Most Recent Blogs

Time to Embrace a Security Management Plane in the Cloud

Posted: September 25, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SaaS, SIEM, CISO, Security Management, software-as-a-service (SaaS), SOAPA

cloud_security_plane.jpgThere’s an old saying that change is the enemy of security. To avoid disruptive changes, many cybersecurity professionals strive for tight control of their environment and this control extends to the management of security technologies. Experienced cybersecurity professionals often opt to install management servers and software on their networks so that management and staff “owns” their technologies and can control everything they can.

Now this type of control has long been thought of as a security best practice so many CISOs continue to eschew an alternative model: a cloud-based security management control plane. 

Read More

The Problem with Collecting, Processing, and Analyzing More Security Data

Posted: September 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, TAXII, STIX, Splunk, SOAPA, CIM

GettyImages-639649350.jpgSecurity teams collect a heck of a lot of data today. ESG research indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. What types of data? The research indicates that the biggest data sources include firewall logs, log data from other types of security devices, log data from networking devices, data generated by AV tools, user activity logs, application logs, etc.

Read More

Phased Process for Cloud Security

Posted: September 19, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, cloud security, micro-segmentation

cloud_security.jpgMy colleague Doug Cahill and I have been following the development of cloud security for the past few years. What we’ve noticed is that many organizations tend to track through a pattern of actions as their organization embraces public cloud computing. The sequence goes through the following order:

  1. The pushback phase. During this period, CISOs resist cloud computing, claiming that workloads won’t be adequately protected in the public cloud. This behavior may still occur for late-comers or very conservative firms but the cloud computing ship has definitely sailed at most large enterprises. In other words, CISOs aren’t given an out clause--rather, they must figure out how to secure cloud-based workloads whether they like it or not.
Read More

Security Operations Spending and ROI

Posted: September 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

Return-on-investment.jpgESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Read More

SOAPA Chat with Vectra Networks (Video, Part 2)

Posted: September 08, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra2.jpgOld friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Read More

Cybersecurity Pros' Opinions on Their Organization’s Security Operations

Posted: September 05, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOAPA, SOC

voicing_opinions.jpgESG recently published a new research report titled, Cybersecurity Analytics and Operations in TransitionThe report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
Read More

Talking SOAPA with Vectra Networks (Video, Part 1)

Posted: August 31, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, network security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra.jpgOld friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Read More

VMware Advances Application Security

Posted: August 30, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, VMware, VMworld, NSX, application security, AppDefense

GettyImages-482835783.jpgThis week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior, and then provide a series of least privilege controls for applications and options for security incident remediation.

Now in some respects, AppDefense is a lot like application white listing/black listing, which can be very effective for limiting the attack surface but the historical problem with application controls is operational overhead. If you want to implement white listing, you have to know what workloads are running and whether they are allowed to, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior. 

Read More

Security Operations Challenges Galore

Posted: August 28, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOC

GettyImages-695971570.jpgAfter a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals (Cybersecurity Analytics and Operations in Transitionidentified some of the biggest security analytics and operations challenges. For example:

  • 30% of respondents say that their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
Read More

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Posts by Topic

see all