Most Recent Blogs

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Jon has an M.B.A. and a B.A. from the University of Massachusetts, Amherst. As an escape from cybersecurity intelligence and technology, he plays guitar in a rock-and-roll cover band.

The Problem with Collecting, Processing, and Analyzing More Security Data

Posted: September 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, TAXII, STIX, Splunk, SOAPA, CIM

GettyImages-639649350.jpgSecurity teams collect a heck of a lot of data today. ESG research indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. What types of data? The research indicates that the biggest data sources include firewall logs, log data from other types of security devices, log data from networking devices, data generated by AV tools, user activity logs, application logs, etc.

Read More

Phased Process for Cloud Security

Posted: September 19, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, cloud security, micro-segmentation

cloud_security.jpgMy colleague Doug Cahill and I have been following the development of cloud security for the past few years. What we’ve noticed is that many organizations tend to track through a pattern of actions as their organization embraces public cloud computing. The sequence goes through the following order:

  1. The pushback phase. During this period, CISOs resist cloud computing, claiming that workloads won’t be adequately protected in the public cloud. This behavior may still occur for late-comers or very conservative firms but the cloud computing ship has definitely sailed at most large enterprises. In other words, CISOs aren’t given an out clause--rather, they must figure out how to secure cloud-based workloads whether they like it or not.
Read More

Security Operations Spending and ROI

Posted: September 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

Return-on-investment.jpgESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Read More

SOAPA Chat with Vectra Networks (Video, Part 2)

Posted: September 08, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra2.jpgOld friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Read More

Cybersecurity Pros' Opinions on Their Organization’s Security Operations

Posted: September 05, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOAPA, SOC

voicing_opinions.jpgESG recently published a new research report titled, Cybersecurity Analytics and Operations in TransitionThe report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
Read More

Talking SOAPA with Vectra Networks (Video, Part 1)

Posted: August 31, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, network security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra.jpgOld friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Read More

VMware Advances Application Security

Posted: August 30, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, VMware, VMworld, NSX, application security, AppDefense

GettyImages-482835783.jpgThis week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior, and then provide a series of least privilege controls for applications and options for security incident remediation.

Now in some respects, AppDefense is a lot like application white listing/black listing, which can be very effective for limiting the attack surface but the historical problem with application controls is operational overhead. If you want to implement white listing, you have to know what workloads are running and whether they are allowed to, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior. 

Read More

Security Operations Challenges Galore

Posted: August 28, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOC

GettyImages-695971570.jpgAfter a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals (Cybersecurity Analytics and Operations in Transitionidentified some of the biggest security analytics and operations challenges. For example:

  • 30% of respondents say that their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
Read More

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Cybersec Pros Choose Their Top Enterprise-class Cybersecurity Vendors

Posted: August 14, 2017   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Cisco, McAfee, Enterprise, Symantec, CISO

checklist.jpgBased upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:

  1. Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.
  2. Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.
  3. All organizations need help. Yes, companies are still buying new security tools, but these new products are often accompanied by professional services. Additionally, many CISOs are now looking at cybersecurity through a portfolio management lens and figuring out which areas to outsource to MSSPs and SaaS providers.
Read More

Posts by Topic

see all