Network Security Sandboxes Driving Next-Generation Endpoint Security

Remember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006. In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010. This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.

Topics: Network Security Cybersecurity endpoint security antivirus APT

Endpoint Security Has Grown More Difficult and Tedious

As I’ve written several times, endpoint security used to be synonymous with a single software product category--antivirus software.  As a result, the endpoint security market was really dominated by five major vendors:  Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.

Fast forward to the past few years and APTs, sophisticated malware, targeted attacks, and zero-day exploits are now changing the endpoint security landscape. 

Topics: endpoint security APT antivirus software

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Topics: IBM Palo Alto Networks Fortinet Cisco Information and Risk Management FireEye McAfee Security and Privacy Security risk management endpoint security Proofpoint incident detection incident response Blue Coat RSA Security Anti-malware incident prevention APT

Are Enterprise Organizations Ready to Use Free AV Software?

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

Topics: Microsoft Endpoint & Application Virtualization Cisco Information and Risk Management Sourcefire McAfee Security and Privacy Security Bradford Networks Malwarebytes Kaspersky Lab Juniper Networks freeware ForeScout Avast trend micro bromium Symantec security intelligence Great Bay Software antivirus Cylance Bit9 Anti-malware APT

Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Topics: IBM Palo Alto Networks Information and Risk Management FireEye Security and Privacy Security malware Mandiant Barracuda Leidos Target cybercrime CSC Anti-malware NIST APT Unisys Splunk

Endpoint Security Market Transformation In 2014

It is widely agreed that the security software market is over $20 billion worldwide and that endpoint security software (aka antivirus) makes up the lion’s share of this revenue. After all, AV is an endpoint staple product bundled on new PCs, required as part of regulatory compliance, and even available for free from reputable providers such as Avast, AVG, and Microsoft.

Yup, AV software is certainly pervasive but traditional endpoint security vendors will face a number of unprecedented challenges to their comfy hegemony in 2014 for several reasons:

  1. Security professionals are increasingly questioning AV effectiveness. According to ESG research, 62% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that traditional endpoint security software is not effective for detecting zero-day and/or polymorphic malware commonly used as part of targeted attacks today. To quote Lee Atwater, ‘perception is reality’ when it comes to AV.
  2. Many organizations are already moving beyond AV. ESG research also indicates that over half (51%) of large organizations are planning to add new layers of endpoint security software in order to detect/prevent advanced malware threats. This means that enterprise companies aren’t waiting for AV vendors to catch up but rather spending on new endpoint defenses – likely with new vendors.
  3. The industry is turning up the heat. The AV market has been a cozy oligopoly dominated by a handful of vendors. This market is coming unglued as a combination of new threats and user perceptions is opening the door to an assortment of upstarts. The list includes smaller firms like Bit9, Cylance, Malwarebytes, and Triumfant as well as 800-pound gorillas like Cisco (with Sourcefire FireAMP, IBM (with Trusteer), and RSA Security (with ECAT). Oh, and let’s not forget red hot FireEye’s acquisition of Mandiant or Palo Alto’s purchase of Morta. These two firms are intent on leaving AV vendors in the dust as they pursue the title of “next-generation security company” (whatever that means).
Topics: IBM Microsoft Palo Alto Networks Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security Malwarebytes Triumfant Mandiant Avast trend micro RSA antivirus Cylance Bit9 Anti-malware APT Trusteer

It Could Be a Very Happy New Year for FireEye

Ah, December. Time to reflect on the past year and look ahead to 2014. In retrospect, 2013 was a banner year for the security industry as the world finally woke up to the very real perils of cybersecurity. Of all the many events of this year, however, FireEye’s IPO may have trumped them all. As I write this blog on December 11, 2013, FireEye’s market cap is just north of $4.5 billion. Wow!

Yup, Wall Street loves a hot market and a timely IPO – check and check for FireEye. Okay but when the New Year’s Eve champagne turns into the New Year’s Day hangover, what’s in store for FireEye in 2014?

Topics: Palo Alto Networks Fortinet Cisco Information and Risk Management Sourcefire FireEye Security and Privacy LogRhythm trend micro Blue Coat Firewall Anti-malware APT Hexis

Big Data Security Analytics FAQ

I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.

While big data security analytics content varies from discussion to discussion, I consistently come across a lot of misunderstanding around the topic as a whole. This is understandable since “big data” is really a marketing term that the industry has all but coopted. Worse yet, security vendors have glue the mystery of “big data” and, the misconceptions of security analytics, and marketing hype together. No wonder why security professionals remain confused!

Topics: IBM Cybersecurity Data Management & Analytics Hadoop Information and Risk Management Dell Enterprise Software Security and Privacy Security big data security analytics SIEM LogRhythm ArcSight Leidos RSA netSkope click security APT Packetloop

Organizations Remain Vulnerable to Insider Attacks

Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it.

Topics: Cloud Computing Information and Risk Management Security and Privacy Security malware Booz Allen Hamilton nsa Edward Snowden Anti-malware APT

Which Security Vendors Have an Advantage with Integrated Network and Host-based Security?

Suppose that President Obama scheduled a visit to New York for an event in Time Square. Now what if the Secret Service deployed two teams responsible for security; one to secure the Avenues running north and south (i.e. Broadway, 7th Ave., etc.), and another to do the same for the streets running east and west (i.e., 49th St., 48th St., etc.)? Further, what if these teams operated independently with little coordination and communications and different chains of command?

Topics: IBM Network Security Check Point Cisco Information and Risk Management Sourcefire FireEye HP McAfee Security and Privacy Security endpoint security Guidance Software trend micro Symantec Blue Coat antivirus Anti-malware APT