Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far...
My colleague Doug Cahill and I are knee deep into a research project on next-generation endpoint security. As part of this project we are relying on real-world experience, so we’ve interviewed dozens of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) who have already deployed new types of endpoint security software.
Anyone familiar with identity management knows that it can be extremely messy — lots of tactical tools, access policies, multiple data repositories, manual processes, etc. Furthermore, user authentication continues to be anchored by user names and passwords making nearly every organizations vulnerable to credentials harvesting, identity theft, and cyber-attacks.
In order to explore identity and access management security practices and challenges further, ESG surveyed 335 IT and information security professionals representing enterprise-class (1,000 employees or more) organizations in North America.
In 2012, I did an extension research project on big data security analytics. My thesis was that big data tools like Hadoop, Mahout, MapReduce, and Pig would greatly enhance in-depth historical cybersecurity investigations beyond anything provided by SIEM tools. In retrospect I believe my assumptions were correct but the market remains in an early stage of development even today.
Depending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year but that’s still a lot of vendors.
Remember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006. In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010. This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.
I’ve been focused on security analytics for several years, and spent a good part of 2015 investigating technologies and methodologies used for incident response. Based upon lots of discussions with cybersecurity professionals and a review of industry research, I’ve come up with a concept I call the incident response “fab five.”
ESG Senior Principal Analyst Jon Oltsik and Senior Analyst Doug Cahill discuss their 2016 predictions for the cybersecurity segment.
My colleague Doug Cahill and I recorded a video shortly before the holidays outlining what we're expecting to see in 2016 in the cybersecurity space. We're excited to share that video with you now.
Happy new year everyone! Late last year, I wrote a blog with a few predictions for 2016 focused on threats and enterprise security. Here are a few of my additional expectations for the cybersecurity industry:
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
© 2016 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188