Most Recent Blogs

Enterprise Security Monitoring Weaknesses Telegraph Lots of Future Cybersecurity Opportunities

Posted: June 04, 2014   /   By: Jon Oltsik   /   Tags: Cybersecurity, Information and Risk Management, Security and Privacy, Centrify, threat intelligence, CyberArk, Courion, Sailpoint, Bradford Networks, Norse, BitSight

In a recent ESG research survey of 257 security professionals working at enterprise organizations (i.e., more than 1,000 employees), respondents were asked to identify where their organizations were weakest with regard to security monitoring. This graphic displays the results:

Read More

Big Data Security Analytics Meets Identity and Access Management (IAM)

Posted: May 19, 2014   /   By: Jon Oltsik   /   Tags: IBM, End-User Computing, Data Management & Analytics, Information and Risk Management, Enterprise Software, Security and Privacy, Security, big data security analytics, Courion, Sailpoint, compliance, IAM, Governance, cybercrime, Anti-malware

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Read More

Enterprises Are Not Monitoring Access to Sensitive Data

Posted: May 01, 2014   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Dell, Security and Privacy, Security, google, Centrify, CyberArk, Courion, Sailpoint, data security, Quest, Box, Symantec, Target, nsa, cybercrime, identity and access management, security analytics, Edward Snowden

If you want to make a cybersecurity professional uncomfortable, simply utter these two word: ‘Data exfiltration.’ Why will this term garner an emotional response? Because data exfiltration is a worst-case outcome of a cyber-attack – think Target, the NY Times, Google Aurora, Titan Rain, etc. Simply stated, ‘data exfiltration’ is a quasi-military term used to describe the theft of sensitive data like credit card numbers, health care records, manufacturing processes, or classified military plans.

Most enterprises now recognize the risks associated with data exfiltration and are now reacting with new types of security technologies, granular network segmentation, and tighter access controls. Good start but what about simply monitoring sensitive data access activities? You know, who accesses the data, how often, what they do, etc.?

Read More

Enterprise Security Professionals Identify Mobile Computing Security Challenges

Posted: February 12, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, MDM, Information and Risk Management, mobile, Security and Privacy, Security, cybersecurity skills shortage, endpoint security, Citrix, CyberArk, Courion, Bradford Networks, Fiberlink, android, Good Technology, ForeScout, Airwatch, Blue Coat

Most companies now provide network access and application support for non-PC devices like smartphones and tablets and many are developing new applications and business processes designed specifically for these devices. Business managers look at iPhones, Android devices, and even Windows phones and see opportunities for revenue growth, cost cutting, and improved communication everywhere.

Read More

Posts by Topic

see all