Most Recent Blogs

Enterprise CISO Challenges In 2014

Posted: January 10, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Security and Privacy, Security, risk management, Centrify, Malwarebytes, LogRhythm, bromium, 21CT, Leidos, RSA, Invincea, Accenture, ISC8, Blue Coat, CloudPassage, click security, Bit9, CSC, Hexis, HyTrust

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.

At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:

  1. Improve risk management. This translates into threat/vulnerability measurement, threat prevention, and ongoing communication with the business mucky mucks. The problem here is that their networks are constantly changing, scans are done on a scheduled rather than real-time basis, and the threat landscape is dangerous, sophisticated, and mysterious.
Read More

Addressing advanced malware in 2014

Posted: December 16, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Information and Risk Management, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, Kaspersky, LogRhythm, trend micro, bromium, Symantec, Invincea, antivirus, RSA Security, Sophos, Bit9, Anti-malware, Hexis, Splunk

In the cybersecurity annals of the future, 2013 may be remembered as the year of advanced malware. Yes, I know that malware is nothing new and the term “advanced” is more hype than reality as a lot of attacks have involved little more than social engineering and off-the-shelf exploits. That said, I think it’s safe to say that this is the year that the world really woke up to malware dangers (advanced or not) and is finally willing to address this risk.

So how will enterprise organizations (i.e., more than 1,000 employees) change their security strategies over the next year to mitigate the risks associated with advanced malware threats? According to ESG research:

  • 51% of enterprise organizations say they will add a new layer of endpoint software to protect against zero day and other types of advanced malware. Good opportunity for Kaspersky, McAfee, Sophos, Symantec, and Trend Micro to talk to customers about innovation and new products but the old guard has to move quickly to prevent an incursion by new players like Bit9, Bromium, Invincea, and Malwarebytes. The network crowd (i.e., Cisco, Check Point, FireEye, Fortinet, and Palo Alto Networks, etc.) may also throw a curveball at endpoint security vendors as well. For example, Cisco (Sourcefire) is already selling an endpoint/network anti-malware solution with a combination of FireAMP and FirePOWER.
  • 49% of enterprise organizations say they will collect and analyze more security data, thus my prediction for an active year in the big data security analytics market – good news for LogRhythm and Splunk. Still, there is a lot of work to be done on the supply and demand side for this to really come to fruition.
  • 44% of enterprise organizations say they will automate more security operations tasks. Good idea since current manual security processes and informal relationship between security and IT operations is killing the effectiveness and pace of security remediation. Again, this won’t be easy as there is a cultural barrier to overcome but proactive organizations are already moving in this direction. If you are interested in this area, I suggest you have a look at Hexis Cyber Solutions’ product Hawkeye G. Forward thinking remediation stuff here.
  • 41% of enterprise organizations say they will design and build a more integrated information security architecture. In other words, they will start replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement. Good idea, CISOs should create a 3-5 year plan for this transition. A number of vendors including HP, IBM, McAfee, RSA Security, and Trend Micro are designing products in this direction with the enterprise in mind.
Read More

Strong opportunities and some challenges for big data security analytics in 2014

Posted: December 13, 2013   /   By: Jon Oltsik   /   Tags: IBM, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Raytheon, Narus, 21CT, Leidos, Booz Allen, RSA, Cassandra, netSkope, click security, Anti-malware, Hexis

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March.

Read More

It Could Be a Very Happy New Year for FireEye

Posted: December 11, 2013   /   By: Jon Oltsik   /   Tags: Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, Sourcefire, FireEye, Security and Privacy, LogRhythm, trend micro, Blue Coat, Firewall, Anti-malware, APT, Hexis

Ah, December. Time to reflect on the past year and look ahead to 2014. In retrospect, 2013 was a banner year for the security industry as the world finally woke up to the very real perils of cybersecurity. Of all the many events of this year, however, FireEye’s IPO may have trumped them all. As I write this blog on December 11, 2013, FireEye’s market cap is just north of $4.5 billion. Wow!

Yup, Wall Street loves a hot market and a timely IPO – check and check for FireEye. Okay but when the New Year’s Eve champagne turns into the New Year’s Day hangover, what’s in store for FireEye in 2014?

Read More

Posts by Topic

see all