Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Topics: IBM Big Data Cisco Information and Risk Management FireEye Dell endpoint Security and Privacy Security SIEM Narus Mandiant Cybereason LogRhythm 21CT Leidos ISC8 Blue Coat RSA Security Lancope netSkope SDN click security Bit9 cybercrime Carbon Black

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Topics: IBM Cloud Computing Cybersecurity Palo Alto Networks Cisco Information and Risk Management FireEye HP Dell Security and Privacy Security Mandiant Lockheed DHS Barracuda Booz Allen Hamilton bromium Leidos nsa Cylance cybercrime CSC Damballa NIST BT NSF mssp

Good News and Bad News on Cybersecurity Priorities and Spending in 2014

With the Winter Olympics in full-swing, the cybersecurity community anxiously awaits another global event, the 2014 RSA Conference. Like Sochi, the RSA Conference comes with its own controversy, but I still anticipate that most of the global information security glitterati will be in San Francisco two weeks hence.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Mandiant rsa conference nsa Edward Snowden cyber attack

How Antivirus Continues to Compete

Despite well over a decade of sales success, antivirus technology has never been beloved in the security marketplace. Security professionals do not have immense faith in antivirus (AV) products to stop modern malware, and average users have never enjoyed the notifications, scans, and updates that go along with protecting a computer from roughly 6,000 new malware variants per day.

Topics: Information and Risk Management Security and Privacy Security malware Mandiant bromium antivirus Cylance Bit9 AV Guidance antivirus software

Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Topics: IBM Palo Alto Networks Information and Risk Management FireEye Security and Privacy Security malware Mandiant Barracuda Leidos Target cybercrime CSC Anti-malware NIST APT Unisys Splunk

Endpoint Security Market Transformation In 2014

It is widely agreed that the security software market is over $20 billion worldwide and that endpoint security software (aka antivirus) makes up the lion’s share of this revenue. After all, AV is an endpoint staple product bundled on new PCs, required as part of regulatory compliance, and even available for free from reputable providers such as Avast, AVG, and Microsoft.

Yup, AV software is certainly pervasive but traditional endpoint security vendors will face a number of unprecedented challenges to their comfy hegemony in 2014 for several reasons:

  1. Security professionals are increasingly questioning AV effectiveness. According to ESG research, 62% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that traditional endpoint security software is not effective for detecting zero-day and/or polymorphic malware commonly used as part of targeted attacks today. To quote Lee Atwater, ‘perception is reality’ when it comes to AV.
  2. Many organizations are already moving beyond AV. ESG research also indicates that over half (51%) of large organizations are planning to add new layers of endpoint security software in order to detect/prevent advanced malware threats. This means that enterprise companies aren’t waiting for AV vendors to catch up but rather spending on new endpoint defenses – likely with new vendors.
  3. The industry is turning up the heat. The AV market has been a cozy oligopoly dominated by a handful of vendors. This market is coming unglued as a combination of new threats and user perceptions is opening the door to an assortment of upstarts. The list includes smaller firms like Bit9, Cylance, Malwarebytes, and Triumfant as well as 800-pound gorillas like Cisco (with Sourcefire FireAMP, IBM (with Trusteer), and RSA Security (with ECAT). Oh, and let’s not forget red hot FireEye’s acquisition of Mandiant or Palo Alto’s purchase of Morta. These two firms are intent on leaving AV vendors in the dust as they pursue the title of “next-generation security company” (whatever that means).
Topics: IBM Microsoft Palo Alto Networks Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security Malwarebytes Triumfant Mandiant Avast trend micro RSA antivirus Cylance Bit9 Anti-malware APT Trusteer

The Pressing Need to Improve Endpoint Visibility for Information Security

In a recent ESG research project, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to identify their organizations’ endpoint security monitoring weaknesses. Thirty percent said they were unsure about, “applications installed on each device,” 19% had difficulty monitoring “downloads/execution of suspicious code,” 12% struggled when tracking, “suspicious/malicious network activity,” and 11% had a hard time tracking “current patch levels.”

Why is it so difficult to monitor endpoint activities? An old saying comes to mind: “Water, water, everywhere but not a drop to drink.” There are records about endpoints all over the place – asset databases, CMDBs, network monitoring tools, vulnerability scanners, patch management tools, etc. – but when security analysts need up-to-the-minute information for critical remediation activities, they have to scramble around through a myriad of management systems to retrieve it.

Topics: Information and Risk Management Sourcefire McAfee Security and Privacy Security endpoint security big data security analytics Bradford Networks Mandiant ForeScout Guidance Software bromium Invincea Great Bay Software RSA Security

RSA Security Conference 2013: The Most Important RSA Ever?

It wasn’t long ago that the annual RSA Security Conference was an oasis from mainstream IT. While CIOs were focused on business process automation, the RSA crowd was celebrating technologies like DLP, web security, and key management. Yup, security was an under-funded IT stepchild and the RSA Conference was still centered on bits and bytes.

That was then, this is now and cybersecurity is everywhere – newspapers, magazines, television news, etc. Off the top of my head, here are some of the big cybersecurity news stories from the first two months of 2013:

Topics: Apple Information and Risk Management Security and Privacy Security Mandiant rsa conference cybercrime Facebook Barack Obama DoD

The Advanced Malware Detection/Prevention Market

I've been thinking a lot about the Advanced Malware Detection/Prevention (AMD/P) market lately. This market is most often associated with Advanced Persistent Threats (APTs) and vendors like Countertack, Damballa, FireEye, Invincea, and Trend Micro.

Topics: Cybersecurity Endpoint & Application Virtualization IT Infrastructure Networking Information and Risk Management FireEye Security and Privacy malware Mandiant trend micro Invincea cybercrime Damballa APT advanced persistent threat SSL Countertack