Most Recent Blogs

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Teenagers, Cloud Security, and Shared Responsibilities

Posted: June 16, 2015   /   By: Doug Cahill   /   Tags: Information Security, Security and Privacy, cloud security

cloud_securityAs my wife and I depart for an out-of-town wedding and leave our two college-bound teenagers alone at home with a set of shared responsibility instructions, we do so feeling both excited about our trip and apprehensive about the ambiguity of who will do what at home. Trust is earned, after all, and needs to be verified. Such is also the case for enterprises moving application workloads to the cloud. These teen – if not toddler – phases of cloud security can be awkward, but with real benefits, and ultimately survivable with a few cautionary tips.

Read More

Cybersecurity Views from a National Intelligence Officer

Posted: June 02, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Cybersecurity, cybercrime

connected_earthI participated in the Cyber Exchange Forum earlier today, an event sponsored by the Advanced Cyber Security Center (ACSC). The featured speaker was Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence. In this role, Sean directs the production of national intelligence estimates (for cyber-threats), leads the intelligence community (IC) in cyber analysis, and writes personal assessments about strategic developments in cyberspace.

Read More

The Highs and Lows of Cybersecurity Integration

Posted: May 29, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Cybersecurity, DHS, FIDO, DoD

digital_lockBased upon anecdotal evidence, I estimate that the average large enterprise organization uses more than 70 different security tools from an assortment of vendors. As they say in Texas, “that dog don’t hunt.” In other words, it’s nearly impossible to maintain strong security hygiene or establish best practices when the security organization is chasing cybersecurity optimization on a tool-by-tool basis.

Read More

The Cloud Computing Cybersecurity Challenge

Posted: May 07, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Cloud Computing, cloud computing security

cloud_keyA few years ago, cloud computing faced an infosec hurdle. Many CIOs appreciated the benefits of cloud computing but their concerns about cloud security outweighed all of its potential goodness. General cloud security trepidation thus precluded broader use of cloud computing. 

Fast forward to 2015 and the situation has changed. Yes, CIOs and security folks remain worried about cloud security, but business and IT benefits are so appealing that they tend to trump confidentiality, integrity, and security apprehensions. ESG research indicates that a growing number of organizations are jumping on the cloud computing bandwagon:

Read More

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Posted: March 18, 2015   /   By: Kyle Prigmore   /   Tags: Information Security, endpoint, endpoint security, IT buyers, IT Spending Intentions, skills shortage, IT purchasing, IT skills, security spending

HandsHoldingLockEndpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Read More

Information Security Predictions for 2015

Posted: February 11, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Network Security, endpoint security

I sat down with ESG Founder and Senior Analyst Steve Duplessie recently to talk about what my expectations are for the information security space in 2015.

Read More

Board-level Security Ratings Meet Threat Intelligence (BitSight Acquires AnubisNetworks)

Posted: October 21, 2014   /   By: Jon Oltsik   /   Tags: Information Security, threat intelligence, BitSight

With the recent avalanche of security breaches, including Target, Home Depot, and JP Morgan Chase, cybersecurity companies have become financial darlings from Wall Street to Sand Hill Rd.  Investors on both coasts are looking for the next major IPO or acquisition to cash in on the dangerous threat landscape.

Read More

Yet Another Proof Point for Network and Endpoint Security Integration

Posted: October 17, 2014   /   By: Jon Oltsik   /   Tags: Information Security, End-User Computing, IT Infrastructure, network, Networking, Information and Risk Management, endpoint, Security and Privacy

As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.

Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”

Read More

Enterprise Organizations Need Formal Incident Response Programs

Posted: August 13, 2014   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Data Protection, Information and Risk Management, HP, Security and Privacy, incident response, SunGard, E&Y, Booz Allen, Accenture

I spent the early part of my IT career in the storage industry, mostly with EMC Corporation. Back then, large storage subsystems were equated with IBM mainframe computers, with a heavy emphasis on the financial services market.

Read More

Posts by Topic

see all