Enterprises Must Address Internet of Identities Challenges

As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors.

Topics: Cybersecurity Internet of Things IoT Mark Bowker IAM Internet of Identities

The Cybersecurity Skills Shortage Acts as A Root Cause for Security Events

ESG recently published a new research report titled, The Life and Times of Cybersecurity Professionals, with its research partner, the Information Systems Security Association (ISSA). 

The research looks closely at the ramifications of the cybersecurity skills shortage – beyond the obvious conclusion that there are more cybersecurity jobs than people with the right skills and background to fill these jobs.

Topics: Cybersecurity cybersecurity skills shortage incident response ISSA

SOAPA Video with Arbor Networks (Part 2)

In the second part of my SOAPA video with Arabella Hallawell from Arbor Networks, we discuss:

  1. SOAPA technology integration. Arbor Networks partners with lots of network service providers, giving the company a bird’s eye view of Internet traffic. The company uses this position to monitor, collect, and curate threat intelligence through its ASERT team. As part of its network security analytics products and services, it adds CTI to give customers an understanding of malicious activities happening inside and outside of their networks. Of course, integrating internal network telemetry and CTI is one of the principles of SOAPA. 
Topics: Cybersecurity security operations cyber threat intelligence network security analytics SOAPA Arbor Networks Arabella Hallawell

Acute Cybersecurity Skills Shortage Areas

In my last blog, I reviewed some new research from ESG and the Information Systems Security Association (ISSA), revealing that 70% of cybersecurity pros say that the global cybersecurity skills shortage has impacted their organizations. Based upon this and other similar research, I’m convinced that the cybersecurity skills shortage represents an existential risk to our data, businesses, and national security.

Topics: Cybersecurity security analytics security operations cloud security application security ISSA security investigations

New Research Confirms the Cybersecurity Skills Shortage Is an Existential Threat

I’ve been writing about the cybersecurity skills shortage for 7 years, clucking like a digital "chicken little" to anyone who would listen. If you’ve followed my blogs, you probably know that ESG research from early 2017 indicated that 45% of organizations said they have a problematic shortage of cybersecurity skills. This data represents large and small organizations across all geographic regions so the cybersecurity skills shortage can be considered a pervasive global issue.

Topics: Cybersecurity cybersecurity skills shortage ISSA

SOAPA Video with Arbor Networks (Part 1)

Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc. 

Topics: Cybersecurity SIEM network security analytics network security operations SOAPA SOC Arbor Networks

Cybersecurity, Mobility, and the Expanding Perimeter (Video)

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.

Topics: Cybersecurity identity and access management Enterprise Mobility

SOAPA Video with Siemplify (Part 2)

Siemplify, like other companies I’ve interviewed, is a security operations technology company. What sets Siemplify apart, however, is the background of its founders. This team isn’t composed of serial startup technologists from Silicon Valley, but rather cybersecurity experts from Israel. In fact, Amos Stern spent a good portion of his career as a security analyst, building SOCs, and training security personnel.

Topics: Cybersecurity SIEM security operations SOAPA Siemplify security operations automation and orchestration

The Cybersecurity Skills Shortage Impacts Security Operations

According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:

  • 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
  • 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Topics: Cybersecurity SIEM incident response security operations threat hunting computer forensics

The Drivers of Change in Endpoint Security

I guess I still think like a product manager. In my last blog, the first of a few analyzing key findings from ESG’s recent endpoint security, I shared my take on the net-net design center for contemporary endpoint security solutions, one that serves two masters – efficacy and efficiency. The state of endpoint security can be characterized as one of constant change in which organizations are implementing compensating measures to improve both the efficacy and efficiency. But what factors are driving the “efficient efficacy” market requirement?

With respect to efficacy, ESG’s endpoint security research highlights that customers have experienced, and are concerned about, a diverse range of threats:

Topics: Cybersecurity endoint security