Cybersecurity Technology: Everything is Transforming and in Play

As Bob Dylan sang, ‘the times they are a changing.’ This is certainly true when it comes to security technologies – just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:

  • Endpoint security is evolving from signature-based AV to next-generation endpoint security suites. ESG views endpoint security as a continuum with prevention on one side and detection/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles – Cylance jumped into threat prevention with solutions based upon artificial intelligence while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection/response with EDR tools. The most recent battle is for the whole enchilada – comprehensive endpoint security suites that span across ESG’s endpoint security continuum. While startups continue to act as new shiny objects, old guard players like McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention/detection/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings. 
Topics: Cybersecurity SIEM antivirus Firewall SOAPA

Are Next-generation Firewalls Legacy Technology?

A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigm – everyone needed, or at least wanted, an NGFW at the perimeter or within the internal network.

Topics: Network Security Cybersecurity Firewall SDP

Advanced Evasion Techniques: Dirty, Little, Secret Weapons.

Many organizations are so intent on identifying new malware that they are failing to address or in some cases even recognize advanced evasion techniques (AETs) that can enable malware to circumvent their security defenses. AETs pose a great threat because most security solutions can’t detect, much less stop them. Security professionals and executive managers need to wake up to this real and growing threat.

Advanced persistent threats (APTs) have been a huge focus in network security discussions over the past few years with good reason. Numerous organizations are implementing new solutions to protect themselves from this determined type of malware. Even so, cyber criminals have been penetrating the network defenses of even the most robust security infrastructures, including some very high-profile enterprises.

Topics: Information and Risk Management McAfee Security and Privacy malware Firewall ESG Lab

Hot Topics at the RSA Conference

It’s the calm before the storm and I’m not talking about the unusual winter weather. Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.

In spite of this year’s controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year. Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees.

Topics: Cloud Computing Check Point Fortinet Cisco Networking Information and Risk Management FireEye mobile Security and Privacy endpoint security SIEM Cybereason Good Technology bromium 21CT CloudPassage Firewall Cylance click security Bit9 Carbon Black IDS/IPS Firewall & UTM Hexis Cyber Solutions Public Cloud Service

It Could Be a Very Happy New Year for FireEye

Ah, December. Time to reflect on the past year and look ahead to 2014. In retrospect, 2013 was a banner year for the security industry as the world finally woke up to the very real perils of cybersecurity. Of all the many events of this year, however, FireEye’s IPO may have trumped them all. As I write this blog on December 11, 2013, FireEye’s market cap is just north of $4.5 billion. Wow!

Yup, Wall Street loves a hot market and a timely IPO – check and check for FireEye. Okay but when the New Year’s Eve champagne turns into the New Year’s Day hangover, what’s in store for FireEye in 2014?

Topics: Palo Alto Networks Fortinet Cisco Information and Risk Management Sourcefire FireEye Security and Privacy LogRhythm trend micro Blue Coat Firewall Anti-malware APT Hexis

Network Security Trumps Server Security in the Enterprise (Part 2)

I posted a blog at the end of March describing the fact that network-security-trumps-server-security-in-the-enterprise/index.html" target="_blank">network security processes, skills, and technical controls are often more thorough than server security processes, skills, and technical controls at enterprise organizations. As a review, recent ESG research revealed that:

Topics: Information Security IBM Check Point Palo Alto Networks Cisco network Information and Risk Management Sourcefire HP McAfee Security and Privacy Security IDS Juniper Networks Firewall SDN IDS/IPS

Network Security Trumps Server Security in the Enterprise

There is a historical conundrum in cybersecurity about where to concentrate security skills, controls, and oversight. Hackers penetrate networks in order to compromise hosts and steal data. Given this obvious workflow, should CISOs focus security resources on networks, hosts, or a balanced combination of both?

Topics: Network Security Check Point Palo Alto Networks Fortinet Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security antivirus Firewall Bit9 Firewall & UTM Server Virtualization

Software-defined Security?

Security continues to be a major hurdle for server virtualization and cloud computing so we are likely to hear a lot of cybersecurity buzz coming out of VMworld this week.

Topics: Cloud Computing Check Point Cisco VMware Private Cloud Infrastructure Networking Information and Risk Management Security and Privacy Amazon google VMworld Juniper Networks Firewall SDN Nicira OpenFlow crossbeam systems Public Cloud Service

My Take On The Security IPOs: Infoblox, Palo Alto Networks, and Splunk

Splunk (SPLK) went public this week and both Infoblox and Palo Alto Networks will soon follow. This could be the start of a security IPO run moving forward. Why? Status quo security defenses aren't working so there is a burgeoning market for next-generation security technologies. This market opportunity has driven M&A activities for years but we've recently seen far broader interest in security. HP grabbed ArcSight and started a security business unit. IBM acquired Q1 Labs and did the same. Dell purchased SecureWorks and SonicWall. Investment is pouring into the security sector driving innovation and a present and future wave of IPOs.

Topics: IBM Microsoft Check Point Palo Alto Networks Cisco Information and Risk Management Juniper Sourcefire Dell McAfee Security and Privacy SIEM ArcSight RSA saic IPO Firewall Splunk Q1 Labs SecureWorks SonicWall Windows

RSA Conference 2012 Observations Part II

I missed the keynotes at RSA as I was buried with wall-to-wall meetings from the time I arrived on Monday through Thursday evening. Nevertheless, I had a chance to speak with a lot of security industry insiders and IT security professionals during my time at RSA. Building on my previous blog, here are a few additional take-aways:

Topics: IBM Check Point Palo Alto Networks Fortinet Cisco Information and Risk Management Sourcefire McAfee Security and Privacy Juniper Networks trend micro Symantec F5 Firewall Anti-malware crossbeam systems security skills SonicWall