Talking SOAPA with Vectra Networks (Video, Part 1)

Old friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Topics: Cybersecurity SIEM network security analytics SOAPA EDR Vectra Networks

VMware Advances Application Security

This week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior, and then provide a series of least privilege controls for applications and options for security incident remediation.

Now in some respects, AppDefense is a lot like application white listing/black listing, which can be very effective for limiting the attack surface but the historical problem with application controls is operational overhead. If you want to implement white listing, you have to know what workloads are running and whether they are allowed to, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior. 

Topics: Network Security Cybersecurity VMware VMworld NSX application security AppDefense

VMworld 2017 Day 1 Recap - VMware Moving Past Virtualization for Cloud, Mobile, and Security

Back at another VMworld! As I wrote in my preview blog, it’s been 10 years since I went to my first VMworld. As the years have gone by, not only the size of the show changed, but also VMware itself has changed. Over the past 4 or 5 years, VMware has pushed hard to move beyond its traditional virtualization/on-premises focus into areas like end-user computer (EUC), storage, networking, systems management, DevOps, and most notably, cloud. And those efforts have not been marketing or paper efforts. I’ve often noted in my discussions with customers that VMware is not getting the credit it deserves for the products it is releasing, especially in systems management. I think this year clearly is the year that VMware can shed the virtualization bias often applied to it.

Topics: VMworld VMworld 2017

Security Operations Challenges Galore

After a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals (Cybersecurity Analytics and Operations in Transitionidentified some of the biggest security analytics and operations challenges. For example:

  • 30% of respondents say that their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
Topics: Cybersecurity security analytics security operations SOC

Looking towards Data Management and Enablement in 2018 (Video)

Copy Data Management (CDM) and all the permutations of “Copy” “Data” “Management” with or without additional terms like “Active” “Enterprise” “Virtualization,” etc., seems to be the rage these days. A few years ago, there was only one visionary company talking about CDM. Today, we see a range of vendors now claiming to be CDM, even when they don’t deliver the breadth of capabilities that the industry may have presumed CDM to be; and others who have been quietly delivering those capabilities and more, without the terminology (a.k.a. they were CDM before CDM was cool).

Topics: Data Protection Copy Data Management CDM-DME Data Management & Enablement

Do you still need a VM-specific backup solution?

Probably not … but not for the reasons that you think. As most folks are getting ready for VMworld next week, ESG has published a brief, Is a VM-specific Approach to Backup & Recovery Still Necessary in 2017?

Topics: Data Protection VMworld VM-backup-recovery VMworld 2017

Nothing in IT Really Ends - Capisce? (Video)

I recently spent a little time in Italy, where I realized that whether in life or IT, nothing ever really goes away.

Topics: Cloud Computing Server Virtualization containers

What is an Enterprise-class Cybersecurity Vendor?

On Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Topics: Information Security IBM Cybersecurity Cisco McAfee Symantec CISO NIST ISSA

Network Services: Procurement and the Role of Service Providers

This is another piece in the “Road to Mobile World Congress” blogs. First part is here.

 

One of the choices in the move toward deploying solutions “as-a-service” is how something fundamental like network and services will be delivered. Unlike software, it’s obvious that some equipment is necessary at all locations, but as we have seen in the role of virtual CPE (vCPE), it’s possible to have much of the intelligence pushed out to the central office or to the cloud as virtualized services. 

Topics: Networking SD-WAN Mobile World Congress Americas

Future of Flash from Flash Memory Summit: Where there’s smoke, there’s fire

Flash Memory Summit (FMS) 2017 just wrapped up last week in beautiful Santa Clara, California. While I have added the list of official winners from the show below, the biggest unofficial winner of the week might have been the bar in the lobby of the Santa Clara Hyatt Regency Hotel. For those of you who did not attend, a fire in one of booths closed the entire expo floor for the length of the event. No one was injured, and you can read more about it here, but the bottom line is that the combo of fire and water is not good for technology. And… attendees had to go somewhere to discuss all things flash, and the bar was as good of a place as any.

Topics: Storage All flash NVMe Flash Memory Summit Storage Class Memory

Cybersec Pros Choose Their Top Enterprise-class Cybersecurity Vendors

Based upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:

  1. Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.
  2. Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.
  3. All organizations need help. Yes, companies are still buying new security tools, but these new products are often accompanied by professional services. Additionally, many CISOs are now looking at cybersecurity through a portfolio management lens and figuring out which areas to outsource to MSSPs and SaaS providers.
Topics: IBM Cybersecurity Cisco McAfee Enterprise Symantec CISO

LTE and 5G: The Role of Wireless in Future SD-WAN

As the debut of Mobile World Congress Americas approaches, I'm writing a series of blogs to describe how the solutions related to mobile carriers affect general enterprise networking.

 

 

SD-WAN has traditionally been a solution for branch networks that involves the combination of landline networks, such as MPLS, broadband, and even DSL. What’s not well appreciated is the participation of mobile networks, specifically LTE, to provide one of the paths for branch networking.

Topics: Networking SD-WAN Mobile World Congress Americas

Cybersecurity Analytics and Operations Skills Shortage

If you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Topics: Cybersecurity SIEM CISO security analytics mssp security operations ISSA SOC

How the Fluid Network Perimeter Is Driving an Internet of Identities

My esteemed colleague, Jon Oltsik, previously wrote about how identity and access management infrastructure is misaligned with security. Mobility, device proliferation, cloud, and the threat landscape make an enterprise IAM strategy extremely important, but many organizations continue to treat IAM as a hot potato, with no real owner or strategy. As I’m pursuing an upcoming research project related exploring IAM's key role in providing security via the Internet of Identities and speaking with IT pros who are rearchitecting their IAM infrastructure for mobility, I’m excited about how these business activities can be dramatically improved by taking a fresh look at IAM.

Topics: Cybersecurity IAM Enterprise Mobility Internet of Identities

Addressing Security Analytics and Operations Issues

Security budgets are up in 2017 and in many cases, dollars are earmarked for enhancing security operations. According to recent ESG research, 81% of cybersecurity professionals agree that improving security analytics and operations is a high priority at their organizations.

Topics: Cybersecurity security analytics security operations

Moving Forward with Machine Learning for Cybersecurity

At Black Hat last week, you couldn’t pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence. Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood.

Topics: Cybersecurity machine learning artificial intelligence

Black Hat Impressions

Like many others in the cybersecurity community, I attended Black Hat in Las Vegas last week. Here are my thoughts on the show:

Topics: Cybersecurity Black Hat CISO home network security SDP