CISOs Must “Think Different”

Remember the “Think Different” advertising campaign from Apple? It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso.

The “Think Different” ads coincided with Steve Jobs’s return to Apple as well as his somewhat contrarian and analytical mindset. In a PBS interview, Jobs offered this philosophical insight about life:

Topics: IBM Apple Cybersecurity Palo Alto Networks Cisco Information and Risk Management FireEye HP McAfee Security and Privacy Security endpoint security SIEM ArcSight Blue Coat RSA Security CISO Anti-malware NetWitness IDS/IPS Firewall & UTM

Big Data Security Analytics FAQ

I’ve been having a lot of conversations with security professionals about big data security analytics. In some cases, I present to a large audience or I’m on the phone with a single CISO in others.

While big data security analytics content varies from discussion to discussion, I consistently come across a lot of misunderstanding around the topic as a whole. This is understandable since “big data” is really a marketing term that the industry has all but coopted. Worse yet, security vendors have glue the mystery of “big data” and, the misconceptions of security analytics, and marketing hype together. No wonder why security professionals remain confused!

Topics: IBM Cybersecurity Data Management & Analytics Hadoop Information and Risk Management Dell Enterprise Software Security and Privacy Security big data security analytics SIEM LogRhythm ArcSight Leidos RSA netSkope click security APT Packetloop

IBM Extends Its Cybersecurity Footprint With Trusteer Acquisition

Yes, the IBM/Trusteer deal happened on 8/15 but summer activities interrupted my blogging schedule so I’m just catching up.

Rumor has it that IBM paid somewhere between $800m and $1 billion for the Israeli cybersecurity firm. That’s a lot of dollars, shekels, or any other currency but Trusteer can help IBM extend its information security shadow with:

  1. A greater presence in the financial services market. IBM is a major player in financial services with IT equipment, software, and services but is still playing catch up with CISOs in this space. With the acquisition of Trusteer, IBM grabs an established leader in web fraud detection (along with Silver Tail/RSA)and a killer installed base in the world’s largest banks. IBM will certainly use this new stature to position QRadar against ArcSight and establish a leadership position in big data security analytics. This is important since financial services firms tend to be aggressive spenders when it comes to information security.
  2. An advanced endpoint security solution. In spite of its aggressive push into security over the past few years, IBM’s participation in endpoint security has been limited to management (i.e. BigFix) and partnerships. The Trusteer acquisition gives IBM a new type of anti-malware solution that can act as an additional layer of endpoint security and can be deployed on PCs, Macs, and mobile devices. Trusteer endpoint security technology is sound but it was not big enough to push into the enterprise market to compete with Bromium, Invincea, Malwarebytes, or Sourcefire. IBM certainly has the resources to make this happen soon. Look for IBM to integrate Trusteer anti-malware capabilities with its network-based solutions (i.e., ISS) to form a comprehensive network/endpoint anti-malware architecture.
  3. Greater intelligence and cloud services. Trusteer solutions are anchored by research, intelligence, and cloud-based protection. IBM can spread these capabilities across existing resources like its xForce security research, QRadar SIEM, and various managed security services options.
  4. Mobile security solutions. Rather than develop its own MDM, IBM is pitching mobile security as part of a bigger play that includes secure application development processes, application security testing, endpoint device management, identity and access management, and network security. IBM will likely fold the Trusteer mobile risk engine, SDK, and secure browser, and out-of-band mobile authentication into its mobile enterprise security mix.
  5. A recruiting hub. IBM plans to establish a presence in Israel for cybersecurity research and development. Given the global shortage of security talent this is a very shrewd move giving IBM access to elite talent coming out of the IDF and Unit 8200.
Topics: IBM Cybersecurity Information and Risk Management Security and Privacy Security big data security analytics enterprise security ArcSight RSA Security Anti-malware Trusteer

New Requirements for Security Monitoring

Today's information security threats are difficult to defend against. On the one hand, the volume of malware variants has gone through the roof over the past few years. On the other, targeted attacks have become more stealthy and damaging.

Topics: IBM Cybersecurity Cisco Information and Risk Management HP McAfee Security and Privacy SIEM ArcSight Juniper Networks RSA Solera Networks NetWitness Quest Software Tibco LogLogic Q1 Labs

Tibco and LogLogic: An Interesting and Revealing Acquisition

Over the past few years, a number of independent Security Information and Event Management (SIEM) vendors were acquired by bigger players. In late 2010, HP scooped up market leader ArcSight for $1.5 billion. Last year, McAfee purchased Nitro Security while IBM acquired Q1 Labs.

Topics: IBM Cloud Computing Information and Risk Management HP McAfee Enterprise Software Security and Privacy SIEM ArcSight RSA Security log management Big Data Analytics Tibco LogLogic Q1 Labs

My Take On The Security IPOs: Infoblox, Palo Alto Networks, and Splunk

Splunk (SPLK) went public this week and both Infoblox and Palo Alto Networks will soon follow. This could be the start of a security IPO run moving forward. Why? Status quo security defenses aren't working so there is a burgeoning market for next-generation security technologies. This market opportunity has driven M&A activities for years but we've recently seen far broader interest in security. HP grabbed ArcSight and started a security business unit. IBM acquired Q1 Labs and did the same. Dell purchased SecureWorks and SonicWall. Investment is pouring into the security sector driving innovation and a present and future wave of IPOs.

Topics: IBM Microsoft Check Point Palo Alto Networks Cisco Information and Risk Management Juniper Sourcefire Dell McAfee Security and Privacy SIEM ArcSight RSA saic IPO Firewall Splunk Q1 Labs SecureWorks SonicWall Windows

We Need Security Standards like Mitre's Common Event Expression (CEE)

Over the past few years, I've been involved with a number of ESG Research projects all pointing to a few common problems. Even in the most sophisticated shops, security teams struggle to collect the avalanche of security data generated from different log files and tools, analyze this data in a proactive manner, or find the proverbial needle in the haystack indicating anomalous behavior.

Topics: Microsoft Cisco Information and Risk Management HP McAfee Security and Privacy SIEM Mitre ArcSight log management NIST Verizon Linux

The Intersection of Security Intelligence and Big Data Analytics

It's official, the security industry has jumped on the "big data" bandwagon with both feet. How do I know? Well, I'm participating in a panel discussion on this topic at RSA and I believe there are 2 other sessions on the topic. I guess anyone headed to San Francisco later this month should be prepared to get a big dose of big data.

Topics: IBM Data Management & Analytics Hadoop Information and Risk Management HP McAfee Security and Privacy SIEM LogRhythm ArcSight security intelligence NetFlow log management Splunk Big Data Analytics Q1 Labs RedLambda