What is an Enterprise-class Cybersecurity Vendor?

On Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Topics: Information Security IBM Cybersecurity Cisco McAfee Symantec CISO NIST ISSA

Cybersecurity Skills Shortage Threatens the Mid-market

ESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage CISO NIST ISSA

Looking Back to Look Forward on Cybersecurity

By now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Topics: Network Security Cybersecurity endpoint security NIST cloud security ISSA

New Research Reveals Cybersecurity Skills Shortage Impact

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations said that they have a problematic shortage of cybersecurity skills.

Topics: Cybersecurity cybersecurity skills shortage NICE NIST ISSA

Trump Cybersecurity Dos and Don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. 

To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49% of cybersecurity professionals said that cybersecurity is a critical issue and should be the top national security priority for the next President while 45% said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front-line see cybersecurity as a major priority, this should speak volumes to the President-elect. 

Topics: Cybersecurity NICE nsa NIST NSF Barack Obama Donald Trump United States of America

Cybersecurity salary inflation — a red flag

If you follow my blog at all you know that I am quite passionate about the cybersecurity skills shortage and its ramifications. Just to put this issue in perspective, ESG research indicates that 46% of organizations claim they have a “problematic shortage” of cybersecurity skills in 2016 as compared to 28% in 2015. 

Topics: Cybersecurity cybersecurity skills shortage NICE NIST

Henry Ford and Incident Response

In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. 

Topics: Cybersecurity incident response NIST

Incident Response: More Art than Science

Five to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs). 

Topics: Cybersecurity DHS incident response cybercrime NIST

Cybersecurity, Critical Infrastructure, and the Federal Government

The term “critical infrastructure” is used by governments around the world to describe industries and physical assets deemed essential to their economies and national security. Critical infrastructure industries include agriculture, electricity generation, financial services, health care, telecommunications, and government services like law enforcement and the water supply (i.e., drinking water, waste water, dams, etc.).

Topics: Cybersecurity US government NIST Critical Infrastructure Critical Infrastructure Protection

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Topics: IBM Cloud Computing Cybersecurity Palo Alto Networks Cisco Information and Risk Management FireEye HP Dell Security and Privacy Security Mandiant Lockheed DHS Barracuda Booz Allen Hamilton bromium Leidos nsa Cylance cybercrime CSC Damballa NIST BT NSF mssp