Doug Cahill

Doug Cahill

Doug is a senior analyst covering cybersecurity at ESG, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.
Prior to joining ESG, Doug held executive leadership positions at security firms Threat Stack and Bit9, where he launched market leading products and forged strategic partnerships. Over the years, Doug has also served in product management, marketing, and business development roles for storage management, networking, and database vendors, and started his career in IT as a business analyst.
Doug has a B.A. from the University of Massachusetts, Amherst, and enjoys spending time in the northern New England mountains and lakes.

Recent Posts by Doug Cahill:

S3 Security Front and Center at AWS re:Invent

Man, talk about the proverbial firehose. AWS re:Invent 2017 proved to be a wide open torrent of announcements from AWS and the partner ecosystem alike, making recap blogs such as this a bit of a mission impossible. For starters, AWS’s security announcements included:

Topics: AWS re:Invent

The Drivers of Change in Endpoint Security

I guess I still think like a product manager. In my last blog, the first of a few analyzing key findings from ESG’s recent endpoint security, I shared my take on the net-net design center for contemporary endpoint security solutions, one that serves two masters – efficacy and efficiency. The state of endpoint security can be characterized as one of constant change in which organizations are implementing compensating measures to improve both the efficacy and efficiency. But what factors are driving the “efficient efficacy” market requirement?

With respect to efficacy, ESG’s endpoint security research highlights that customers have experienced, and are concerned about, a diverse range of threats:

Topics: Cybersecurity endoint security

Endpoint Security: The Efficient Efficacy Design Center

Efficacy and efficiency can no longer be mutually exclusive outcomes when it comes to endpoint security. Yes, organizations want their cake and they absolutely want to eat it too – they want to detect and stop more threats, but can’t incur much heavy lifting in the process. According to recent research conducted by ESG, while organizations report poor efficacy, as expressed in their antivirus software being unable to detect and prevent new and unknown threats as an endpoint security challenge, four other issues, all operational in nature, topped efficacy as pain points, including:

Topics: Cybersecurity endpoint security

Black Hat 2017: Disruption in the Wind

Such blogs typically offer 3 or 4 takeaways from seminal industry events; I have one from Black Hat 2017—disruption of core cybersecurity markets is in the air.

Topics: Cybersecurity Black Hat

ESG Cybersecurity Research and a Preview of Black Hat USA 2017 (Video)

In this video blog, my colleague Jon Oltsik and I discuss some of the insights from ESG’s cybersecurity research we expect to be topical at Black Hat USA 2017, including:

  • The challenges and solutions around security operations and analytics and the need for a security operations and analytics platform architecture (SOAPA).
  • The constant state of change in the endpoint security landscape in which organizations regularly re-evaluate processes, technologies, and vendors.
Topics: Cybersecurity hybrid cloud SOAPA security operations analytics platform Black Hat 2017

The Role of Standards in a Security Ops and Analytics Platform Architecture (Video)

In this second of a two-part video series, Mike Viscuso, Carbon Black CTO, and I pull on more SOAPA (security operations and analytics platform architecture) threads, including the role of SIEM in the next-gen SOC. Because it is in the context of SIEMs that we’ve seen the adoption of standard formats such as CEF and LEEF for alert propagation and STIX and TAXII for threat intelligence sharing, we explore not only the need for more such standards but the factors that lead to adoption. We then discuss user behavior analytics (UBA) data enrichened with other sensor data as an example of how a reference architecture like SOAPA makes data actionable, in this case to thwart the insider threat. We wrap up with a view into the future with respect to possible industry consolidation and the emergence of cybersecurity platforms to relieve point tool fatigue, a theme Mike challenges, noting the need for ongoing innovation to counter the motivated adversary. 

Topics: Cybersecurity SIEM SOAPA security operations and analytic platform

An EDR Perspective on Security Ops and Analytics Architecture (Video)

In this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Topics: Cybersecurity SOAPA security operations and analytic platform EDR endpoint detection and response

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Continued (Video)

In this second of a two-part video blog series, my colleague Jon Oltsik and I discuss some of the themes and takeaways from RSA Conference 2017.

Closing the cloud security readiness gap with platforms: Many vendors at RSA were offering cloud security solutions to help organization close the gap between the use of the cloud services within their company and their readiness to secure that use. These solutions spanned the gamut of “from,” “in,” and “to” cloud security with respect to security from the cloud (i.e., security-as-a-service\SECaaS), infrastructure security (workloads, APIs), and cloud app security (i.e., CASB), respectively. Compounding the readiness gap is good old heterogeneity -- most orgs use many cloud apps and multiple IaaS providers. In fact, ESG research reveals that 75% of organizations consuming IaaS services today do so from more than one CSP. These adoption dynamics create the need for cross app and cross cloud coverage which is why major players such as Cisco, Trend Micro, and Symantec are highly focused on the breadth of their cloud security portfolios while cloud security specialists such as CloudPassage, Netskope, Illumio, vArmour, Threat Stack, and others are also helping companies close the gap with offerings that continue to offer both breadth across cloud services and depth of functionality.  

Topics: Cybersecurity rsa conference Data Center Consolidation cloud security

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

RSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Topics: Cybersecurity endpoint security rsa conference security analytics SOAPA security operations and analytic platform

Scratching the Surface on What to Expect at RSA 2017 (Video)

With what is expected to be the largest RSA Conference to date just around the corner, my colleague Jon Oltsik and I share some thoughts on what we are expecting at this year’s seminal cybersecurity event in this video. We discuss the broad-based nature of ransomware, with commentary on how “rearview mirror ransomware protection” will address certain tiers of ransomware while new blended ransomware attacks, as well as those that target back-end infrastructure, will require additional controls and techniques. One such technique being applied in many cybersecurity products is machine learning, for which we frame its role in the context of a layered defense. We also consider how the rapid evolution of the cloud security product category, driven by the broad adoption of cloud service, could be an area of functional convergence and note the need for a security operations and analytic platform architecture (SOAPA) for hybrid cloud environments. On the topic of cloud, we also note the compelling benefits of cloud-delivered security solutions (security-as-a-service) for operational efficiency at cloud scale.

Topics: Cybersecurity rsa conference ransomware SOAPA security operations and analytic platform