Most Recent Blogs

Are Enterprise Organizations Ready to Use Free AV Software?

Posted: March 20, 2014   /   By: Jon Oltsik   /   Tags: Microsoft, Endpoint & Application Virtualization, Cisco, Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Security, Bradford Networks, Malwarebytes, Kaspersky Lab, Juniper Networks, freeware, ForeScout, Avast, trend micro, bromium, Symantec, security intelligence, Great Bay Software, antivirus, Cylance, Bit9, Anti-malware, APT

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

Read More

Has Mobile Computing Had a Positive Impact on Cybersecurity?

Posted: March 11, 2014   /   By: Jon Oltsik   /   Tags: IBM, MDM, Cisco, Information and Risk Management, Juniper, HP, mobile, Security and Privacy, Security, endpoint security, Bradford Networks, Mobile computing, Box, Dropbox, Aruba, Vormetric, ForeScout, Veracode, Great Bay Software, NAC

I’ve heard the same story from a multitude of CISOs: “As soon as we agreed to support BYOD and mobile devices, all hell broke loose!” How? All of a sudden there were hundreds or thousands of new devices accessing the corporate network. Many of these devices were employee-owned, unmanaged, and full of questionable applications. What’s more, users were now working on multiple devices and moving sensitive data between Windows PCs, iPads, Android phones, and a slew of online file sharing sites like Box, Dropbox, and iCloud. Holy threat and vulnerability, Batman!

Most enterprise organizations are now way past this early period of mobile security chaos. Yes, there are still plenty of challenges associated with mobile computing security, but did preliminary mobile computing anarchy have any positive impact on information security in the long run? In other words, did the initial mobile computing fire drills actually help CISOs recognize risks and address systemic weaknesses?

Read More

“Cold” Topics at RSA that Should Receive More Attention

Posted: February 21, 2014   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Security, cybersecurity skills shortage, google, Bradford Networks, Cybereason, LogRhythm, compliance, DHS, ForeScout, CybOX, Great Bay Software, Lancope, Edward Snowden, Facebook, FIDO

In my blog yesterday, I outlined the hot topics I anticipate at this year’s RSA Security Conference. Since the show is dominated by security vendors, the show hype will focus on products, services, and various technologies.

So what’s missing? A broader discussion on cybersecurity issues, trends, collective efforts, and best practices. Yes, these subjects will get some attention in presentations and break-out sessions but the show floor and cocktail party banter will lean toward a myopic security perspective around bits and bytes.

Read More

Enterprise Security Professionals Identify Mobile Computing Security Challenges

Posted: February 12, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, MDM, Information and Risk Management, mobile, Security and Privacy, Security, cybersecurity skills shortage, endpoint security, Citrix, CyberArk, Courion, Bradford Networks, Fiberlink, android, Good Technology, ForeScout, Airwatch, Blue Coat

Most companies now provide network access and application support for non-PC devices like smartphones and tablets and many are developing new applications and business processes designed specifically for these devices. Business managers look at iPhones, Android devices, and even Windows phones and see opportunities for revenue growth, cost cutting, and improved communication everywhere.

Read More

Enterprise Organizations Identify Incident Detection Weaknesses

Posted: December 18, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cisco, Information and Risk Management, Security and Privacy, Security, Booz Allen Hamilton, ForeScout, Guidance Software, Leidos, Blue Coat, Fidelis, LexisNexis, Bit9, CSC, Anti-malware

In the past, many large organizations spent about 70% of their security budgets on prevention and the remaining 30% on incident detection and response. Prevention is still important but given the insidious threat landscape, enterprises must assume that they will be breached. This means that they need the right processes, skills, and security analytics to detect and respond to security incidents effectively, efficiently, and in a timely manner.

Read More

The Pressing Need to Improve Endpoint Visibility for Information Security

Posted: August 13, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Security, endpoint security, big data security analytics, Bradford Networks, Mandiant, ForeScout, Guidance Software, bromium, Invincea, Great Bay Software, RSA Security

In a recent ESG research project, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to identify their organizations’ endpoint security monitoring weaknesses. Thirty percent said they were unsure about, “applications installed on each device,” 19% had difficulty monitoring “downloads/execution of suspicious code,” 12% struggled when tracking, “suspicious/malicious network activity,” and 11% had a hard time tracking “current patch levels.”

Why is it so difficult to monitor endpoint activities? An old saying comes to mind: “Water, water, everywhere but not a drop to drink.” There are records about endpoints all over the place – asset databases, CMDBs, network monitoring tools, vulnerability scanners, patch management tools, etc. – but when security analysts need up-to-the-minute information for critical remediation activities, they have to scramble around through a myriad of management systems to retrieve it.

Read More

Posts by Topic

see all