RSA 2017: Anticipating Network Security Chatter

Earlier this week, I posted a blog about my expectations for endpoint security at the upcoming RSA Conference.  Similarly, here’s what I anticipate hearing about network security:

Topics: Network Security Cybersecurity rsa conference

RSA Conference Topic: Endpoint Security

As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! 

So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan on writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security.

To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.

Topics: Network Security Cybersecurity endpoint security

Endpoint Security in 2017


Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. 

Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.

Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. 

Topics: Network Security Cybersecurity endpoint security antivirus Anti-malware

Looking Back to Look Forward on Cybersecurity

By now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Topics: Network Security Cybersecurity endpoint security NIST cloud security ISSA

Goodbye SIEM, Hello SOAPA

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. 

Topics: Network Security Cybersecurity endpoint security SIEM antivirus security analytics

Goodbye NAC, Hello Software-defined Perimeter (SDP)

Those of use who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (a.k.a. Cisco NAC), Microsoft’s network access protection (NAP), and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).

Topics: Network Security Cybersecurity NAC SDP

Trend Micro’s Enterprise Play

I spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers:

  • A tightly-integrated next-generation endpoint security suite. There’s a lot of industry rhetoric out there proclaiming Trend as a legacy AV vendor. Don’t believe it! Yes, Trend Micro’s endpoint security product has been around forever but the company has continuously enhanced its technology to keep up with the latest requirements. Most recently, Trend added machine learning for pre- and post-execution prevention/detection of 0-day malware which puts it on par with the next-generation endpoint security crowd. Oh, and Trend also offers its own EDR functionality as well. Armed with its new product, Trend’s layered endpoint defense should meet the security efficacy and operational efficiency requirements of even the most demanding enterprises.
Topics: Network Security Cybersecurity endpoint security trend micro cloud security

VMworld: My Cybersecurity-centric Impressions

In my last blog, I wrote about what I was anticipating as far as cybersecurity for VMworld. Now that I’m back from Vegas, it’s time for me to report on how reality aligned with my expectations.

  1. NSX penetration. It seems like VMware has made progress in terms of NSX market penetration over the past year. At VMworld 2015, VMware talked about around 1,000 production environments for NSX while at VMworld 2016, VMware mentioned somewhere between 1,700 to 2,000 production NSX customers. Still a small percentage of the total VMware installed base but at least 70% growth year-over-year. Yes, some of these customers are likely just getting started or are using NSX on an extremely limited basis, but I still see good progress happening as more and more organizations begin playing with and using NSX. VMware describes three primary uses for NSX:  Disaster recovery, security, and network operations automation. It is worth noting that around 60% to 70% of NSX deployment is skewed toward security use cases. 
Topics: Network Security Cybersecurity VMware VMworld cloud security

The pressing need for network security operations automation

According to ESG research, 63% of networking and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe that network security operations is more difficult today than it was two years ago.

Why?

Because enterprises have to deal with more connected devices, network traffic, and applications than two years ago. What’s more 47% of respondents claim that it is difficult to monitor network behavior from end-to-end while 41% claim that network security operations difficulties result from increasing use of cloud computing.

Topics: Network Security Cybersecurity network security operations

CISO portfolio management

Enterprise CISOs are in an unenviable position. Given today’s dangerous threat landscape and rapidly evolving IT initiatives, CISOs have a long list of tasks necessary for protecting sensitive data and IT assets. At the same time, however, most organizations are operating with a shortage of skilled cybersecurity professionals. According to ESG research, 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills in 2016.

Topics: Network Security Cybersecurity endpoint security CISO