Most Recent Blogs

Anticipating Black Hat

Posted: August 01, 2014   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, Data Management & Analytics, Information and Risk Management, Juniper, HP, McAfee, Enterprise Software, Security and Privacy, Crowdstrike, Lockheed Martin, Black Hat, trend micro, RiskIQ, 21CT, Leidos, Norse, CybOX, BitSight, Symantec, RSA, TAXII, ISC8, Blue Coat, STIX, Webroot

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.

Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:

  • Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations.
  • The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
  • Threat intelligence. All of the leading infosec vendors (i.e., Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot, etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse.
  • Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e., 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics.
Read More

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Posted: May 27, 2014   /   By: Jon Oltsik   /   Tags: IBM, Big Data, Cisco, Information and Risk Management, FireEye, Dell, endpoint, Security and Privacy, Security, SIEM, Narus, Mandiant, Cybereason, LogRhythm, 21CT, Leidos, ISC8, Blue Coat, RSA Security, Lancope, netSkope, SDN, click security, Bit9, cybercrime, Carbon Black

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Read More

Hot Topics at the RSA Conference

Posted: February 20, 2014   /   By: Jon Oltsik   /   Tags: Cloud Computing, Check Point, Fortinet, Cisco, Networking, Information and Risk Management, FireEye, mobile, Security and Privacy, endpoint security, SIEM, Cybereason, Good Technology, bromium, 21CT, CloudPassage, Firewall, Cylance, click security, Bit9, Carbon Black, IDS/IPS, Firewall & UTM, Hexis Cyber Solutions, Public Cloud Service

It’s the calm before the storm and I’m not talking about the unusual winter weather. Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.

In spite of this year’s controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year. Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees.

Read More

Enterprise CISO Challenges In 2014

Posted: January 10, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Security and Privacy, Security, risk management, Centrify, Malwarebytes, LogRhythm, bromium, 21CT, Leidos, RSA, Invincea, Accenture, ISC8, Blue Coat, CloudPassage, click security, Bit9, CSC, Hexis, HyTrust

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.

At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:

  1. Improve risk management. This translates into threat/vulnerability measurement, threat prevention, and ongoing communication with the business mucky mucks. The problem here is that their networks are constantly changing, scans are done on a scheduled rather than real-time basis, and the threat landscape is dangerous, sophisticated, and mysterious.
Read More

Strong opportunities and some challenges for big data security analytics in 2014

Posted: December 13, 2013   /   By: Jon Oltsik   /   Tags: IBM, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Raytheon, Narus, 21CT, Leidos, Booz Allen, RSA, Cassandra, netSkope, click security, Anti-malware, Hexis

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March.

Read More

Real-Time Big Data Security Analytics for Incident Detection

Posted: December 09, 2013   /   By: Jon Oltsik   /   Tags: IBM, Information and Risk Management, Security and Privacy, Security, big data security analytics, SIEM, LogRhythm, incident detection, 21CT, ISC8, CISO, NetFlow, Lancope, netSkope, click security, Hexis Cyber Solutions

I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so they will likely focus on real-time big data analytics investments in 2014.

What do I mean by real-time big data security analytics? Think stream processing of data packets, network flows, and metadata looking for anomalous/suspicious network activities that provides strong indication of a security incident in progress. A multitude of vendors including ISC8, 21CT, Click Security, Hexis Cyber Solutions, IBM, Lancope, LogRhythm, Netskope, RSA Security, SAIC, and Solera Networks (and others) play in this space.

Read More

Information Security versus “Shadow IT” (and mobility, cloud computing, BYOD, etc.)

Posted: November 04, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Sailpoint, 21CT, RSA Security, Bit9, Octa, Splunk

We’ve all read the marketing hype about “shadow IT” where business managers make their own IT decisions without the CIO’s knowledge or approval. According to ESG research, this risk is actually overstated at most organizations, but there is no denying that IT is getting harder to manage as a result of BYOD, cloud computing, IT consumerization, and mobility.

As these trends perpetuate, CISOs find themselves in the proverbial hot seat – it’s difficult to secure applications, assets, network sessions, and transactions that you don’t own or control.

Read More

The Keys to Big Data Security Analytics Solutions: Algorithms, Visualization, Context, and Automation (AVCA)

Posted: October 15, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Cisco, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Narus, LogRhythm, 21CT, RSA Security, SilverTail, LexisNexis, Solera Networks, Lancope, click security, Hexis Cyber Solutions, Splunk

ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).

So enterprises will likely move to some type of big data security analytics product or solution over the next few years. That said, many CISOs I speak with remain confused about this burgeoning category and need help cutting through the hype.

Read More

Posts by Topic

see all