Cybersecurity Customer Segments in 2016

Depending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year but that’s still a lot of vendors.

Topics: Network Security Cybersecurity endpoint security enterprise security application security

Trend Micro for Enterprise Security

Ask a security professional in North America to describe Trend Micro and you will likely hear about antivirus software and a grouping of vendors that also includes McAfee and Symantec.  Funny, but you’d get a completely different answer if you asked the same question in Brazil, Germany, or Japan.  In these geographies, you’d hear about a billion dollar-plus enterprise-class security leader with a full portfolio of products, partnerships, and managed services.

Why the disconnect?  Trend is an Asian company that hasn’t pushed too hard into the North American market until recently (other than the consumer sector).  Furthermore, Trend isn’t known for guerilla marketing tactics, cybersecurity exposés, or expensive marketing campaigns at Black Hat and RSA. 

Topics: enterprise security Trend M

Big Data Security Analytics Can Become the Nexus of Information Security Integration

In a recent ESG research survey, security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked the following question: How do you believe that your organization will change its security technology strategy decisions in any of the following ways over the next 24 months in order to improve its security management? In response:

Topics: Data Management & Analytics Information and Risk Management Security and Privacy risk management incident detection and response big data security analytics enterprise security

IBM Extends Its Cybersecurity Footprint With Trusteer Acquisition

Yes, the IBM/Trusteer deal happened on 8/15 but summer activities interrupted my blogging schedule so I’m just catching up.

Rumor has it that IBM paid somewhere between $800m and $1 billion for the Israeli cybersecurity firm. That’s a lot of dollars, shekels, or any other currency but Trusteer can help IBM extend its information security shadow with:

  1. A greater presence in the financial services market. IBM is a major player in financial services with IT equipment, software, and services but is still playing catch up with CISOs in this space. With the acquisition of Trusteer, IBM grabs an established leader in web fraud detection (along with Silver Tail/RSA)and a killer installed base in the world’s largest banks. IBM will certainly use this new stature to position QRadar against ArcSight and establish a leadership position in big data security analytics. This is important since financial services firms tend to be aggressive spenders when it comes to information security.
  2. An advanced endpoint security solution. In spite of its aggressive push into security over the past few years, IBM’s participation in endpoint security has been limited to management (i.e. BigFix) and partnerships. The Trusteer acquisition gives IBM a new type of anti-malware solution that can act as an additional layer of endpoint security and can be deployed on PCs, Macs, and mobile devices. Trusteer endpoint security technology is sound but it was not big enough to push into the enterprise market to compete with Bromium, Invincea, Malwarebytes, or Sourcefire. IBM certainly has the resources to make this happen soon. Look for IBM to integrate Trusteer anti-malware capabilities with its network-based solutions (i.e., ISS) to form a comprehensive network/endpoint anti-malware architecture.
  3. Greater intelligence and cloud services. Trusteer solutions are anchored by research, intelligence, and cloud-based protection. IBM can spread these capabilities across existing resources like its xForce security research, QRadar SIEM, and various managed security services options.
  4. Mobile security solutions. Rather than develop its own MDM, IBM is pitching mobile security as part of a bigger play that includes secure application development processes, application security testing, endpoint device management, identity and access management, and network security. IBM will likely fold the Trusteer mobile risk engine, SDK, and secure browser, and out-of-band mobile authentication into its mobile enterprise security mix.
  5. A recruiting hub. IBM plans to establish a presence in Israel for cybersecurity research and development. Given the global shortage of security talent this is a very shrewd move giving IBM access to elite talent coming out of the IDF and Unit 8200.
Topics: IBM Cybersecurity Information and Risk Management Security and Privacy Security big data security analytics enterprise security ArcSight RSA Security Anti-malware Trusteer

The Enterprise Security Model Is Experiencing “Death by a Thousand Cuts”

If enterprise security were an automobile it would be a Ford Taurus circa 1995. Good car way back when and still running but burning oil, barely passing inspection, and held together by bondo today.

Topics: Network Security Cybersecurity Information and Risk Management Security and Privacy Security endpoint security enterprise security compliance CISO mssp security operations security services CISSP identity management