Most Recent Blogs

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

Posted: July 17, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, CISO, security operations, network security analytics, SOC

Global_Security.jpgESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Read More

My Take-aways from Splunk Conf 2015

Posted: September 25, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, Splunk

Vegas_signWhen I first became familiar with Splunk years ago, I thought of it as a freeware log management tool for inquisitive security analysts. Useful for general purposes, but I didn’t see it as a true enterprise security management system, a category defined by vendors like ArcSight, Intellitactics, and Network Intelligence at that time. 

Read More

Enterprises Are Analyzing Lots of Internal Cybersecurity Data

Posted: August 13, 2015   /   By: Jon Oltsik   /   Tags: Big Data, Cybersecurity, big data security analytics

lots-of-dataThe cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years, but is this actually a reality or nothing more than marketing hype? The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, only reinforces my belief that big data security is tangible today, and enterprises will only double down in the future.

Read More

Toward Omniscient Cybersecurity Systems

Posted: May 19, 2015   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, big data security analytics, Security Management, security operations

security-systemCybersecurity systems suffer from compartmentalization. Vulnerability management systems know which software revisions are installed on which systems, but have no idea how endpoints and servers are connected together. Similarly, an anti-malware gateway can perform static and dynamic analysis on a suspicious file but doesn’t know if a user downloaded analogous malware when she was connected to the Internet on a public network. 

Read More

Big Data Security Analytics Can Become the Nexus of Information Security Integration

Posted: June 10, 2014   /   By: Jon Oltsik   /   Tags: Data Management & Analytics, Information and Risk Management, Security and Privacy, risk management, incident detection and response, big data security analytics, enterprise security

In a recent ESG research survey, security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked the following question: How do you believe that your organization will change its security technology strategy decisions in any of the following ways over the next 24 months in order to improve its security management? In response:

Read More

Big Data Security Analytics Meets Identity and Access Management (IAM)

Posted: May 19, 2014   /   By: Jon Oltsik   /   Tags: IBM, End-User Computing, Data Management & Analytics, Information and Risk Management, Enterprise Software, Security and Privacy, Security, big data security analytics, Courion, Sailpoint, compliance, IAM, Governance, cybercrime, Anti-malware

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Read More

Strong opportunities and some challenges for big data security analytics in 2014

Posted: December 13, 2013   /   By: Jon Oltsik   /   Tags: IBM, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Raytheon, Narus, 21CT, Leidos, Booz Allen, RSA, Cassandra, netSkope, click security, Anti-malware, Hexis

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March.

Read More

Real-Time Big Data Security Analytics for Incident Detection

Posted: December 09, 2013   /   By: Jon Oltsik   /   Tags: IBM, Information and Risk Management, Security and Privacy, Security, big data security analytics, SIEM, LogRhythm, incident detection, 21CT, ISC8, CISO, NetFlow, Lancope, netSkope, click security, Hexis Cyber Solutions

I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so they will likely focus on real-time big data analytics investments in 2014.

What do I mean by real-time big data security analytics? Think stream processing of data packets, network flows, and metadata looking for anomalous/suspicious network activities that provides strong indication of a security incident in progress. A multitude of vendors including ISC8, 21CT, Click Security, Hexis Cyber Solutions, IBM, Lancope, LogRhythm, Netskope, RSA Security, SAIC, and Solera Networks (and others) play in this space.

Read More

The Keys to Big Data Security Analytics Solutions: Algorithms, Visualization, Context, and Automation (AVCA)

Posted: October 15, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Cisco, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Narus, LogRhythm, 21CT, RSA Security, SilverTail, LexisNexis, Solera Networks, Lancope, click security, Hexis Cyber Solutions, Splunk

ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).

So enterprises will likely move to some type of big data security analytics product or solution over the next few years. That said, many CISOs I speak with remain confused about this burgeoning category and need help cutting through the hype.

Read More

It Takes a Village: The Splunk User Conference 2013

Posted: October 04, 2013   /   By: Jon Oltsik   /   Tags: IBM, Apple, Information and Risk Management, Security and Privacy, Security, big data security analytics, SIEM, security intelligence, log management, F5, Security Management, Splunk

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Read More

Posts by Topic

see all