In spite of marginal progress, privileged accounts remain vulnerable. Why? Sophisticated cyber attacks like APTs take advantage of informal processes, weak security controls, and monitoring limitations to target administrator accounts, compromise their systems, and gain access to valuable IT assets. Tactical changes don’t go far enough. Rather, CISOs need to think in terms of a privileged account security architecture offering central control, management, monitoring, and oversight of privileged accounts for IT assets throughout the enterprise.
Technology and innovation got all the attention at RSA 2013 while information security service providers can’t keep up with demand.
The recent wave of information security breaches has gotten attention from the corner office. CEOs and corporate boards are now willing to invest more time and attention in cybersecurity but they are also demanding better visibility, monitoring, and oversight of IT risk so they can make informed and timely investment decisions. Unfortunately, CISOs are hamstrung by legacy security tools which collectively generate huge volumes of data but can’t consolidate and report on this data in a way that is meaningful to the business stakeholders. What’s needed? A next-generation security management architecture built for scale, integration, automation, and business/IT analytics.
FireEye, Palo Alto Networks, and new cybersecurity requirements were buzzing at RSA 2013.
The information security industry is improving but many don’t understand the principles of security or their customers.
The information security industry is trending in the right direction but more work lies ahead.
Visible cybersecurity issues provide an opportunity for vendors to demonstrate knowledge, comprehensive solutions, and leadership at RSA Security Conference 2013.
5 things I hope to hear about at the RSA Conference – but I’m not sure I will.
Well intended cybersecurity regulations created inadvertent detours, operational overhead, and vulnerabilities.
What happens next? When? Will we see further action on cybersecurity, or inaction, and by whom?
The upcoming State of the Union Speech is a perfect opportunity for President Obama to announce a pragmatic cybersecurity plan.
Annual hype-fest later this month will demonstrate which vendors “get it” and which are posers
There is no advanced persistent threat (APT) magic bullet solution but the New York Times breach should signal the need for information and endpoint security changes.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188