Most Recent Blogs

My Final Impressions of Black Hat 2014

Posted: August 11, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, Security and Privacy, Guidance Software, Crowdstrike, bromium, RSA, Invincea, Digital Guardian, Webroot

I attended Black Hat 2014 in Las Vegas last week and wanted to write a post while I’m still feeling the buzz of the event. Here are just a few of my take-aways:

  1. Black Hat = High Energy. I attended Interop at the same venue (Mandalay Bay) for many years but I noticed that the event was getting stale and rather morose recently. It was quite invigorating then to witness the high-energy security crowd at Black Hat in comparison. There was lots of energy, great discourse, and plenty of knowledge transfer. Yes, there was commercialism and Vegas schmaltz, but Black Hat is more of a community get together than your typical stale trade show – and way more lively than Interop post the late 1990s.
  2. Black Hat vs. RSA. When I worked at EMC back in the late 1980s, one of the common sales mantras of the company was, “people who know how always work for people who know why.” This was a “solution selling” message intended to get the sales team to focus on the “why” customers who own business processes, financial results, and budgets, rather than the “how” customers who twiddle bits and bytes. With this analogy in mind, RSA is a “why” conference while Black Hat (and to some extent, (DEFCON) is a “how” conference. With this explained, there is also a difference as cybersecurity is a hardcore “how” discipline that revolves around the folks who know how to twiddle bits and bytes or can detect when someone else has twiddled bits and bytes in a malicious way. In my humble opinion, these two shows complement each other. Yes, we need extremely competent CISOs who know business, IT, and security technology but we must also have security practitioners with deep technical skills, devotion, and passion. RSA is focused on the former while Black Hat/DEFCON appeals to the latter.
  3. Security vendors should be at Black Hat. Many leading security vendors passed on Black Hat and allocated event budget dollars to RSA and shows like VMware instead. I get this but would suggest that they find ways to spread event investments around so they can attend Black Hat 2015. Why? Black Hat attendees may not be budget holders but they are the actual people who influence technology decisions and make up the majority of the cybersecurity community at large. These are the people who choose cybersecurity technologies that can meet technical requirements. Creative security technology vendors can also approach Black Hat as a recruiting opportunity, not just a sales and marketing event.
  4. I left Black Hat with even more cybersecurity concern. I’m in the middle of this world all the time so I hear lots more about the bad guys’ Tactics, Techniques, and Practices (TTPs) than most people do. Even so, I spent the week hearing additional scary stories. For example, Blue Coat labs reported on 660 million hosts with a 24 hour lifespan it calls “one-day wonders.” As you can imagine, many of these hosts are malicious and their rapid lifespan files under the radar of signature-based security tools and threat intelligence. I also learned more about the “Operation Emmantel,” (i.e., from Trend Micro) that changes DNS settings and installs SSL certificates on clients, intercepts legitimate One-time passwords (OTPs) and steals lots of money from online banking customers. Black Hat chatter served as further evidence that our cyber-adversaries are not only highly-skilled, but way more organized than most people think.
  5. Endpoint security is truly “in play.” A few years ago, endpoint security meant antivirus software and a cozy oligopoly dominated by McAfee, Symantec, and Trend Micro (and to some extent, Kaspersky Lab and Sophos as well). To use Las Vegas terminology, all bets are off with regard to endpoint security now. With the rash of targeted attacks and successful security breaches over the past few years, enterprise organizations are questioning the value of AV and looking for layered endpoint defenses. Given this market churn, Black Hat was an endpoint security nexus with upstarts like Bromium, Cisco, Crowdstrike, Digital Guardian (formerly Verdasys), Druva, FireEye, Guidance Software, IBM, Invincea, Palo Alto Networks, Raytheon Cyber Products, RSA, and Webroot ready to talk about “next-generation” endpoint security requirements and products. While the incumbents have an advantage, endpoint security is becoming a wide-open market as evidenced by the crowd at Black Hat.

Black Hat is a great combination of Las Vegas shtick, hacker irreverence, and a serious cybersecurity focus. Yup, it’s only a tradeshow but there is a serious undercurrent at Black Hat/DEFCON that is sorely missing from most IT events.

Read More

Enterprise CISO Challenges In 2014

Posted: January 10, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Security and Privacy, Security, risk management, Centrify, Malwarebytes, LogRhythm, bromium, 21CT, Leidos, RSA, Invincea, Accenture, ISC8, Blue Coat, CloudPassage, click security, Bit9, CSC, Hexis, HyTrust

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.

At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:

  1. Improve risk management. This translates into threat/vulnerability measurement, threat prevention, and ongoing communication with the business mucky mucks. The problem here is that their networks are constantly changing, scans are done on a scheduled rather than real-time basis, and the threat landscape is dangerous, sophisticated, and mysterious.
Read More

Addressing advanced malware in 2014

Posted: December 16, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Information and Risk Management, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, Kaspersky, LogRhythm, trend micro, bromium, Symantec, Invincea, antivirus, RSA Security, Sophos, Bit9, Anti-malware, Hexis, Splunk

In the cybersecurity annals of the future, 2013 may be remembered as the year of advanced malware. Yes, I know that malware is nothing new and the term “advanced” is more hype than reality as a lot of attacks have involved little more than social engineering and off-the-shelf exploits. That said, I think it’s safe to say that this is the year that the world really woke up to malware dangers (advanced or not) and is finally willing to address this risk.

So how will enterprise organizations (i.e., more than 1,000 employees) change their security strategies over the next year to mitigate the risks associated with advanced malware threats? According to ESG research:

  • 51% of enterprise organizations say they will add a new layer of endpoint software to protect against zero day and other types of advanced malware. Good opportunity for Kaspersky, McAfee, Sophos, Symantec, and Trend Micro to talk to customers about innovation and new products but the old guard has to move quickly to prevent an incursion by new players like Bit9, Bromium, Invincea, and Malwarebytes. The network crowd (i.e., Cisco, Check Point, FireEye, Fortinet, and Palo Alto Networks, etc.) may also throw a curveball at endpoint security vendors as well. For example, Cisco (Sourcefire) is already selling an endpoint/network anti-malware solution with a combination of FireAMP and FirePOWER.
  • 49% of enterprise organizations say they will collect and analyze more security data, thus my prediction for an active year in the big data security analytics market – good news for LogRhythm and Splunk. Still, there is a lot of work to be done on the supply and demand side for this to really come to fruition.
  • 44% of enterprise organizations say they will automate more security operations tasks. Good idea since current manual security processes and informal relationship between security and IT operations is killing the effectiveness and pace of security remediation. Again, this won’t be easy as there is a cultural barrier to overcome but proactive organizations are already moving in this direction. If you are interested in this area, I suggest you have a look at Hexis Cyber Solutions’ product Hawkeye G. Forward thinking remediation stuff here.
  • 41% of enterprise organizations say they will design and build a more integrated information security architecture. In other words, they will start replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement. Good idea, CISOs should create a 3-5 year plan for this transition. A number of vendors including HP, IBM, McAfee, RSA Security, and Trend Micro are designing products in this direction with the enterprise in mind.
Read More

ESG Research Report Describes a Major Transition Coming to Endpoint Security

Posted: September 16, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Malwarebytes, bromium, Invincea, Bit9

ESG just published a new research report titled, Advanced Malware Detection and Prevention Trends. The publication follows up on a 2011 research report on APTs and is based upon a survey of 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) in North America.

Read More

Dell’s Most Secure PC Initiative Presents a New Opportunity

Posted: September 06, 2013   /   By: Jon Oltsik   /   Tags: IBM, EMC, Cisco, Information and Risk Management, HP, Dell, Security and Privacy, Security, Kaspersky Lab, trend micro, Symantec, Invincea, antivirus, Sophos, Anti-malware, encryption

When it comes to selling PCs to business organizations, Dell has long held a well-deserved reputation for aggressive pricing, tailored customization services, and strong customer service. Okay, but what about endpoint security? In the past, Dell sales reps would simply open their catalog and let the customer choose from a vast list of partner options. Want AV software, full-disk encryption, or biometric authentication? Dell would simply ask its customers to choose dozen of partner options in each area.

Read More

The Pressing Need to Improve Endpoint Visibility for Information Security

Posted: August 13, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Security, endpoint security, big data security analytics, Bradford Networks, Mandiant, ForeScout, Guidance Software, bromium, Invincea, Great Bay Software, RSA Security

In a recent ESG research project, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to identify their organizations’ endpoint security monitoring weaknesses. Thirty percent said they were unsure about, “applications installed on each device,” 19% had difficulty monitoring “downloads/execution of suspicious code,” 12% struggled when tracking, “suspicious/malicious network activity,” and 11% had a hard time tracking “current patch levels.”

Why is it so difficult to monitor endpoint activities? An old saying comes to mind: “Water, water, everywhere but not a drop to drink.” There are records about endpoints all over the place – asset databases, CMDBs, network monitoring tools, vulnerability scanners, patch management tools, etc. – but when security analysts need up-to-the-minute information for critical remediation activities, they have to scramble around through a myriad of management systems to retrieve it.

Read More

What's Driving Enterprise Security Strategy?

Posted: August 14, 2012   /   By: Jon Oltsik   /   Tags: IBM, Big Data, End-User Computing, Information and Risk Management, FireEye, McAfee, Security and Privacy, BYOD, malware, SIEM, RSA, Invincea, Security Management, Damballa, APT, security operations, managed security services, Countertack

ESG recently published a new research report titled, Security Management and Operations: Changes on the Horizon. As part of the survey, ESG asked 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to identify the most important factors driving their organization’s information security strategy in 2012.

The top two responses were quite predictable: 55% said “protecting sensitive data and intellectual property (IP)” while 50% pointed to regulatory compliance. What is interesting is the responses beyond these two traditional security drivers:

  • 41% said “addressing new types of threats”
  • 39% said “improving/automating security operations”
  • 38% said “addressing security issues created by the use of mobile devices”
  • 35% said “improving our ability to analyze security data and detect attacks in progress”
  • 33% said “aligning security policies and controls with business processes”
Read More

Advanced Malware Protection: Network or Host?

Posted: July 30, 2012   /   By: Jon Oltsik   /   Tags: Check Point, Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, Juniper, Sourcefire, FireEye, McAfee, Enterprise Software, mobile, Security and Privacy, Security, bromium, Invincea, Fidelis, Bit9, Anti-malware, Damballa, APT, advanced persistent threat, Trend M, Countertack

Large organizations have legitimate cause for concern. Malware creation and proliferation is increasing rapidly as cyber criminals and state-sponsored organizations create the next round of APTs, botnets, Trojans, and rootkits. What's more, we've entered the era of micro attacks designed to compromise a targeted organization, business unit, or individual.

Read More

The Advanced Malware Detection/Prevention Market

Posted: July 10, 2012   /   By: Jon Oltsik   /   Tags: Cybersecurity, Endpoint & Application Virtualization, IT Infrastructure, Networking, Information and Risk Management, FireEye, Security and Privacy, malware, Mandiant, trend micro, Invincea, cybercrime, Damballa, APT, advanced persistent threat, SSL, Countertack

I've been thinking a lot about the Advanced Malware Detection/Prevention (AMD/P) market lately. This market is most often associated with Advanced Persistent Threats (APTs) and vendors like Countertack, Damballa, FireEye, Invincea, and Trend Micro.

Read More

Posts by Topic

see all