Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Symantec in a position to progress and prosper

    Network World - Networking Nuggets and Security Snippets
    When Symantec and Veritas joined forces, Symantec Vision (its customer and analyst event) was a regular spring ritual. Like the swallows coming back to Capistrano, I made an annual pilgrimage to Las Vegas, parked myself at the MGM or Venetian, and spent a few days catching up on the latest Symantec buzz.Alas, when Symantec divested Veritas and acquired Blue Coat, Symantec Vision was put on sabbatical for a few years. Yesterday, Symantec renewed its analyst outreach, however, with a new-look analyst event here in Boston. The company highlighted:
    Its integrated cyber defense platform. Since the Blue Coat marriage, Symantec has been quite busy gluing its products together. It started with basic point-to-point integration but has since evolved into the creation of an end-to-end architecture, integrated cyber defense (ICDx). Symantec touts that ICDx is a single point of integration for security telemetry, threat intelligence, and data management. Furthermore, ICDx provides publish/subscribe middleware and message bus services to support heterogeneous cybersecurity tools. ICDx is also an open architecture (similar to ESG’s SOAPA), based upon open standards and APIs, and Symantec is even working to champion open cybersecurity software architectural with OpenC2, a standards effort led by OASIS. To further promote ICDx across the industry, Symantec crowed about its technology integration partners program (TIPP) and a laundry list of other cybersec vendors already signed up.
    It’s focus on termination points… Symantec talked about a "dark" internet where nearly all traffic is encrypted. In this scenario, Symantec believes that security oversight must migrate to termination points. In Symantec’s view, this equates to four central termination points: Endpoints (of all kinds), network proxies, email, and cloud-based applications. Symantec then reminded the analyst community about its well-established real estate in each area.
    …And modern operating systems. Symantec rightly points out that the world has moved well beyond Windows PCs and servers, while many competitors have not. Yes, these systems are still highly targeted, but Symantec believes enterprise customers need similar protection on mobile devices (iOS, Android), cloud-based workloads, IoT devices, etc. Symantec claims it can protect this potpourri of systems with a bright yellow security blanket.
    Data security. It was appropriate for Symantec to focus on data security the day before GDPR took effect. Symantec has been a leader in this space since its acquisition of Vontu – way back in 2007. (Author’s note: Wow, do I feel old!)  While much of the industry continues to ignore data security, Symantec has been innovating in this area by marrying DLP with machine learning analytics from Bay Dynamics, integrating DLP and identity management tools, and using data access patterns in concert with its threat detection tools. Symantec rightly points out that as organizations have less security control over their infrastructure, they need more security control over their data. 
    An evolving consumer security agenda. While many of its AV competitors are walking away from the consumer market, Symantec is doubling down. It acquired LifeLock in 2016 and now offers creating bundles of LifeLock and Norton products. Symantec is also dipping its toe into the connected home market with the introduction of Norton Core, an all-in-one device designed to offer easy management, security, and data privacy for connected devices on the home front. 

    Key points about Symantec
    Symantec addressed a lot at the event, far more than can be covered in a short blog post. Nevertheless, here are a few of my take-aways:To read this article in full, please click here
  • Containers are here. What about container security?

    Network World - Networking Nuggets and Security Snippets
    The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issues
    Not surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:
    35 percent say their organization’s current server workload security solutions do no support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.
    34 percent say they need to verify that images stored in container registries meet their organization’s security and compliance requirements. Again, they tend to need specialized tools to accomplish this task.
    33% say there is a lack of mature solutions available for container security. This is understandable, as container security is dominated by startups and point tools at present (i.e. Aporeto, Aqua Security, Cavirin, CloudPassage, Layered Insight, Neuvector, StackRox, Twistlock, etc.). We are seeing more and more coverage from established players, as well, including Tenable Networks, Trend Micro, VMware, etc. Cybersecurity pros should pay close attention to this market because vendors and tools are evolving quickly. 
    30% say the potential for container sprawl creates loose access controls between containers that could leave their production environment more vulnerable. This indicates process and management problems that lead to security vulnerabilities. 
    27% say portability makes containers more susceptible to “in motion” compromises. And a lot of security pros don’t have the tools to monitor transient containers and microservices as they appear and disappear. 


    [ Learn why you need an API security program, not a piecemeal approach. | Get the latest from CSO by signing up for our newsletters. ]

    Like server virtualization and public cloud workloads of the past, containers remain an unfamiliar animal to many security professionals today, but this is unacceptable given the number of production containers deployed today (as well as aggressive future container deployment plans). In cybersecurity, uncertainty and limited knowledge equal increased risk. To read this article in full, please click here
  • It’s Time to Think Harder About Security Data Management

    Network World - Networking Nuggets and Security Snippets
    According to ESG research, 28% of enterprise organizations collect, process and analyze substantially more security data then they did two years ago while another 49% collect, process, and analyze somewhat more data than they did in the past (note: I am an ESG employee). What’s happening here?  Well first of all, organizations are collecting more data from traditional sources – system logs, vulnerability scans, network flows, etc.  They are also grabbing security data from supplementary security sources like EDR tools, behavioral analytics systems, threat intelligence feeds, etc.  Oh, and over the last few years, enterprises started gathering data from IoT devices, public cloud services, SaaS, etc.  It all adds up to a growing pile of terabytes of security data. To read this article in full, please click here
  • The evolution of security operations, automation and orchestration

    Network World - Networking Nuggets and Security Snippets
    The market for security operations, automation and orchestration products is rapidly maturing. The most recent proof point of this maturation was Splunk’s acquisition of Phantom in February, but other vendors, such as FireEye (acquired Invotas), IBM (acquired Resilient), Microsoft (acquired Hexadite), and Rapid7 (acquired Komand), saw the light and bought into this market over the past few years.I first discovered this market several years ago. In a 2015 blog post, I introduced the concept of integrated cybersecurity orchestration platforms (ICOPs). I stated that ICOPs would be used to integrate inputs (i.e. alerts and data from different security tools), correlate, enrich, and manage security data, and initiate outputs (i.e. trigger remediation actions and workflows). To read this article in full, please click here
  • Cloud computing security chaos continued at RSA Conference 2018

    Network World - Networking Nuggets and Security Snippets
    My esteemed colleague Doug Cahill did a great job at the RSA Conference with a killer presentation on hybrid cloud security. Unfortunately, Doug’s presentation occurred on Thursday afternoon, when many conference attendees were catching flights home, packing up their booths, or recovering at a bar somewhere else in San Francisco. Despite the timing, about 150 souls showed up, but I’m guessing that Doug’s conference room would have been overflowing if his presentation had been on Tuesday rather than Thursday.As I wrote in a recent blog post, it was important to focus on cloud security at RSA 2018. Why? Because organizations are rapidly adopting hybrid clouds, with DevOps leading the charge. This places a double whammy on security teams that have little cloud computing experience and a limited relationship with DevOps teams.To read this article in full, please click here
  • What is a Cybersecurity Technology Platform Anyway?

    Network World - Networking Nuggets and Security Snippets
    At last week’s RSA Conference, you couldn’t walk more than 10 feet on the show floor without a security vendor pitching you on its technology “platform.”  Yup, Check Point, Cisco, FireEye, Forcepoint, Fortinet, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot, and lots of other are now busy pitching platforms and will continue to do so. Okay, but what is the actual definition of this term?  In general, vendors use the word “platform” to describe an integrated amalgamation of point products that creates a common and interoperable architecture.  It’s safe to say that all vendor agree upon this platform characteristic.  Beyond this basic functionality however, there doesn’t seem to be much consensus on security technology platform requirements.To read this article in full, please click here
  • Quick Take-Aways From the RSA Security Conference

    Network World - Networking Nuggets and Security Snippets
    Like many others, I’m still recovering from last week’s marathon at the RSA Security Conference in San Francisco.  Here’s a shotgun list of my impressions of the show:
    The transition from “bolted on” to “baked in” security. With security as a top-of-mind issue across business and IT, security functionality is moving toward cloud, application, and IT infrastructure.  Intel announced new chip-level security functionality.  Microsoft discussed its plans for IoT devices with a secure microprocessor and even a Windows-based version of Linux.  Google is busy enhancing GCP with security functionality for DLP, access control, traffic segmentation, etc.  Good development but command-and-control across infrastructure security is bound to become an issue soon.  Someone will make a killing with centralized policy management tools. 
    Managed security services. This topic came up in meetings with Cisco (new partnership with ConnectWise), CrowdStrike (new managed service offering), Trend Micro (new managed detection/response service), and Webroot (partnerships with Continuum and others).  Due to the global cybersecurity skills shortage, many organizations are defaulting to managed security services and this will only continue.  Look for more focus on this area at Black Hat and RSAC 2019.
    Machine learning is everywhere. It seems like every vendor is back-ending their analytics tools with machine learning algorithms.  That said, a lot of the machine learning at RSA was fairly basic – nothing more than an academically proven machine learning algorithm applied to security data.  I got the next level of machine learning depth from vendors like Bay Dynamics, LogRhythm, and Vectra Networks.  As part of RFIs and RFPs, security professionals should really dig into the machine learning (or lack thereof) they are buying – caveat emptor.
    All for one and one for all. There was a real sense of community at this year’s RSA.  This togetherness was highlighted during a keynote by Brad Smith from Microsoft when he announced that 34 companies had signed on to a tech sector accord.  This accord is intended to protect all users, oppose all attacks, empower users, and establish a working relationship for vendors across the tech industry.  Smith also talked about the need for a cyber Geneva convention, an effort I fully support.  Kudos to Microsoft for driving this, especially because many old guard cybersecurity pros still don’t consider Redmond as part of the in-crowd.  Let’s all hope this effort is real and fruitful.
    Platforms, platforms, platforms. Security tech vendors like Cisco, FireEye, McAfee, and Symantec are integrating disparate homegrown and third-party products into their own architectures a la ESG’s security operations and analytics platform architecture (SOAPA).  This sets up an imminent platform war, but the road ahead won’t be easy.  Platform vendors must convince skeptical infosec pros that they have best-of-breed products and can hold their hands over a 2 to 3-year timeframe as they replace point tools with an integrated architectural solution.  Services will be a key to success here, look for Accenture, KPMG, IBM, Optiv and others to clean up. 
    Holistic risk management. The RSA crowd understands that cybersecurity is intersecting with business risk.  Now vendors must develop new solutions that report on high-priority risks (i.e. application security, assets, configuration management, vulnerability management, third-party risk management, etc.) across the whole enterprise enchilada.  Companies like BitSight, Kenna Security, RSA, and Tenable Networks are all over this.   

    These are all good topics that deserve attention, but I wish the crowd at RSA spent a bit less time on technology and more on people and process.  As Bruce Schneier always says, “security is a process, not a product.” To read this article in full, please click here
  • Cloud security will (and should) dominate the RSA Conference

    Network World - Networking Nuggets and Security Snippets
    There are only a few days before this year’s RSA Conference kicks off in San Francisco, and everything points to a crazy week at the Moscone Center. I’ve heard that around 50,000 people will attend and that the Moscone Center is a mess of construction right now, so just getting in and out of the buildings may be difficult. Now, I’ve written a lot lately about my outlook for RSA, as I expect a lot of banter around endpoint security, machine learning, security operations automation and orchestration, threat intelligence, risk management, etc. Yup, there will be a smorgasbord of topics throughout the week, but cloud security will dominate this year’s RSA Conference.To read this article in full, please click here
  • Software-defined perimeter: Important initiative, ineffective name

    Network World - Networking Nuggets and Security Snippets
    For the past year or so, I’ve made the following statement, "No one has an SDP budget, but everyone has an SDP requirement." Why the disconnect? Let’s start with the demand side. At large organizations, technology users are a disparate group of employees, business partners, consultants, customers, business partners, suppliers, etc. Individuals within each group access business applications and technology services from different devices and locations, while applications reside in data centers, public clouds, at SaaS service providers, etc. Each end of the access pipe is dynamic, yet IT and security professionals must figure a way to provide users with seamless and secure access to business applications and IT services. Old standards such as RADIUS servers, 802.1X, and VPNs simply weren’t built with these use cases in mind.To read this article in full, please click here
  • Machine learning: Security product or feature?

    Network World - Networking Nuggets and Security Snippets
    Around 2010, security analytics technologies started to integrate big data science and open-source technologies like Hadoop (and HDFS), Pig, Mahout, etc. The goal? Ingest, process, and apply new types of algorithms to security data to supplement human intelligence for finding needles in growing haystacks of security data. The U.S. Department of Energy was an early pioneer in this area with a project called Orca from the Oak Ridge National Lab. Since then, big data security analytics sort of morphed into machine learning, which led to the creation of a new security technology category: user and entity behavior analytics (UEBA). UEBA was designed to monitor user behaviors such as logins, remote access, network connections, etc., model "normal" behavior, and then detect anomalies that may indicate an attack in progress. UEBA proponents claimed that based upon this new capacity, new machine learning-based technology were destined to become a huge market as it replaced SIEM as the system of record for security analytics and operations.To read this article in full, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release