Big Data Security Analytics Meets Identity and Access Management (IAM)

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Topics: IBM End-User Computing Data Management & Analytics Information and Risk Management Enterprise Software Security and Privacy Security big data security analytics Courion Sailpoint compliance IAM Governance cybercrime Anti-malware

Software Defined Everything (SDM) Includes Management

I find it fascinating that when new technologies are invented that are designed to improve efficiency and drive down costs, they end up having the reverse effect – especially the more disruptive ones. Let’s take cloud computing as an example. On the one hand, it provides an enterprise this wonderful ability to offload all of the basal tasks of ordering, installing, and configuring server/storage/network stacks with virtualization and potentially guest OSs on them. This alone is non-trivial and time consuming. For some of the more advanced clouds, you can actually change the size of (virtual) memory, processor, or storage sizes on the fly! What about patching? Hot patching anyone? Automated patches and updates for the core technology such as the guest OSs? These are additional, great benefits found on some cloud providers. And this is just the easy stuff. What happens when a VM becomes a zombie? Who finds, kills, and restarts the zombie? The list goes on …

Now what happens if you realize that one cloud platform was really great for development and scale testing, but when it came to the operational standard that has come to be expected in the enterprise, it can’t be easily replicated on that provider so you decide to build and test on one cloud and deploy on another? Oh and wait … what if you also want to be able to standup just enough to get by on-premises for a last resort, disaster recovery location?

Topics: Cloud Computing cloud Private Cloud Infrastructure compliance Governance Public Cloud Service

“Cold” Topics at RSA that Should Receive More Attention

In my blog yesterday, I outlined the hot topics I anticipate at this year’s RSA Security Conference. Since the show is dominated by security vendors, the show hype will focus on products, services, and various technologies.

So what’s missing? A broader discussion on cybersecurity issues, trends, collective efforts, and best practices. Yes, these subjects will get some attention in presentations and break-out sessions but the show floor and cocktail party banter will lean toward a myopic security perspective around bits and bytes.

Topics: Information and Risk Management Security and Privacy Security cybersecurity skills shortage google Bradford Networks Cybereason LogRhythm compliance DHS ForeScout CybOX Great Bay Software Lancope Edward Snowden Facebook FIDO

The Enterprise Security Model Is Experiencing “Death by a Thousand Cuts”

If enterprise security were an automobile it would be a Ford Taurus circa 1995. Good car way back when and still running but burning oil, barely passing inspection, and held together by bondo today.

Topics: Network Security Cybersecurity Information and Risk Management Security and Privacy Security endpoint security enterprise security compliance CISO mssp security operations security services CISSP identity management

The Curse of Compliance

I used to work with a guy who was significantly overweight. I ran into him in the cafeteria one day and he mentioned that his doctor recommended that he eschew large lunches in favor of lighter foods like salads. He proceeded to the salad bar where he buried a few greens, onions, and tomatoes under a mountain of cheese, deli meats, and blue cheese dressing.

Topics: IBM Information and Risk Management Sourcefire FireEye Security and Privacy Security big data security analytics LogRhythm compliance trend micro Symantec RSA Security Solera Networks Damballa