In the course of my average work day, I try to read all the cybersecurity news I can. I came across a very good article in Forbes that looks at the cybersecurity opportunities for companies like IBM, Cisco, Dell, and others. The article points out that the market for cybersecurity products and services is estimated at $77b today, growing to $120b by 2020. That’s a lot of firewalls, AV software, and identity tokens!
Cybersecurity and IT professionals would be wise to review the findings of the 9/11 Commission report published in 2004. The report provides a comprehensive analysis of events surrounding the attacks and points to a number of systemic problems in several areas:
All this year, I’ve been researching the burgeoning cyber insurance market. Admittedly, this is a bit of a detour from covering endpoint security, network security, and security analytics, but cyber insurance is becoming an increasingly important puzzle piece in any organization’s risk mitigation strategy, so it’s worth paying attention to.
Just before Halloween (10/27), Cisco announced its acquisition of security analytics veteran Lancope for $453m. Given the timing of the deal, it’s fair to ask an appropriate question: Trick or treat? There’s no debate here – treat. With the Lancope purchase, Cisco walked into the security analytics neighborhood, knocked on just one door, and grabbed a bag full of candy. Okay, enough of the Halloween metaphors, this was a very good deal for Cisco for several reasons...
One of the fundamental best practices of cyber supply chain security is IT vendor risk management. When organizations purchase and deploy application software, routers, servers, and storage devices, they are in essence placing their trust in the IT vendors that develop and sell these products.
When I started covering the infosec market around 13 years ago, anti-spyware was the hot topic Du Jour. The market went through a common cycle – VCs funded companies and cranked up the hype machine. Some product companies were acquired (CA purchased PestPatrol, Microsoft acquired Giant Software, etc.), while others pivoted from anti-spyware alone to endpoint security (Webroot).
Threat intelligence sharing has received a lot of attention over the past 12 months due to industry messages and proposed government legislation for public/private threat intelligence sharing. Enterprises are embracing threat intelligence programs, but these efforts remain immature and fraught with operational problems. Furthermore, most large organizations are focused on threat intelligence consumption rather than threat intelligence sharing. Vast improvements in threat intelligence standards, timeliness, contextualization, and operations are necessary before the cybersecurity community can truly benefit from the threat intelligence sharing vision being promoted by industry organizations and government agencies.
I’ve been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land.
As summer turned to fall, the IT industry got together at VMworld and then Re:Invent to celebrate cloud computing. This translated to software-defined everything – data centers, networking, storage, etc. Yup, we are deep into a hype cycle where the entire industry is in a state of gaga over all things associated with software like flexibility and agility. Great stuff but software has to run somewhere so there is and always will be market for high-performance hardware.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188