The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Topics: IBM Palo Alto Networks Fortinet Cisco Information and Risk Management FireEye McAfee Security and Privacy Security risk management endpoint security Proofpoint incident detection incident response Blue Coat RSA Security Anti-malware incident prevention APT

Real-Time Big Data Security Analytics for Incident Detection

I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so they will likely focus on real-time big data analytics investments in 2014.

What do I mean by real-time big data security analytics? Think stream processing of data packets, network flows, and metadata looking for anomalous/suspicious network activities that provides strong indication of a security incident in progress. A multitude of vendors including ISC8, 21CT, Click Security, Hexis Cyber Solutions, IBM, Lancope, LogRhythm, Netskope, RSA Security, SAIC, and Solera Networks (and others) play in this space.

Topics: IBM Information and Risk Management Security and Privacy Security big data security analytics SIEM LogRhythm incident detection 21CT ISC8 CISO NetFlow Lancope netSkope click security Hexis Cyber Solutions

Why Blue Coat Acquired Solera Networks

A few weeks ago, Blue Coat Systems acquired Solera Networks. No one was surprised about the acquisition of Solera as it plays in the white hot big data security analytics market. That said, many people remain perplexed by the acquiring company. Several dozen reporters, vendors, and end-users have already posed a common question to me: Why Blue Coat?

Topics: Information and Risk Management Security and Privacy risk management incident detection

First Impressions of the RSA Conference 2013

After much anticipation, the 2013 RSA Conference has come and gone. I have a number of topics to blog about starting with my positive impressions of the show:

Topics: IBM Check Point Fortinet Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security LogRhythm incident detection Guidance Software trend micro incident response RSA Security Anti-malware Damballa Splunk

The Information Security 80/20 Rule

Over the past few months, I've been engaged in a research project on enterprise security management and operations. As part of some quantitative research, ESG created a segmentation model that divided survey respondent organizations into three sub-segments. The segmentation model broke down as follows:

Topics: Information and Risk Management Security and Privacy risk management SIEM incident detection incident response log management Security Management security analytics APT security operations