Most Recent Blogs

WannaCry Makes Me Want to Cry!

Posted: May 16, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, cybercrime, AV, ransomware, wannacry

ransomware.jpgAs I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here’s my two cents:

Read More

Cybersecurity Remains an Elusive Business Priority

Posted: April 18, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, CISO, cloud security, cyber insurance

cyber-exec.jpgI’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern—cybersecurity is a high business and IT priority for most organizations. 

Read More

The New McAfee

Posted: April 07, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, McAfee, endpoint security, SIEM, cloud security

Security_Shield.jpgI’ve worked with McAfee for a long time – from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. 

Read More

RIP Raimund Genes, Trend Micro CTO

Posted: March 28, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, cybercrime

speaker.jpgI learned this past Saturday that my good friend and Trend Micro CTO, Raimund Genes, passed away suddenly last week. Raimund was only 54.

Read More

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

Posted: March 03, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, endpoint security, rsa conference, security analytics, SOAPA, security operations and analytic platform

Jon and Doug.jpgRSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Read More

In and Around the 2017 RSA Conference

Posted: February 15, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, security analytics, security operations, SOAPA

ASan_Francisco_Cable_Car.jpgs you may have guessed from my blogs, I was really excited about this year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. 

Yup, I was all set to head to San Francisco at the end of last week when fate and personal issues jumped in. Alas, I had to cancel my plans.    

Despite my geographic separation, I continue to monitor RSA from afar. Here are a few stories that jumped out at me as of now:

Read More

RSA Conference Topic: Endpoint Security

Posted: January 31, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security

endpoint_security.jpgAs the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! 

So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan on writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security.

To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.

Read More

Endpoint Security in 2017

Posted: January 17, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, antivirus, Anti-malware


network_connectivity.jpgJust a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. 

Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.

Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. 

Read More

Looking Back to Look Forward on Cybersecurity

Posted: December 22, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, NIST, cloud security, ISSA

city_road.jpgBy now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Read More

Goodbye SIEM, Hello SOAPA

Posted: November 29, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, SIEM, antivirus, security analytics

Hello_goodbye.jpegSecurity information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. 

Read More

Posts by Topic

see all