Leading Enterprise Organizations Have Established a Dedicated Network Security Group

When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn’t dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.

This “us-and-them” mentality appears to be legacy behavior. According to ESG research on network security trends, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security. Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

Topics: IBM Network Security Check Point Palo Alto Networks Fortinet Cisco IT Infrastructure Networking Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy Security

Anticipating Black Hat

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.

Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:

  • Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations.
  • The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
  • Threat intelligence. All of the leading infosec vendors (i.e., Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot, etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse.
  • Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e., 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics.
Topics: IBM Check Point Palo Alto Networks Fortinet Cisco Data Management & Analytics Information and Risk Management Juniper HP McAfee Enterprise Software Security and Privacy Crowdstrike Lockheed Martin Black Hat trend micro RiskIQ 21CT Leidos Norse CybOX BitSight Symantec RSA TAXII ISC8 Blue Coat STIX Webroot

Is Cisco Back (as an Enterprise Security Leader)?

It wasn’t too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and e-mail security and was actively pushing products for endpoint security and SIEM as well as security “blades” for Catalyst switches. Heck, Cisco even articulated a bold vision of “self-defending networks” with security policy, enforcement, and intelligence all baked into the network.

Somewhere around 2008, however, Cisco security went into a prolonged slump. Cisco security products didn’t offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco’s security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.

Topics: IBM Palo Alto Networks Cisco Hadoop Networking Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy Security CiscoLive trend micro Symantec Blue Coat TrustSec Crossbeam Mergers / Acquisitions Anti-malware

Has Mobile Computing Had a Positive Impact on Cybersecurity?

I’ve heard the same story from a multitude of CISOs: “As soon as we agreed to support BYOD and mobile devices, all hell broke loose!” How? All of a sudden there were hundreds or thousands of new devices accessing the corporate network. Many of these devices were employee-owned, unmanaged, and full of questionable applications. What’s more, users were now working on multiple devices and moving sensitive data between Windows PCs, iPads, Android phones, and a slew of online file sharing sites like Box, Dropbox, and iCloud. Holy threat and vulnerability, Batman!

Most enterprise organizations are now way past this early period of mobile security chaos. Yes, there are still plenty of challenges associated with mobile computing security, but did preliminary mobile computing anarchy have any positive impact on information security in the long run? In other words, did the initial mobile computing fire drills actually help CISOs recognize risks and address systemic weaknesses?

Topics: IBM MDM Cisco Information and Risk Management Juniper HP mobile Security and Privacy Security endpoint security Bradford Networks Mobile computing Box Dropbox Aruba Vormetric ForeScout Veracode Great Bay Software NAC

The Rise of Networking at VMworld 2013

Next week VMworld kicks off at the Moscone center in San Francisco with much anticipation. I am looking forward to hearing about their integration efforts and enhancements to their networking solutions. More specifically, the NSX solution, now that they have a year under their belt with Nicira – it wasn’t quite fair to dig too deep at last year's show – I think the acquisition had only been completed 2 weeks (or was it 2 days?) prior to the show.

This year however, should contain a lot more content for those interested in networking. Indeed, VMware announced NSX earlier this year (available in 2H 2013) which integrates the Nicira NVP and vCloud Network and Security products into one platform. I think this was a smart decision, given that ESG research has indicated that network security is a top priority for organizations for 2013 (see ESG's Research Brief, 2013 Networking Spending Trends). We expect others will follow suit and my esteemed colleague, Jon Oltsik, who covers security for ESG, and I will continue to cover this topic in more detail.

Topics: IBM Microsoft IT Infrastructure VMware Networking Juniper VMworld NSX Nuage NetSocket ADARA Nicira

CloudNFV - Network Function Virtualization’s stealthy cloud association

It isn’t easy being a start-up. First, the SDN future looked bright, promising start-ups an opportunity to unseat incumbent IP and Ethernet networking titans. Concerned network and cloud service providers had banded together to form the Open Networking Foundation (ONF.org – now at 100 members) to help define programmable networks with a separate, open control plane, initially based on a coincidentally like-minded university’s OpenFlow controller for an enterprise networking test bed. Facing the doom of rapid traffic growth with little new revenue (the classic ‘scissor’ diagram), the current NSP Capex model to scale networks needed to change or they would need to raise prices, potentially strangling the life from the mobile and Internet golden goose pair. And to take server virtualization to the next level, namely VM mobility, Cloud SPs need network virtualization and SDN to make them bandwidth dynamic and enable application calls for bandwidth on-demand. So venture capital flowed like milk and honey to eager SDN start-ups, all expecting to emulate Nicira’s very good fortune.

But then the sleeping networking giants (a.k.a good shepards, or jolly ranchers?) stirred when they saw their cash cow herds at-risk to the new start-up wolves. Should they armor their cash-cows or might a scarecrow do? On April 8th, 2013 OpenDaylight was launched. From ODL’s mission: At this early stage of SDN adoption, the industry acknowledges the benefits of establishing an open, reference framework for programmability and control through an open source SDN solution. Such a framework maintains the flexibility and choice to allow organizations to deploy SDN as they please, yet still mitigates many of the risks of adopting early stage technologies and integrating with existing infrastructure investments.”

Topics: Cisco IT Infrastructure VMware Networking Juniper AWS Simplivity VCE ONF Public Cloud Service

Next-generation wLANs will drive productivity gains

As our vendor clients already know, I’ve been busy surveying over 20 enterprise wireless LAN providers to learn more about their wLAN offerings and support plans for 802.11ac, BYOD, UC, etc. for ESG’s upcoming wLAN Market Landscape Report. I’m happy to report that from the supply-side, there are plenty of innovative enterprise wireless systems to choose from and a very competitive marketplace. And we will be fielding our enterprise wireless networking survey shortly, so we’ll be able to better match enterprise wireless needs to vendor offerings.

However, I do have concerns about the demand-side, where many enterprise CFOs are still concerned about continued economic uncertainty, and are holding the line on IT budgets. Recently, change in information and communications technologies (ICT) seems to be accelerating toward light-speed, but many CFOs just want to spend to keep the lights on in the IT department. Organizations that don’t invest in new IT technologies will find themselves at a competitive disadvantage - period.

Topics: Cisco IT Infrastructure Networking Juniper HP BYOD Aruba Huawei Aerohive Adtran Alcatel-Lucent NEC Brocade Enterasys Extreme Ruckus

Will ONS Help SDN Cross the Chasm?

The RSA security conference was once limited to discussions around encryption algorithms and cryptography, attracting a limited and highly technical audience. Likewise, VMworld was once a Mecca for software developers and testers only.

Topics: Cloud Computing Microsoft Cisco IT Infrastructure VMware Networking Information and Risk Management Juniper HP Security and Privacy Security ONS openstack software-defined networking SDN ONF Nicira VXLAN OpenFlow LAN & WAN Arista Networks

Is the World Ready for the Intersection of Software-defined Networking (SDN) and Network Security?

A few years ago, software-defined networking (SDN) was an esoteric concept driven by academics. Some networking vendors were intrigued but many looked at it as nothing more than a science project. Fast forward to 2013 and networking vendors are tripping over each other to pledge their SDN support and crow about their SDN strategies.

Topics: Cybersecurity Palo Alto Networks Fortinet Cisco VMware Networking Information and Risk Management Juniper Sourcefire HP McAfee Security and Privacy Security software-defined networking SDN Nicira VXLAN LAN & WAN Brocade Arista

What’s Old Is New Again In Information Security

For many years, the RSA Conference was all about the new new thing. New threats, new compliance mandates, new technologies, etc. At the same time, the industry intelligentsia dismissed staple security technologies like endpoint security and firewalls as boring commodities.

Topics: Check Point Palo Alto Networks Fortinet Cisco Information and Risk Management Juniper Sourcefire FireEye Dell Security and Privacy endpoint security Malwarebytes Barracuda bromium antivirus Damballa APT