Most Recent Blogs

Phased Process for Cloud Security

Posted: September 19, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, cloud security, micro-segmentation

cloud_security.jpgMy colleague Doug Cahill and I have been following the development of cloud security for the past few years. What we’ve noticed is that many organizations tend to track through a pattern of actions as their organization embraces public cloud computing. The sequence goes through the following order:

  1. The pushback phase. During this period, CISOs resist cloud computing, claiming that workloads won’t be adequately protected in the public cloud. This behavior may still occur for late-comers or very conservative firms but the cloud computing ship has definitely sailed at most large enterprises. In other words, CISOs aren’t given an out clause--rather, they must figure out how to secure cloud-based workloads whether they like it or not.
Read More

Cybersecurity Remains an Elusive Business Priority

Posted: April 18, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, CISO, cloud security, cyber insurance

cyber-exec.jpgI’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern—cybersecurity is a high business and IT priority for most organizations. 

Read More

The New McAfee

Posted: April 07, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, McAfee, endpoint security, SIEM, cloud security

Security_Shield.jpgI’ve worked with McAfee for a long time – from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. 

Read More

Cloud Security: Still a Work in Progress

Posted: March 21, 2017   /   By: Jon Oltsik   /   Tags: Cloud Computing, Cybersecurity, CISO, cloud security

cloud_lock.jpgA few years ago, ESG (and other) research indicated that security concerns posed the biggest impediment for more pervasive use of cloud computing. What happened next? Business executives and CIOs found that cloud agility, flexibility, and potential cost savings were too good to pass up, creating a “cloud or bust” mentality. Naturally, CISOs had to do their best and go along for the ride whether they were ready or not.

So, how’s cloud security going at this point? ESG research indicates it is still a work in progress. As part of a recent survey, cybersecurity professionals were presented with a series of statements about cloud security and asked whether they agreed or disagreed with each one. Here are some of the results:

Read More

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Continued (Video)

Posted: March 10, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, rsa conference, Data Center Consolidation, cloud security

Jon and Doug.jpgIn this second of a two-part video blog series, my colleague Jon Oltsik and I discuss some of the themes and takeaways from RSA Conference 2017.

Closing the cloud security readiness gap with platforms: Many vendors at RSA were offering cloud security solutions to help organization close the gap between the use of the cloud services within their company and their readiness to secure that use. These solutions spanned the gamut of “from,” “in,” and “to” cloud security with respect to security from the cloud (i.e., security-as-a-service\SECaaS), infrastructure security (workloads, APIs), and cloud app security (i.e., CASB), respectively. Compounding the readiness gap is good old heterogeneity -- most orgs use many cloud apps and multiple IaaS providers. In fact, ESG research reveals that 75% of organizations consuming IaaS services today do so from more than one CSP. These adoption dynamics create the need for cross app and cross cloud coverage which is why major players such as Cisco, Trend Micro, and Symantec are highly focused on the breadth of their cloud security portfolios while cloud security specialists such as CloudPassage, Netskope, Illumio, vArmour, Threat Stack, and others are also helping companies close the gap with offerings that continue to offer both breadth across cloud services and depth of functionality.  

Read More

Looking Back to Look Forward on Cybersecurity

Posted: December 22, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, NIST, cloud security, ISSA

city_road.jpgBy now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Read More

High Demand Cybersecurity Skills in 2017

Posted: December 20, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, cloud security, application security, security analyst, security engineer, penetration testing

business-people.jpgAs I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!

Read More

Trend Micro’s Enterprise Play

Posted: October 31, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, trend micro, cloud security

security_key.jpgI spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers:

  • A tightly-integrated next-generation endpoint security suite. There’s a lot of industry rhetoric out there proclaiming Trend as a legacy AV vendor. Don’t believe it! Yes, Trend Micro’s endpoint security product has been around forever but the company has continuously enhanced its technology to keep up with the latest requirements. Most recently, Trend added machine learning for pre- and post-execution prevention/detection of 0-day malware which puts it on par with the next-generation endpoint security crowd. Oh, and Trend also offers its own EDR functionality as well. Armed with its new product, Trend’s layered endpoint defense should meet the security efficacy and operational efficiency requirements of even the most demanding enterprises.
Read More

VMworld: My Cybersecurity-centric Impressions

Posted: September 02, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, VMware, VMworld, cloud security

8-30-16_CL_VMworld_2016_Social_CTA.pngIn my last blog, I wrote about what I was anticipating as far as cybersecurity for VMworld. Now that I’m back from Vegas, it’s time for me to report on how reality aligned with my expectations.

  1. NSX penetration. It seems like VMware has made progress in terms of NSX market penetration over the past year. At VMworld 2015, VMware talked about around 1,000 production environments for NSX while at VMworld 2016, VMware mentioned somewhere between 1,700 to 2,000 production NSX customers. Still a small percentage of the total VMware installed base but at least 70% growth year-over-year. Yes, some of these customers are likely just getting started or are using NSX on an extremely limited basis, but I still see good progress happening as more and more organizations begin playing with and using NSX. VMware describes three primary uses for NSX:  Disaster recovery, security, and network operations automation. It is worth noting that around 60% to 70% of NSX deployment is skewed toward security use cases. 
Read More

Cybersecurity and VMworld

Posted: August 29, 2016   /   By: Jon Oltsik   /   Tags: Cloud Computing, Cybersecurity, VMware, VMworld, cloud security

Las_Vegas_Sign.jpgWith memories of Black Hat still in my head, I’m back in Las Vegas for VMworld. I’m sure there will be plenty of generic VMware and partner announcements but I’m here to assess how VMware is addressing enterprise security requirements with its technologies and partner relationships. 

Read More

Posts by Topic

see all