Remarkably, Many Organizations Still Opt for 'Good Enough' Cybersecurity

Late last year, ESG published a research report titled Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that:

  • 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers.
  • 27% of organizations experienced one or several incidents of ransomware.
  • 20% of organizations experienced one or several incidents resulting in the disruption of a business application.
  • 19% of organizations experienced one or several incidents resulting in the disruption of a business process.
Topics: Cybersecurity malware CISO cybercrime ISSA

The Endpoint Security Continuum (Part 2)

Way back at the beginning of February, I wrote a blog titled, The Endpoint Security ContinuumIn that blog, I described how enterprise organizations were now deploying next-generation endpoint security solutions along a continuum flanked by two poles: advanced prevention at one end and advanced detection and response at the other. I actually presented some research describing next-generation endpoint security a few weeks ago at this year’s RSA Security Conference (contact me if you'd like to see the slides from that session). 

Topics: Cybersecurity malware endpoint security AV

An Abundance of Incident Response Bottlenecks

Manual processes represent a major incident response bottleneck at enterprise organizations. I'd like to share a few alarming data points from some recent ESG research:

Topics: Cybersecurity malware incident response

The Return of AV Leaders?

When I started covering the infosec market around 13 years ago, anti-spyware was the hot topic Du Jour. The market went through a common cycle – VCs funded companies and cranked up the hype machine. Some product companies were acquired (CA purchased PestPatrol, Microsoft acquired Giant Software, etc.), while others pivoted from anti-spyware alone to endpoint security (Webroot). Ultimately, however, the anti-spyware boom cycle went bust when incumbent endpoint security leaders like Intel Security (McAfee), Kaspersky, Sophos, Symantec, and Trend Micro added anti-spyware to their existing AV products, turning a product category into a product feature. 

Topics: Cybersecurity malware endpoint security antivirus

FireEye Myth and Reality

Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio, yet the company will always be linked with personal computers and its founder’s dorm room. F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company. Bit9 has established itself as a major next-generation endpoint player, yet some people can only think of its original focus on white listing.

Topics: Network Security Cybersecurity malware cybercrime Anti-malware

Measuring the Quality of Commercial Threat Intelligence

In my most recent blog, I described how a recently published ESG research report on threat intelligence revealed a number of issues around commercial threat intelligence quality. As part of a recent survey of cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees), ESG found that:

Topics: malware cybercrime

Enterprises Are Encrypting and Inspecting More Network Traffic

Encrypted traffic has become increasingly ubiquitous at most organizations. According to new ESG research, a vast majority (87%) of organizations surveyed encrypt at least 25% of their overall network traffic today.  Network encryption is a security best practice as it protects the privacy and confidentiality of network traffic as it travels from source to destination. 

Topics: Network Security malware

Book Report: Countdown to Zero Day

When you work in the cybersecurity domain you face some daunting challenges.  For one thing, cybersecurity is always changing – there are new offensive and defensive tactics, techniques, and procedures (TTPs) constantly that you try to keep up with.  Alternatively, cybersecurity is an extremely broad topic, spanning technology, regulations, law enforcement, geo-political conflict, critical infrastructure, etc. 

When people ask me how to learn about disparate cybersecurity topics, I reply with a single word – “read.”  More specifically, I recommend that they go to their public library and take out one of the many fantastic books written in the past few years on malware (Worm, by Mark Bowden), cybercrime (Kingpin,  by Kevin Poulsen), hackers (We Are Anonymous, Parmy Olson), Cyberwar (Cyberwar, Richard Clarke), etc.  There are loads of other good books available by authors like James Bamford, Steven Levy, John Markoff, Kevin Mitnick, Bruce Schneier, and Cliff Stoll as well. 

Topics: malware

Enterprise Annexation of Endpoint Security

When it comes to strong cybersecurity, endpoints and servers have often been second-class citizens when compared to the network. I described this situation in a March 2013 network-security-trumps-server-security-in-the-enterprise/index.html" target="_blank">blog. According to ESG research, 58% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) said that network security processes, skills, and technical controls were “much more thorough” or “somewhat more thorough” than server security processes, skills, and technical controls.

Why the discrepancy? Network security includes mature technologies like firewalls, IDS/IPS, and web application firewalls (WAFs). Furthermore, network security often involves a lot of network design and engineering for segmentation, access control, and traffic management. Alternatively, endpoint and server security is typically based on nothing more than AV software and its associated signature downloads and occasional scans.

Topics: Cybersecurity Networking Information and Risk Management Security and Privacy malware endpoint security

Advanced Evasion Techniques: Dirty, Little, Secret Weapons.

Many organizations are so intent on identifying new malware that they are failing to address or in some cases even recognize advanced evasion techniques (AETs) that can enable malware to circumvent their security defenses. AETs pose a great threat because most security solutions can’t detect, much less stop them. Security professionals and executive managers need to wake up to this real and growing threat.

Advanced persistent threats (APTs) have been a huge focus in network security discussions over the past few years with good reason. Numerous organizations are implementing new solutions to protect themselves from this determined type of malware. Even so, cyber criminals have been penetrating the network defenses of even the most robust security infrastructures, including some very high-profile enterprises.

Topics: Information and Risk Management McAfee Security and Privacy malware Firewall ESG Validation Services