Most Recent Blogs

CISOs Must “Think Different”

Posted: April 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Apple, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, SIEM, ArcSight, Blue Coat, RSA Security, CISO, Anti-malware, NetWitness, IDS/IPS, Firewall & UTM

Remember the “Think Different” advertising campaign from Apple? It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso.

The “Think Different” ads coincided with Steve Jobs’s return to Apple as well as his somewhat contrarian and analytical mindset. In a PBS interview, Jobs offered this philosophical insight about life:

Read More

Big Data Security Analytics FAQ

Posted: September 25, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Data Management & Analytics, Hadoop, Information and Risk Management, Dell, Enterprise Software, Security and Privacy, Security, big data security analytics, SIEM, LogRhythm, ArcSight, Leidos, RSA, netSkope, click security, APT, Packetloop

I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.

While big data security analytics content varies from discussion to discussion, I consistently come across a lot of misunderstanding around the topic as a whole. This is understandable since “big data” is really a marketing term that the industry has all but coopted. Worse yet, security vendors have glue the mystery of “big data” and, the misconceptions of security analytics, and marketing hype together. No wonder why security professionals remain confused!

Read More

IBM Extends Its Cybersecurity Footprint With Trusteer Acquisition

Posted: August 26, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Information and Risk Management, Security and Privacy, Security, big data security analytics, enterprise security, ArcSight, RSA Security, Anti-malware, Trusteer

Yes, the IBM/Trusteer deal happened on 8/15 but summer activities interrupted my blogging schedule so I’m just catching up.

Rumor has it that IBM paid somewhere between $800m and $1 billion for the Israeli cybersecurity firm. That’s a lot of dollars, shekels, or any other currency but Trusteer can help IBM extend its information security shadow with:

  1. A greater presence in the financial services market. IBM is a major player in financial services with IT equipment, software, and services but is still playing catch up with CISOs in this space. With the acquisition of Trusteer, IBM grabs an established leader in web fraud detection (along with Silver Tail/RSA)and a killer installed base in the world’s largest banks. IBM will certainly use this new stature to position QRadar against ArcSight and establish a leadership position in big data security analytics. This is important since financial services firms tend to be aggressive spenders when it comes to information security.
  2. An advanced endpoint security solution. In spite of its aggressive push into security over the past few years, IBM’s participation in endpoint security has been limited to management (i.e. BigFix) and partnerships. The Trusteer acquisition gives IBM a new type of anti-malware solution that can act as an additional layer of endpoint security and can be deployed on PCs, Macs, and mobile devices. Trusteer endpoint security technology is sound but it was not big enough to push into the enterprise market to compete with Bromium, Invincea, Malwarebytes, or Sourcefire. IBM certainly has the resources to make this happen soon. Look for IBM to integrate Trusteer anti-malware capabilities with its network-based solutions (i.e., ISS) to form a comprehensive network/endpoint anti-malware architecture.
  3. Greater intelligence and cloud services. Trusteer solutions are anchored by research, intelligence, and cloud-based protection. IBM can spread these capabilities across existing resources like its xForce security research, QRadar SIEM, and various managed security services options.
  4. Mobile security solutions. Rather than develop its own MDM, IBM is pitching mobile security as part of a bigger play that includes secure application development processes, application security testing, endpoint device management, identity and access management, and network security. IBM will likely fold the Trusteer mobile risk engine, SDK, and secure browser, and out-of-band mobile authentication into its mobile enterprise security mix.
  5. A recruiting hub. IBM plans to establish a presence in Israel for cybersecurity research and development. Given the global shortage of security talent this is a very shrewd move giving IBM access to elite talent coming out of the IDF and Unit 8200.
Read More

New Requirements for Security Monitoring

Posted: July 31, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Cisco, Information and Risk Management, HP, McAfee, Security and Privacy, SIEM, ArcSight, Juniper Networks, RSA, Solera Networks, NetWitness, Quest Software, Tibco, LogLogic, Q1 Labs

Today's information security threats are difficult to defend against. On the one hand, the volume of malware variants has gone through the roof over the past few years. On the other, targeted attacks have become more stealthy and damaging.

Read More

Tibco and LogLogic: An Interesting and Revealing Acquisition

Posted: May 16, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Information and Risk Management, HP, McAfee, Enterprise Software, Security and Privacy, SIEM, ArcSight, RSA Security, log management, Big Data Analytics, Tibco, LogLogic, Q1 Labs

Over the past few years, a number of independent Security Information and Event Management (SIEM) vendors were acquired by bigger players. In late 2010, HP scooped up market leader ArcSight for $1.5 billion. Last year, McAfee purchased Nitro Security while IBM acquired Q1 Labs.

Read More

My Take On The Security IPOs: Infoblox, Palo Alto Networks, and Splunk

Posted: April 20, 2012   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Check Point, Palo Alto Networks, Cisco, Information and Risk Management, Juniper, Sourcefire, Dell, McAfee, Security and Privacy, SIEM, ArcSight, RSA, saic, IPO, Firewall, Splunk, Q1 Labs, SecureWorks, SonicWall, Windows

Splunk (SPLK) went public this week and both Infoblox and Palo Alto Networks will soon follow. This could be the start of a security IPO run moving forward. Why? Status quo security defenses aren't working so there is a burgeoning market for next-generation security technologies. This market opportunity has driven M&A activities for years but we've recently seen far broader interest in security. HP grabbed ArcSight and started a security business unit. IBM acquired Q1 Labs and did the same. Dell purchased SecureWorks and SonicWall. Investment is pouring into the security sector driving innovation and a present and future wave of IPOs.

Read More

We Need Security Standards like Mitre's Common Event Expression (CEE)

Posted: April 18, 2012   /   By: Jon Oltsik   /   Tags: Microsoft, Cisco, Information and Risk Management, HP, McAfee, Security and Privacy, SIEM, Mitre, ArcSight, log management, NIST, Verizon, Linux

Over the past few years, I've been involved with a number of ESG Research projects all pointing to a few common problems. Even in the most sophisticated shops, security teams struggle to collect the avalanche of security data generated from different log files and tools, analyze this data in a proactive manner, or find the proverbial needle in the haystack indicating anomalous behavior.

Read More

The Intersection of Security Intelligence and Big Data Analytics

Posted: February 13, 2012   /   By: Jon Oltsik   /   Tags: IBM, Data Management & Analytics, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, SIEM, LogRhythm, ArcSight, security intelligence, NetFlow, log management, Splunk, Big Data Analytics, Q1 Labs, RedLambda

It's official, the security industry has jumped on the "big data" bandwagon with both feet. How do I know? Well, I'm participating in a panel discussion on this topic at RSA and I believe there are 2 other sessions on the topic. I guess anyone headed to San Francisco later this month should be prepared to get a big dose of big data.

Read More

Posts by Topic

see all