Leading Enterprise Organizations Have Established a Dedicated Network Security Group

When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn’t dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.

This “us-and-them” mentality appears to be legacy behavior. According to ESG research on network security trends, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security. Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

Topics: IBM Network Security Check Point Palo Alto Networks Fortinet Cisco IT Infrastructure Networking Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy Security

Anticipating Black Hat

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.

Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:

  • Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations.
  • The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
  • Threat intelligence. All of the leading infosec vendors (i.e., Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot, etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse.
  • Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e., 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics.
Topics: IBM Check Point Palo Alto Networks Fortinet Cisco Data Management & Analytics Information and Risk Management Juniper HP McAfee Enterprise Software Security and Privacy Crowdstrike Lockheed Martin Black Hat trend micro RiskIQ 21CT Leidos Norse CybOX BitSight Symantec RSA TAXII ISC8 Blue Coat STIX Webroot

The Emerging Cybersecurity Software Architecture

It’s been a busy week for the information cybersecurity industry. FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio. IBM chimed in with a new Threat Prevention System that includes an endpoint security client, threat intelligence feeds, and integration with its network security, and analytics platforms. Finally, Symantec unveiled its Advanced Threat Protection strategy that combines existing products, future deliverables, and services.

It’s no coincidence that these three infosec security leaders are moving in this direction as the whole industry is on the same path. I’ve written about this trend a few times. I wrote a security-vendors-are-racing-toward-a-new-anti-malware-technology-model/index.html" target="_blank">blog about the integrated anti-malware technology model in March, and this the-new-cybersecurity-technology-reality-the-whole-is-greater-than-the-sum-of-its-parts/index.html">one in April about the new cybersecurity technology reality. Other vendors such as Blue Coat, Cisco, McAfee, Palo Alto Networks, and Trend Micro are also on board.

Topics: IBM Microsoft Check Point Palo Alto Networks Cisco Information and Risk Management FireEye HP McAfee Oracle Security and Privacy Security Apache SIEM Mitre Kaspersky ERP Raytheon Proofpoint Lockheed IDS E&Y Leidos Booz Allen Accenture Blue Coat AV CSC Anti-malware

Managing IT Risk Associated with Mobile Computing Security

When BYOD was coming to fruition a few years ago, it had a sudden and deep impact on IT risk. Why? Many CISOs I spoke with at the time said it was purely a matter of scale. All of a sudden, large enterprises had thousands of additional devices on their networks and they struggled to figure out what these devices were doing and how these activities impacted organizational risk.

Topics: IBM End-User Computing Check Point Fortinet Cisco Information and Risk Management mobile Security and Privacy Security BYOD Citrix data security Fiberlink android Dropbox Good Technology Airwatch Blue Coat CISO Bit9 Anti-malware Facebook

Hot Topics at the RSA Conference

It’s the calm before the storm and I’m not talking about the unusual winter weather. Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.

In spite of this year’s controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year. Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees.

Topics: Cloud Computing Check Point Fortinet Cisco Networking Information and Risk Management FireEye mobile Security and Privacy endpoint security SIEM Cybereason Good Technology bromium 21CT CloudPassage Firewall Cylance click security Bit9 Carbon Black IDS/IPS Firewall & UTM Hexis Cyber Solutions Public Cloud Service

New Year’s Forecast for the Information Security Industry: Part 1

I hope my cybersecurity colleagues enjoyed their holiday these past few weeks. It was surely well deserved as the year 2013 will be remembered as a whirlwind of activity featuring successful IPOs and scary security incidents. Given this, it’s likely that security professionals spent the last few weeks with one eye on family and holidays and another on emerging details about the massive breach at Target.

So what’s in store for the information security industry in 2014? On the surface, it should be a happy new year across the board for security technology vendors, MSSPs, and professional service firms. That said, there is a lot of work ahead as enterprise organizations figure out how to transform an army of point tools and manual processes into a cohesive security strategy.

Topics: IBM Apple Network Security Cybersecurity Check Point Fortinet Cisco Information and Risk Management FireEye HP Dell McAfee Security and Privacy Security Juniper Networks Lockheed Martin E&Y Leidos Booz Allen Accenture Blue Coat ARM CSC Intel NIST

Addressing advanced malware in 2014

In the cybersecurity annals of the future, 2013 may be remembered as the year of advanced malware. Yes, I know that malware is nothing new and the term “advanced” is more hype than reality as a lot of attacks have involved little more than social engineering and off-the-shelf exploits. That said, I think it’s safe to say that this is the year that the world really woke up to malware dangers (advanced or not) and is finally willing to address this risk.

So how will enterprise organizations (i.e., more than 1,000 employees) change their security strategies over the next year to mitigate the risks associated with advanced malware threats? According to ESG research:

  • 51% of enterprise organizations say they will add a new layer of endpoint software to protect against zero day and other types of advanced malware. Good opportunity for Kaspersky, McAfee, Sophos, Symantec, and Trend Micro to talk to customers about innovation and new products but the old guard has to move quickly to prevent an incursion by new players like Bit9, Bromium, Invincea, and Malwarebytes. The network crowd (i.e., Cisco, Check Point, FireEye, Fortinet, and Palo Alto Networks, etc.) may also throw a curveball at endpoint security vendors as well. For example, Cisco (Sourcefire) is already selling an endpoint/network anti-malware solution with a combination of FireAMP and FirePOWER.
  • 49% of enterprise organizations say they will collect and analyze more security data, thus my prediction for an active year in the big data security analytics market – good news for LogRhythm and Splunk. Still, there is a lot of work to be done on the supply and demand side for this to really come to fruition.
  • 44% of enterprise organizations say they will automate more security operations tasks. Good idea since current manual security processes and informal relationship between security and IT operations is killing the effectiveness and pace of security remediation. Again, this won’t be easy as there is a cultural barrier to overcome but proactive organizations are already moving in this direction. If you are interested in this area, I suggest you have a look at Hexis Cyber Solutions’ product Hawkeye G. Forward thinking remediation stuff here.
  • 41% of enterprise organizations say they will design and build a more integrated information security architecture. In other words, they will start replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement. Good idea, CISOs should create a 3-5 year plan for this transition. A number of vendors including HP, IBM, McAfee, RSA Security, and Trend Micro are designing products in this direction with the enterprise in mind.
Topics: IBM Check Point Palo Alto Networks Fortinet Cisco IT Infrastructure Information and Risk Management Sourcefire FireEye HP McAfee Security and Privacy Security endpoint security Kaspersky LogRhythm trend micro bromium Symantec Invincea antivirus RSA Security Sophos Bit9 Anti-malware Hexis Splunk

The Keys to Big Data Security Analytics Solutions: Algorithms, Visualization, Context, and Automation (AVCA)

ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).

So enterprises will likely move to some type of big data security analytics product or solution over the next few years. That said, many CISOs I speak with remain confused about this burgeoning category and need help cutting through the hype.

Topics: IBM Check Point Palo Alto Networks Cisco Hadoop Information and Risk Management HP McAfee Security and Privacy Security big data security analytics SIEM Narus LogRhythm 21CT RSA Security SilverTail LexisNexis Solera Networks Lancope click security Hexis Cyber Solutions Splunk

Which Security Vendors Have an Advantage with Integrated Network and Host-based Security?

Suppose that President Obama scheduled a visit to New York for an event in Time Square. Now what if the Secret Service deployed two teams responsible for security; one to secure the Avenues running north and south (i.e. Broadway, 7th Ave., etc.), and another to do the same for the streets running east and west (i.e., 49th St., 48th St., etc.)? Further, what if these teams operated independently with little coordination and communications and different chains of command?

Topics: IBM Network Security Check Point Cisco Information and Risk Management Sourcefire FireEye HP McAfee Security and Privacy Security endpoint security Guidance Software trend micro Symantec Blue Coat antivirus Anti-malware APT

Network Security Trumps Server Security in the Enterprise (Part 2)

I posted a blog at the end of March describing the fact that network-security-trumps-server-security-in-the-enterprise/index.html" target="_blank">network security processes, skills, and technical controls are often more thorough than server security processes, skills, and technical controls at enterprise organizations. As a review, recent ESG research revealed that:

Topics: Information Security IBM Check Point Palo Alto Networks Cisco network Information and Risk Management Sourcefire HP McAfee Security and Privacy Security IDS Juniper Networks Firewall SDN IDS/IPS