What is an Enterprise-class Cybersecurity Vendor?

On Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Topics: Information Security IBM Cybersecurity Cisco McAfee Symantec CISO NIST ISSA

Teenagers, Cloud Security, and Shared Responsibilities

As my wife and I depart for an out-of-town wedding and leave our two college-bound teenagers alone at home with a set of shared responsibility instructions, we do so feeling both excited about our trip and apprehensive about the ambiguity of who will do what at home. Trust is earned, after all, and needs to be verified. Such is also the case for enterprises moving application workloads to the cloud. These teen – if not toddler – phases of cloud security can be awkward, but with real benefits, and ultimately survivable with a few cautionary tips.

Topics: Information Security Security and Privacy cloud security

Cybersecurity Views from a National Intelligence Officer

I participated in the Cyber Exchange Forum earlier today, an event sponsored by the Advanced Cyber Security Center (ACSC). The featured speaker was Sean Kanuck, National Intelligence Officer for Cyber Issues, Office of the Director of National Intelligence. In this role, Sean directs the production of national intelligence estimates (for cyber-threats), leads the intelligence community (IC) in cyber analysis, and writes personal assessments about strategic developments in cyberspace.

Topics: Information Security Cybersecurity cybercrime

The Highs and Lows of Cybersecurity Integration

Based upon anecdotal evidence, I estimate that the average large enterprise organization uses more than 70 different security tools from an assortment of vendors. As they say in Texas, “that dog don’t hunt.” In other words, it’s nearly impossible to maintain strong security hygiene or establish best practices when the security organization is chasing cybersecurity optimization on a tool-by-tool basis.

Topics: Information Security Cybersecurity DHS FIDO DoD

The Cloud Computing Cybersecurity Challenge

A few years ago, cloud computing faced an infosec hurdle. Many CIOs appreciated the benefits of cloud computing but their concerns about cloud security outweighed all of its potential goodness. General cloud security trepidation thus precluded broader use of cloud computing. 

Fast forward to 2015 and the situation has changed. Yes, CIOs and security folks remain worried about cloud security, but business and IT benefits are so appealing that they tend to trump confidentiality, integrity, and security apprehensions. ESG research indicates that a growing number of organizations are jumping on the cloud computing bandwagon:

Topics: Information Security Cloud Computing

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Information Security endpoint endpoint security IT buyers IT Spending Intentions skills shortage IT purchasing IT skills security spending

Information Security Predictions for 2015

I sat down with ESG Founder and Senior Analyst Steve Duplessie recently to talk about what my expectations are for the information security space in 2015.

Topics: Information Security Network Security endpoint security

Board-level Security Ratings Meet Threat Intelligence (BitSight Acquires AnubisNetworks)

With the recent avalanche of security breaches, including Target, Home Depot, and JP Morgan Chase, cybersecurity companies have become financial darlings from Wall Street to Sand Hill Rd.  Investors on both coasts are looking for the next major IPO or acquisition to cash in on the dangerous threat landscape.

Topics: Information Security threat intelligence BitSight

Yet Another Proof Point for Network and Endpoint Security Integration

As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.

Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”

Topics: Information Security End-User Computing IT Infrastructure network Networking Information and Risk Management endpoint Security and Privacy

Enterprise Organizations Need Formal Incident Response Programs

I spent the early part of my IT career in the storage industry, mostly with EMC Corporation. Back then, large storage subsystems were equated with IBM mainframe computers, with a heavy emphasis on the financial services market.

Topics: Information Security IBM Data Protection Information and Risk Management HP Security and Privacy incident response SunGard E&Y Booz Allen Accenture