While last week’s Dell/EMC merger was certainly a blockbuster, nothing specific was mentioned about future plans for RSA Security. Michael Dell did say that there were a “number of discussions about security” during the negotiations, but apparently, no concrete plans yet. Infosec reporters have lobbed phone calls into Round Rock Texas as well as Bedford and Hopkinton, MA looking for more details, but Dell and EMC officials haven’t responded.
Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio, yet the company will always be linked with personal computers and its founder’s dorm room. F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company. Bit9 has established itself as a major next-generation endpoint player, yet some people can only think of its original focus on white listing.
While attending Splunk.conf 15, I sat in on an interesting presentation given by Christof Jungo, head of security architecture and engineering at Swisscom. Jungo described Swisscom’s cybersecurity strategy as anchored by a “nerve center” (based on Splunk) that centralizes all security data – network data, endpoint forensics, application logs, identity and access management, threat intelligence, etc. Christof mentioned that this process has helped Swisscom accelerate threat detection.
When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.
As October begins, we in New England look forward to fall foliage, warm days and cool nights. Aside from orange and bright red leaves here in Massachusetts, everyone will see a prominent display of the color pink, as October is also breast cancer awareness month. Finally, if you are a dedicated cybersecurity professional, you may (that’s right, may) know that October is also national cybersecurity awareness month.
ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations. The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”.
When I first became familiar with Splunk years ago, I thought of it as a freeware log management tool for inquisitive security analysts. Useful for general purposes, but I didn’t see it as a true enterprise security management system, a category defined by vendors like ArcSight, Intellitactics, and Network Intelligence at that time.
Future Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes. In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188