Most Recent Blogs

Network Security Sandboxes Driving Next-Generation Endpoint Security

Posted: January 15, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, antivirus, APT

The-Endpoint-Security-Paradox.jpegRemember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006. In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010. This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.

Read More

Endpoint Security Has Grown More Difficult and Tedious

Posted: February 04, 2015   /   By: Jon Oltsik   /   Tags: endpoint security, APT, antivirus software

As I’ve written several times, endpoint security used to be synonymous with a single software product category--antivirus software.  As a result, the endpoint security market was really dominated by five major vendors:  Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.

Fast forward to the past few years and APTs, sophisticated malware, targeted attacks, and zero-day exploits are now changing the endpoint security landscape. 

Read More

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

Posted: April 03, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, FireEye, McAfee, Security and Privacy, Security, risk management, endpoint security, Proofpoint, incident detection, incident response, Blue Coat, RSA Security, Anti-malware, incident prevention, APT

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Read More

Are Enterprise Organizations Ready to Use Free AV Software?

Posted: March 20, 2014   /   By: Jon Oltsik   /   Tags: Microsoft, Endpoint & Application Virtualization, Cisco, Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Security, Bradford Networks, Malwarebytes, Kaspersky Lab, Juniper Networks, freeware, ForeScout, Avast, trend micro, bromium, Symantec, security intelligence, Great Bay Software, antivirus, Cylance, Bit9, Anti-malware, APT

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

Read More

Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Posted: January 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Information and Risk Management, FireEye, Security and Privacy, Security, malware, Mandiant, Barracuda, Leidos, Target, cybercrime, CSC, Anti-malware, NIST, APT, Unisys, Splunk

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Read More

Endpoint Security Market Transformation In 2014

Posted: January 13, 2014   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Palo Alto Networks, Cisco, Information and Risk Management, Sourcefire, FireEye, McAfee, Security and Privacy, Security, Malwarebytes, Triumfant, Mandiant, Avast, trend micro, RSA, antivirus, Cylance, Bit9, Anti-malware, APT, Trusteer

It is widely agreed that the security software market is over $20 billion worldwide and that endpoint security software (aka antivirus) makes up the lion’s share of this revenue. After all, AV is an endpoint staple product bundled on new PCs, required as part of regulatory compliance, and even available for free from reputable providers such as Avast, AVG, and Microsoft.

Yup, AV software is certainly pervasive but traditional endpoint security vendors will face a number of unprecedented challenges to their comfy hegemony in 2014 for several reasons:

  1. Security professionals are increasingly questioning AV effectiveness. According to ESG research, 62% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that traditional endpoint security software is not effective for detecting zero-day and/or polymorphic malware commonly used as part of targeted attacks today. To quote Lee Atwater, ‘perception is reality’ when it comes to AV.
  2. Many organizations are already moving beyond AV. ESG research also indicates that over half (51%) of large organizations are planning to add new layers of endpoint security software in order to detect/prevent advanced malware threats. This means that enterprise companies aren’t waiting for AV vendors to catch up but rather spending on new endpoint defenses – likely with new vendors.
  3. The industry is turning up the heat. The AV market has been a cozy oligopoly dominated by a handful of vendors. This market is coming unglued as a combination of new threats and user perceptions is opening the door to an assortment of upstarts. The list includes smaller firms like Bit9, Cylance, Malwarebytes, and Triumfant as well as 800-pound gorillas like Cisco (with Sourcefire FireAMP, IBM (with Trusteer), and RSA Security (with ECAT). Oh, and let’s not forget red hot FireEye’s acquisition of Mandiant or Palo Alto’s purchase of Morta. These two firms are intent on leaving AV vendors in the dust as they pursue the title of “next-generation security company” (whatever that means).
Read More

It Could Be a Very Happy New Year for FireEye

Posted: December 11, 2013   /   By: Jon Oltsik   /   Tags: Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, Sourcefire, FireEye, Security and Privacy, LogRhythm, trend micro, Blue Coat, Firewall, Anti-malware, APT, Hexis

Ah, December. Time to reflect on the past year and look ahead to 2014. In retrospect, 2013 was a banner year for the security industry as the world finally woke up to the very real perils of cybersecurity. Of all the many events of this year, however, FireEye’s IPO may have trumped them all. As I write this blog on December 11, 2013, FireEye’s market cap is just north of $4.5 billion. Wow!

Yup, Wall Street loves a hot market and a timely IPO – check and check for FireEye. Okay but when the New Year’s Eve champagne turns into the New Year’s Day hangover, what’s in store for FireEye in 2014?

Read More

Big Data Security Analytics FAQ

Posted: September 25, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Data Management & Analytics, Hadoop, Information and Risk Management, Dell, Enterprise Software, Security and Privacy, Security, big data security analytics, SIEM, LogRhythm, ArcSight, Leidos, RSA, netSkope, click security, APT, Packetloop

I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.

While big data security analytics content varies from discussion to discussion, I consistently come across a lot of misunderstanding around the topic as a whole. This is understandable since “big data” is really a marketing term that the industry has all but coopted. Worse yet, security vendors have glue the mystery of “big data” and, the misconceptions of security analytics, and marketing hype together. No wonder why security professionals remain confused!

Read More

Organizations Remain Vulnerable to Insider Attacks

Posted: September 23, 2013   /   By: Jon Oltsik   /   Tags: Cloud Computing, Information and Risk Management, Security and Privacy, Security, malware, Booz Allen Hamilton, nsa, Edward Snowden, Anti-malware, APT

Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it.

Read More

Which Security Vendors Have an Advantage with Integrated Network and Host-based Security?

Posted: August 08, 2013   /   By: Jon Oltsik   /   Tags: IBM, Network Security, Check Point, Cisco, Information and Risk Management, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, Guidance Software, trend micro, Symantec, Blue Coat, antivirus, Anti-malware, APT

Suppose that President Obama scheduled a visit to New York for an event in Time Square. Now what if the Secret Service deployed two teams responsible for security; one to secure the Avenues running north and south (i.e. Broadway, 7th Ave., etc.), and another to do the same for the streets running east and west (i.e., 49th St., 48th St., etc.)? Further, what if these teams operated independently with little coordination and communications and different chains of command?

Read More

Posts by Topic

see all