Most Recent Blogs

Splunk on SOAPA (Part 2)

Posted: June 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, incident response, SOAPA

Splunk_SOAPA.jpgRecently, I had the pleasure of interviewing Haiyan Song, EVP of security at Splunk, about all things SOAPA. In part 2 of our video series, Haiyan aptly summarizes the current state of cybersecurity by declaring that “security is a team sport.” In other words, it takes cooperation amongst vendors, products, and infosec analysts to succeed. 

To that end, this video discussion highlights things like:

  • Splunk’s Adaptive Response. This is a Splunk customer-driven initiative which Haiyan describes as embodying the spirit of SOAPA. In essence, Adaptive Response unifies security analytics and controls and lets customers make and change enforcement decisions based upon security analytics insights rather than gut feelings or traditional security methodologies.
Read More

Splunk on SOAPA (part 1)

Posted: May 22, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, incident response, Splunk, SOAPA

Splunk_SOAPA.jpgI’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

Read More

Thoughts on Incident Response Automation and Orchestration

Posted: January 12, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response

manual-response.jpgJust this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me:

Read More

Incident Response Automation and Orchestration

Posted: September 29, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response, incident response automation and orchestration

Incident response processes can be challenging when organizations struggle to keep up with unprecedented volumes of security alerts. What’s needed? IR automation and orchestration. See my blog video below for more. 

Read More

Keeping Up with Incident Response

Posted: September 22, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response

Firefighter.jpegA fire department in a large city certainly has a difficult job but its mission is fairly straightforward. When a fire is detected, the fire department dispatches an appropriately sized staff to assess, contain, and put out the fire, clean up, investigate what happened, and prepare themselves for the next blaze.

Yup, a pretty simple process when a manageable number of fires are burning but what would happen if there were hundreds or thousands of simultaneous infernos? My guess is that a senior fire chief (and perhaps other participants from local government and law enforcement) would have to make decisions on which blazes to resource and which to ignore. These decisions would certainly be based upon information analysis and best practices but there is still some risk that the disregarded fires would end up being far worse than expected, turn into disasters, and call into question the judgement of all involved.

Read More

An Abundance of Incident Response Bottlenecks

Posted: March 14, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, malware, incident response

Manual processes represent a major incident response bottleneck at enterprise organizations. I'd like to share a few alarming data points from some recent ESG research:

Read More

Henry Ford and Incident Response

Posted: February 12, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response, NIST

incident responseIn the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. 

Read More

Cybersecurity Industry News, 2/2016

Posted: February 04, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, threat intelligence, incident response, ICOPs

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:

Read More

The Endpoint Security Continuum

Posted: February 01, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, incident response

endpoint security researchMy colleague Doug Cahill and I are knee deep into a research project on next-generation endpoint security. As part of this project we are relying on real-world experience, so we’ve interviewed dozens of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) who have already deployed new types of endpoint security software.

Read More

Time to Consider User Behavior Analytics (UBA)

Posted: January 25, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response, UBA

user behavior analyticsIn 2012, I did an extension research project on big data security analytics. My thesis was that big data tools like Hadoop, Mahout, MapReduce, and Pig would greatly enhance in-depth historical cybersecurity investigations beyond anything provided by SIEM tools. In retrospect I believe my assumptions were correct but the market remains in an early stage of development even today. 

Read More

Posts by Topic

see all