Most Recent Blogs

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Cybersec Pros Choose Their Top Enterprise-class Cybersecurity Vendors

Posted: August 14, 2017   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Cisco, McAfee, Enterprise, Symantec, CISO

checklist.jpgBased upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:

  1. Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.
  2. Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.
  3. All organizations need help. Yes, companies are still buying new security tools, but these new products are often accompanied by professional services. Additionally, many CISOs are now looking at cybersecurity through a portfolio management lens and figuring out which areas to outsource to MSSPs and SaaS providers.
Read More

Cybersecurity Analytics and Operations Skills Shortage

Posted: August 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, CISO, security analytics, mssp, security operations, ISSA, SOC

skill-shortage-cyber.jpgIf you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Read More

Black Hat Impressions

Posted: August 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, Black Hat, CISO, home network security, SDP

many-ideas.jpgLike many others in the cybersecurity community, I attended Black Hat in Las Vegas last week. Here are my thoughts on the show:

Read More

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

Posted: July 24, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, SIEM, CISO, network security analytics, network security operations

skills-shortage.jpgI’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Read More

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

Posted: July 17, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, CISO, security operations, network security analytics, SOC

Global_Security.jpgESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Read More

CiscoLive and Cybersecurity

Posted: July 05, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, Cisco, CiscoLive, CISO

enterprise_cybersecurity.jpgI spent a few days at CiscoLive, Cisco’s annual user conference, last week in steamy Las Vegas. As a cybersecurity professional, I really filtered out a lot of other content to focus on all things infosec. Here are my observations:

Read More

Cybersecurity Skills Shortage Threatens the Mid-market

Posted: April 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, NIST, ISSA

skills-training.jpgESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Read More

Cybersecurity Remains an Elusive Business Priority

Posted: April 18, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, CISO, cloud security, cyber insurance

cyber-exec.jpgI’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern—cybersecurity is a high business and IT priority for most organizations. 

Read More

SOAPA Services Opportunities Abound

Posted: April 14, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, CISO, mssp, managed security services, SOAPA

IT_professionals.jpgSecurity operations is changing, driven by a wave of diverse data types, analytics tools, and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing, and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA.    

When speaking, or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned standalone departmental applications in favor of a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency, and profitability.

Read More

Posts by Topic

see all