Most Recent Blogs

VMware Advances Application Security

Posted: August 30, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, VMware, VMworld, NSX, application security, AppDefense

GettyImages-482835783.jpgThis week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior, and then provide a series of least privilege controls for applications and options for security incident remediation.

Now in some respects, AppDefense is a lot like application white listing/black listing, which can be very effective for limiting the attack surface but the historical problem with application controls is operational overhead. If you want to implement white listing, you have to know what workloads are running and whether they are allowed to, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior. 

Read More

High Demand Cybersecurity Skills in 2017

Posted: December 20, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, cloud security, application security, security analyst, security engineer, penetration testing

business-people.jpgAs I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!

Read More

Swimming application security upstream with SecDevOps

Posted: July 27, 2016   /   By: Doug Cahill   /   Tags: Cybersecurity, DevOps, application security

secdevopsI used a metaphor during a cloud security webinar this week to explain how SecDevOps is an opportunity to “swim security upstream”, an expression that reminded me of an aspect of being a QA Manager earlier in my career. Our software development process included an acceptance phase, which, for repeatability, we executed by running a set of automated tests through a harness. Too often basic mistakes would be found, resulting in the build being rejected and thrown back over the wall to Dev, as it was back in the days of waterfall.

These inefficiencies highlighted the need to swim quality upstream in the dev process by requiring unit tests before release engineering ran a build and handed it off to QA. Just as was the case with such quality assurance steps, so too often are application security best practices performed late in the cycle, if at all. Enter SecDevOps.

Read More

Cybersecurity Customer Segments in 2016

Posted: January 19, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, enterprise security, application security

cybersecurity segmentsDepending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year but that’s still a lot of vendors.

Read More

Software Security is Not Keeping Up

Posted: December 09, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, web application security, application security

security softwareWe cybersecurity professionals spend a heck of a lot of time in areas like endpoint security, network security, and overall threat management. In the dozen years I’ve been focusing on cybersecurity, this situation hasn’t changed. Unfortunately, this means that we haven’t paid enough attention to software security in the past, and we continue to maintain this basic status quo approach today.

Read More

Posts by Topic

see all