While attending Splunk.conf 15, I sat in on an interesting presentation given by Christof Jungo, head of security architecture and engineering at Swisscom. Jungo described Swisscom’s cybersecurity strategy as anchored by a “nerve center” (based on Splunk) that centralizes all security data – network data, endpoint forensics, application logs, identity and access management, threat intelligence, etc. Christof mentioned that this process has helped Swisscom accelerate threat detection.
When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.
As October begins, we in New England look forward to fall foliage, warm days and cool nights. Aside from orange and bright red leaves here in Massachusetts, everyone will see a prominent display of the color pink, as October is also breast cancer awareness month. Finally, if you are a dedicated cybersecurity professional, you may (that’s right, may) know that October is also national cybersecurity awareness month.
ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations. The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”.
When I first became familiar with Splunk years ago, I thought of it as a freeware log management tool for inquisitive security analysts. Useful for general purposes, but I didn’t see it as a true enterprise security management system, a category defined by vendors like ArcSight, Intellitactics, and Network Intelligence at that time.
Future Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes. In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.
As the old cybersecurity adage states, "The cybersecurity chain is only as strong as its weakest link." Smart CISOs also understand that the proverbial weak link may actually be out of their control.
The endpoint often plays a central role in the cyber kill chain, serving as the entry point and staging ground for a broader attack, a dynamic that has raised the stakes in protecting the endpoint attack surface area. Today’s endpoint security market is in transition, with customers seeking solutions that protect against zero day malware and exploits while evaluating whether “next-generation” solutions augment or replace traditional antivirus. Webroot SecureAnywhere Business Endpoint Protection strives to bridge the gap with a smart approach to detect, prevent, and remediate malware on endpoints.
According to ESG research, 79% of cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that network security management and operations is more difficult today than it was two years ago. Why? Infosec pros point to a combination of increasingly dangerous cyber-threats, new IT initiatives like cloud and mobile computing, legacy point tools, and growing security operations overhead.
In order to explore cyber supply chain security practices and challenges further, ESG surveyed 303 IT and information security professionals representing large midmarket (500 to 999 employees) organizations and enterprise-class (1,000 employees or more) organizations in the United States within vertical industries designated as critical infrastructure by the U.S. Department of Homeland Security (DHS). All respondents were familiar with/responsible for their organization’s information security policies and procedures, especially with respect to the procurement of IT products and services. Respondents also had to be familiar with cyber supply chain security as defined previously.
When it comes to threat intelligence, there seem to be two primary focus areas in play: The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e., CISA, CISPA, etc.). What’s missing? The answer to a basic question: How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188