Most Recent Blogs

WannaCry Makes Me Want to Cry!

Posted: May 16, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, cybercrime, AV, ransomware, wannacry

ransomware.jpgAs I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here’s my two cents:

Read More

RIP Raimund Genes, Trend Micro CTO

Posted: March 28, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, cybercrime

speaker.jpgI learned this past Saturday that my good friend and Trend Micro CTO, Raimund Genes, passed away suddenly last week. Raimund was only 54.

Read More

Remarkably, Many Organizations Still Opt for 'Good Enough' Cybersecurity

Posted: January 23, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, malware, CISO, cybercrime, ISSA

security_key.jpgLate last year, ESG published a research report titled Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that:

  • 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers.
  • 27% of organizations experienced one or several incidents of ransomware.
  • 20% of organizations experienced one or several incidents resulting in the disruption of a business application.
  • 19% of organizations experienced one or several incidents resulting in the disruption of a business process.

Read More

FireEye Myth and Reality

Posted: October 15, 2015   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, malware, cybercrime, Anti-malware

securesurfaceSome tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio, yet the company will always be linked with personal computers and its founder’s dorm room. F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company. Bit9 has established itself as a major next-generation endpoint player, yet some people can only think of its original focus on white listing.

Read More

Book Report: Future Crimes

Posted: September 23, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybercrime, cybersecurity canon

cyber_criminalFuture Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes. In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.

Read More

Incident Response: More Art than Science

Posted: August 19, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, DHS, incident response, cybercrime, NIST

08-19-15_IS_Blog_ImageFive to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs). 

Read More

Black Hat Is About Cybersecurity People and Processes

Posted: July 30, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, Black Hat, cybercrime, Black Hat 2015

Blackhat_USA_2015Over the past few years, the RSA Security Conference has become a marquee technology industry event. It has really outgrown its humble roots in cryptography and Layer 3 and 4 packet filtering – now RSA is where technology industry bigwigs meet, drink exquisite Napa Valley wine, get a broad perspective of the cybersecurity industry, and do deals.

RSA’s emergence as a “must-attend” technology industry event is a good thing on balance. For one week of the year, business, government, and technology leaders descend on San Francisco and shed a spotlight on the global state of cybersecurity. But while this attention is a good thing, RSA has evolved into a high-level affair, focusing on the “why” questions surrounding cybersecurity.

Enter Black Hat, which takes place next week in Las Vegas. Rather than concentrate further on “why” questions, Black Hat is where you go to explore “how.”

Read More

Measuring the Quality of Commercial Threat Intelligence

Posted: July 22, 2015   /   By: Jon Oltsik   /   Tags: malware, cybercrime, threat intelligence sharing

connected_earthIn my most recent blog, I described how a recently published ESG research report on threat intelligence revealed a number of issues around commercial threat intelligence quality. As part of a recent survey of cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees), ESG found that:

Read More

Cybersecurity Views from a National Intelligence Officer

Posted: June 02, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Cybersecurity, cybercrime

connected_earthI participated in the Cyber Exchange Forum earlier today, an event sponsored by the Advanced Cyber Security Center (ACSC). The featured speaker was Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence. In this role, Sean directs the production of national intelligence estimates (for cyber-threats), leads the intelligence community (IC) in cyber analysis, and writes personal assessments about strategic developments in cyberspace.

Read More

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Posted: May 27, 2014   /   By: Jon Oltsik   /   Tags: IBM, Big Data, Cisco, Information and Risk Management, FireEye, Dell, endpoint, Security and Privacy, Security, SIEM, Narus, Mandiant, Cybereason, LogRhythm, 21CT, Leidos, ISC8, Blue Coat, RSA Security, Lancope, netSkope, SDN, click security, Bit9, cybercrime, Carbon Black

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Read More

Posts by Topic

see all