What Makes CISOs Successful?

The CISO role has evolved over the past few years from tactical IT manager to strategic business executive. Given this transition, what qualities are most important for making CISOs successful?

To answer this question, I went back to the data from last year’s research report from ESG and the Information Systems Security Association (ISSA). I then cut the data by respondents' role to understand what CISOs think is most important. 

Topics: Cybersecurity CISO

What I Learned at the Tufin Customer Conference (Tufinnovate)

Last week, I attended Tufin’s annual customer conference, Tufinnovate, here in Boston. If you don’t know Tufin, the company focuses on network security policy management for enterprise organizations.

Topics: Network Security Cybersecurity cloud security

Talking Cybersecurity Threat Landscape (ESG 360 Video Series)

This discussion with Doug Cahill, part of ESG's 360 Video series, covers the changing nature of cybersecurity threats across generations. As Doug makes clear, it’s not just the point and complexity of attacks that has changed, but their nature has too - both in terms of the perpetrators and their motivations. From the earliest generation of “nuisance” attacks on PCs, via application and operational disturbances as the Internet grew, and through to the systemic, malicious, and often monetarily motivated modern generation of attacks (that now includes 'crypto-jacking' and even state-sponsored actions), the threat landscape has become increasingly complex. The situation is even more challenging as the various generations and styles of threat do not supercede each other but are accretive and all continue today. This means that defense in depth and prevention are the watchwords for today; and this helps explain the rise of cybersecurity 'umbrella' platforms rather than simply an ever-increasing number of point products. It is a serious situation, but not without hope!

Topics: Cybersecurity ESG 360 Video Series

The New Endpoint Security Market: Growing in Size and Scope

Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless. First, Cylance announced a round of $120 million led by Blackstone Tactical Opportunities. Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint. 

Topics: Cybersecurity endpoint security antivirus EDR

Cisco Security Synopsis from CiscoLive

Cisco held its annual customer event this week in Orlando FLA and invited the industry analysts to attend. CEO Chuck Robbins highlighted the company’s commitment to security in his CiscoLive keynote while other executives elaborated on more security product and services details.

Topics: Cybersecurity Cisco CiscoLive

Toward Central Network Security Policy Management for Hybrid Clouds

As organizations embraced the public cloud over the past few years, security teams were on the hook to modify network security policies and implement security controls to protect cloud-based workloads. The goal was simple: Protect cloud-based workloads with network security polices and controls that were equal to or better than existing safeguards for physical and virtual servers in corporate data centers.

Topics: Network Security Cybersecurity cloud security

Talking Cloud Cybersecurity (ESG 360 Video Series)

In this discussion, part of ESG's ongoing 360 Video Series, Doug Cahill talks about not just the intricacies of cloud security – both of applications for Saas models and of infrastructure for IaaS – but also the opportunities that doing cloud security well can afford a business. It’s not simply a matter of ever more “padlocks on doors” but rather is a matter of making cloud security part of an integrated process; this is especially crucial when so many organizations are essentially [at least to some degree] software developers, using approaches such as hybrid models and containers that can potentially expand the threat landscape if not pre-handled. 

Topics: Cybersecurity Cloud Platforms & Services ESG 360 Video Series

SOAPA Video with McAfee (Part 2)

In part 2 of our SOAPA video, Jason Rolleston, Vice President of product marketing for security operations products at McAfee, and I chatted about:

  1. Security analytics and operations. Analytics and operations are foundational elements of SOAPA, so I asked Jason to tell me about McAfee’s strategy in each area. Rolleston points out that there is more security data than ever, so finding the signals within the noise is more difficult than ever. McAfee is moving beyond event correlation for security analytics, putting a lot of resources into machine learning for anomaly detection. McAfee believes it has an advantage by applying machine learning across technologies. On the operations side, McAfee wants to help analysts take more effective and efficient actions, so it is investing in automation capabilities with Investigator, Active Response, Sandboxing, etc.
Topics: Cybersecurity McAfee endpoint security SIEM DLP SOAPA

Analyst-centric Security Operations

Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.

Topics: Cybersecurity security operations SOAPA

SOAPA Video with McAfee (Part 1)

Jason Rolleston, Vice President of product marketing for security operations products at McAfee, stopped by ESG recently to participate in our SOAPA video series. I must say that this was especially good timing as Jason and I had a similar chat at the RSA Security Conference just over a month ago.

In part 1 of our video, Jason and I chew the fat about:

Topics: Cybersecurity McAfee endpoint security SOAPA