Kyle Prigmore

Kyle Prigmore

Kyle Prigmore is a Research Analyst with the Enterprise Strategy Group. He works with ESG Senior Principal Analyst Jon Oltsik and Senior Analyst Doug Cahill covering all aspects of cybersecurity in the public and private sectors. Kyle’s research and writing centers around cybercrime, endpoint security, consumer security, and physical security.

Prior to joining ESG, Kyle held several unique jobs that offered him the ability to learn and travel the country. He holds bachelor degrees in History and English from St. Michael’s College, and when not at his desk can be found engaging in various season-dependent activities.

Recent Posts by Kyle Prigmore:

Consumer Security and Consumer Privacy Are Two Separate Conversations

As the title of this blog post implies, there seems to be a blurred line in the general rhetoric between “privacy” and “security”. These topics are not the same, and yet I see them lumped together all too often (ahem, CNN & Co). It's tough, however, to weave a coherent single narrative on the subjects, so let me present a few disparate points to help distinguish the two:

Topics: Security and Privacy Security endpoint security antivirus privacy antivirus software consumer security

What Consumers Really Need to Worry About in 2016

New Year’s Eve has come and gone, and thusly, the annual prediction blog cycle draws to a close. Permit me to sneak one in just before the doors are locked, if you would. I've put together a list of three consumer security bogeymen (more hype than substance) and three consumer security issues that everyone needs to actually worry about. There is a very obvious theme here in terms of the division — see if you can spot it!

Topics: IoT Security endpoint security consumer security

Some Thoughts for Millennials that Diss Antivirus

My generation can get awfully snarky about antivirus: go on reddit, search for the topic, and you’ll find some arrogant responses along the lines of “antivirus is just adware and all I need is Malwarebytes”.

Well hey, good for you, and Malwarebytes is great (I use it too). But we millennials have a harder time remembering what the internet was like before AV came along, a time when any email or misclicked website could brick your computer. Now with the rise of ransomware and targeted attacks putting entire devices at risk once more, we have somehow resorted to blaming antivirus for not being effective enough at blocking these attacks. It’s unfair and short-sighted, and the popularity of the “AV is unnecessary” trend remains perpetually premature.

Topics: Cybersecurity Security endpoint security antivirus Anti-malware cyber crime

Consumers Are Getting Smarter, Driving Security Innovation

Every year at Blackhat there is a section of the show floor charmingly referred to as "Innovation City," which functions as an area for up-and-coming vendors to show their stuff. One of the citizens of Innovation City this year was x.o.ware, which bills itself as an "end-to-end encryption solution" that makes public Wi-Fi completely secure. At the risk of misrepresenting their product (I have not been officially briefed), essentially what they do is this: the customer buys a box (which is called XOnet and looks like a mini Wi-Fi router) that stays at home. With that box comes a small piece of rubber-covered  hardware (which is called an XOkey); this key pairs with the box and then plugs into a laptop. Result? If I am at Starbucks on public Wi-Fi, I plug the encryption key into my computer, it uses the public Wi-Fi to tunnel back to my XOnet box at home, and voila! --my very insecure public Wi-Fi connection has become a secure home Wi-Fi connection. This is a very cool idea! But as cool as the idea is, I found myself wondering- are people ready to buy personal security hardware? Are people even thinking about this stuff? 

People (Still) Don’t Care About Cyber Attacks

Let’s get something out of the way: I know that all the data says people care more about their privacy than ever before, and especially the under-40 age group sees it as a “key issue.” And I don’t for a second doubt the data—if you ask me in a survey, “Is privacy important to you?,” I’ll say yes. If you ask “Would you do business with a company that does not protect your privacy?,” I would say no—because those are the right answers, and intellectually we understand that. But there is a gigantic disconnect between what people say in a survey, and how they actually behave. I’m the first to admit guilt here.

Topics: Cybersecurity Security privacy cyber attack

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Information Security endpoint endpoint security IT buyers IT Spending Intentions skills shortage IT purchasing IT skills security spending

The Roller Coaster Ride toward Free Antivirus

ESG data shows that 57% of enterprises have either already switched to free antivirus software or are actively exploring the option. It makes some sense: Free AV programs have posted competitive efficacy rates against paid versions, and AV is increasingly viewed as an IT operations checkbox as opposed to a pure endpoint security control. There also seems to be a decreasing need to assign budget for AV. The thinking is that those dollars could instead be spent on newer technologies such as advanced endpoint anti-malware products, endpoint forensics, or endpoint analytics. For many organizations, ditching paid antivirus for a free product could be viewed as a sensible cost-cutting move. 

Topics: McAfee Kaspersky Avast trend micro antivirus free antivirus

The Heartbleed Bug (in English)

News of the so-called Heartbleed bug made the rounds last week. I received a message from a friend asking, “Why didn’t you warn me about this?” So I had better respond.

Unlike, say, the Target breach, this one was steeped in tech lingo that made understanding it a bit of a project. So let’s walk through what happened and how it affects the average user.

Topics: Information Security Information and Risk Management Security and Privacy Security endpoint security

Endpoint Themes

Here are some trends to keep an eye on (in no particular order):

Topics: Information Security Information and Risk Management endpoint Security and Privacy Security endpoint security

How Antivirus Continues to Compete

Despite well over a decade of sales success, antivirus technology has never been beloved in the security marketplace. Security professionals do not have immense faith in antivirus (AV) products to stop modern malware, and average users have never enjoyed the notifications, scans, and updates that go along with protecting a computer from roughly 6,000 new malware variants per day.

Topics: Information and Risk Management Security and Privacy Security malware Mandiant bromium antivirus Cylance Bit9 AV Guidance antivirus software