Jon Oltsik

Senior Principal Analyst

  • research briefs
    Aug 5, 2013

    Purchasing SAST and DAST from a Single Vendor

    Web application security testing products and services generally fall into one of two categories—static application security testing (SAST) or dynamic application security testing (DAST)—but some vendors have begun to offer integrated suites of both sets of tools. While some IT and security professionals are quite interested in purchasing SAST and DAST from a single vendor, others purposefully avoid doing so. This brief investigates the interest levels in single-sourcing SAST and DAST, as well as the drivers and inhibitors to this approach.

  • Blogs
    Aug 5, 2013

    CISOs Should Assess Security Policies and Processes with Bradley Manning in Mind

    Basic communications and safeguards are often overlooked.

  • News
    Jul 31, 2013

    Majority of Enterprises Are Vulnerable to Malware Threats - eSecurity Planet

  • Corporate Online File Sharing and Collaboration Security and Governance

    Understanding the On-premises Solutions Landscape

    Mobility and consumerization are having a hard and fast impact on IT. We are no longer in a “command and control” world in which IT dictates which tools employees use (hardware as well as software): More end-users are choosing their own hardware platforms and software applications in lieu of the IT-sanctioned business tools provided by their companies, and IT is sprinting to catch up. These end-users are looking to tackle issues like data sharing, portability, and access from multiple intelligent endpoint devices, creating a conundrum for IT as it needs to balance business enablement, ease of access, and collaborative capacity with the need to maintain control and security of information assets.

  • Blogs
    Jul 29, 2013

    Cisco/Sourcefire: A Potential Game Changer for Cisco and the Cybersecurity Industry

    Enhances enterprise architecture and adds anti-malware, security intelligence, and forensics.

  • News
    Jul 25, 2013

    Sophisticated Malware Is Stumping Security Pros - CRN

  • News
    Jul 18, 2013

    Will IT GRC Become IRM? - Security Dark Reading

  • Blogs
    Jul 17, 2013

    Could Government Integrators Take Their Big Data Security Analytics Skills to the Commercial Market?

    Technology and skills are there but private sector affinity is still lacking.

  • Blogs
    Jul 12, 2013

    Goodbye NAC, Hello EVAS (Endpoint visibility, access, and security)

    New security and mobility requirements will make EVAS a network requirement.

  • NAC Solutions Evolve to EVAS: Endpoint Visibility, Access, and Security

    Network access control has been around for a decade, and the global recession and years of vendor consolidation certainly took a toll on NAC solutions. But NAC is not fading away. Instead, NAC has evolved into a new and stronger market segment called EVAS (Endpoint Visibility, Access, and Security).  CISOs should place NAC in their legacy file and begin to assess EVAS as part of their security strategies.

  • briefs
    Jul 9, 2013

    EnCase Analytics: Big Data Security Analytics Meets Endpoint Visibility

    Over the last few years, security professionals continue to fall farther and farther behind with security controls and incident detection.  Why?  Many organizations approach cybersecurity with an array of signature-based tools, perimeter gateways, disjointed processes, and limited security resources/skills. These legacy tactics can no longer keep up with increasingly dangerous threats.  CISOs can improve situational awareness with the right big data security analytics to help with controls adjustments, incident detection, problem isolation, and remediation.  EnCase Analytics, with all the requirements of a big data security analytics solution, will provide built-in algorithms, ad-hoc query capabilities, and security technology integration in order to help organizations accelerate, automate, and streamline overall cybersecurity operations. Additionally, by focusing on the often neglected area of endpoint artifacts, EnCase Analytics can help security-conscious organizations benefit from proactive assessment of the security risks and gain complete visibility into their security posture.

  • briefs
    Jul 9, 2013

    IBM: An Early Leader across the Big Data Security Analytics Continuum

    Many enterprise organizations claim that they already consider security data collection and analysis as “big data,” but they don’t have security analytics solutions capable of addressing their scalability, performance, or operational needs. ESG believes that tactical security analytics solutions and compliance-centric SIEM tools are no match for today’s big data security analytics needs. Leading vendors are addressing this gap with real-time and asymmetric big data security analytics systems built for scale and intelligence. IBM is one of few vendors offering an integrated approach that spans the entire continuum of enterprise security analytics needs.

  • Blogs
    Jul 8, 2013

    EMC Adds Aveksa to its Enterprise Security Portfolio

    Synergistic acquisition will complement existing RSA business and open new doors.

  • research briefs
    Jul 8, 2013

    Quantifying the Benefits of Testing Web Applications for Security

    Organizations may use static, dynamic, or other types of testing tools to validate the security of their web applications, but does all that testing really make a difference? According to ESG research, it does. This research brief looks at the relationship between the use of application security testing tools and the confidence levels that organizations report about the security of their web applications.

  • Blogs
    Jul 3, 2013

    The Big Data Security Analytics “Trifecta”

    Best solutions will collect, process, analyze, and correlate data in three key areas.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.

Full Biography


Enter your email address, and click subscribe