SOAPA Video with Arbor Networks (Part 2)

In the second part of my SOAPA video with Arabella Hallawell from Arbor Networks, we discuss:

  1. SOAPA technology integration. Arbor Networks partners with lots of network service providers, giving the company a bird’s eye view of Internet traffic. The company uses this position to monitor, collect, and curate threat intelligence through its ASERT team. As part of its network security analytics products and services, it adds CTI to give customers an understanding of malicious activities happening inside and outside of their networks. Of course, integrating internal network telemetry and CTI is one of the principles of SOAPA. 
Topics: Cybersecurity security operations cyber threat intelligence network security analytics SOAPA Arbor Networks Arabella Hallawell

SOAPA Video with Arbor Networks (Part 1)

Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc. 

Topics: Cybersecurity SIEM network security analytics network security operations SOAPA SOC Arbor Networks

Talking SOAPA with Vectra Networks (Video, Part 1)

Old friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Topics: Cybersecurity SIEM network security analytics SOAPA EDR Vectra Networks

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

I’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage SIEM CISO network security analytics network security operations

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

ESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Topics: Cybersecurity big data security analytics SIEM CISO security operations network security analytics SOC

Enterprises are investing in network security analytics

If I’ve heard it once, I’ve heard it a thousand times: traditional security controls are no longer effective at blocking cyber-threats, so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response.

Unfortunately, this can be more difficult than it seems. Why? Effective Incident detection and response depends upon security analytics technology, and this is where the confusion lies. It turns out that there are lots of security analytics tools out there that approach this problem from different angles. Given this reality, where the heck do you start?

Topics: Network Security Cybersecurity security analytics network security analytics