Most Recent Blogs

Enterprise Security Monitoring Weaknesses Telegraph Lots of Future Cybersecurity Opportunities

Posted: June 04, 2014   /   By: Jon Oltsik   /   Tags: Cybersecurity, Information and Risk Management, Security and Privacy, Centrify, threat intelligence, CyberArk, Courion, Sailpoint, Bradford Networks, Norse, BitSight

In a recent ESG research survey of 257 security professionals working at enterprise organizations (i.e., more than 1,000 employees), respondents were asked to identify where their organizations were weakest with regard to security monitoring. This graphic displays the results:

Read More

Enterprises Are Not Monitoring Access to Sensitive Data

Posted: May 01, 2014   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Dell, Security and Privacy, Security, google, Centrify, CyberArk, Courion, Sailpoint, data security, Quest, Box, Symantec, Target, nsa, cybercrime, identity and access management, security analytics, Edward Snowden

If you want to make a cybersecurity professional uncomfortable, simply utter these two word: ‘Data exfiltration.’ Why will this term garner an emotional response? Because data exfiltration is a worst-case outcome of a cyber-attack – think Target, the NY Times, Google Aurora, Titan Rain, etc. Simply stated, ‘data exfiltration’ is a quasi-military term used to describe the theft of sensitive data like credit card numbers, health care records, manufacturing processes, or classified military plans.

Most enterprises now recognize the risks associated with data exfiltration and are now reacting with new types of security technologies, granular network segmentation, and tighter access controls. Good start but what about simply monitoring sensitive data access activities? You know, who accesses the data, how often, what they do, etc.?

Read More

Enterprise CISO Challenges In 2014

Posted: January 10, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Security and Privacy, Security, risk management, Centrify, Malwarebytes, LogRhythm, bromium, 21CT, Leidos, RSA, Invincea, Accenture, ISC8, Blue Coat, CloudPassage, click security, Bit9, CSC, Hexis, HyTrust

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.

At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:

  1. Improve risk management. This translates into threat/vulnerability measurement, threat prevention, and ongoing communication with the business mucky mucks. The problem here is that their networks are constantly changing, scans are done on a scheduled rather than real-time basis, and the threat landscape is dangerous, sophisticated, and mysterious.
Read More

Posts by Topic

see all