn’t planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? +
    So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here
  • Cybersecurity skills shortage impact on technology innovation

    Network World - Networking Nuggets and Security Snippets
    The global cybersecurity skills shortage continues to be a critical issue. For example, ESG research found 45% of organizations report a “problematic shortage” of cybersecurity skills today, more than any other area within IT.Want more? Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:
    29% of cybersecurity professionals said the global cybersecurity skills shortage has had a significant impact on their organization. Another 40% said the global cybersecurity skills shortage has impacted their organization “somewhat.”
    When asked to identify the impact of the cybersecurity skills shortage:

    54% said it increased the cybersecurity staff’s workload
    35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary
    35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn’t had time to learn or use its security technologies to their full potential



    While the cybersecurity skills shortage endures, the industry itself remains white hot. According to a recent Bloomberg business article, the cybersecurity industry is expected to grow about 7% a year through 2019 to reach $46 billion in valuation.To read this article in full or to leave a comment, please click here
  • Cybersecurity skills shortage threatens the mid-market

    Network World - Networking Nuggets and Security Snippets
    Each year, respondents ESG's annual global survey of IT and cybersecurity professionals are asked to identify the area where their organizations have a problematic shortage of skills. For the sixth year in a row, cybersecurity skills topped the list—this year, 45% of the 641 respondents said their organization has a problematic shortage of cybersecurity skills. Now, the cybersecurity skill shortage isn’t picky; it impacts all organizations across industries, organizational size, geography, etc. Nevertheless, global cybersecurity may be especially problematic for organizations in the mid-market, from 100 to 999 employees.Keep in mind that the skills shortage isn’t limited to headcount. Rather, it also includes skills deficiencies—situations where security staff members don’t have the right skills to address the dynamic and sophisticated threat landscape. To read this article in full or to leave a comment, please click here
  • Cybersecurity remains an elusive business priority

    Network World - Networking Nuggets and Security Snippets
    I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern: Cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals:
    While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% said they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security, 39% will in network security, 30% in endpoint security, and 29% in security analytics.   
    Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity," and 39% said “improving information security.” 
    When asked which business initiatives will drive the most IT spending, 39% said “increasing cybersecurity,” the top selection of all.
    When asked to identify the most important IT initiatives for this year, the number one answer was “strengthening cybersecurity controls and processes.” 
    For the sixth year in a row, survey respondents said cybersecurity is the area where their organization has the biggest problematic shortage of skills. This year, 45% of organizations said they have a problematic shortage of cybersecurity skills—nearly identical to last year’s results (46% said they had a problematic shortage of cybersecurity skills in 2016).

    Allow me to provide a bit of analysis to this data (after all, I am an industry analyst):To read this article in full or to leave a comment, please click here
  • SOAPA services opportunities abound

    Network World - Networking Nuggets and Security Snippets
    Security operations is changing, driven by a wave of diverse data types, analytics tools and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA.    When speaking or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency and profitability.To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place