Most Recent Blogs

Leading Enterprise Organizations Have Established a Dedicated Network Security Group

Posted: October 06, 2014   /   By: Jon Oltsik   /   Tags: IBM, Network Security, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Networking, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security

When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn’t dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.

This “us-and-them” mentality appears to be legacy behavior. According to ESG research on network security trends, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security. Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

Read More

My Final Impressions of Black Hat 2014

Posted: August 11, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, Security and Privacy, Guidance Software, Crowdstrike, bromium, RSA, Invincea, Digital Guardian, Webroot

I attended Black Hat 2014 in Las Vegas last week and wanted to write a post while I’m still feeling the buzz of the event. Here are just a few of my take-aways:

  1. Black Hat = High Energy. I attended Interop at the same venue (Mandalay Bay) for many years but I noticed that the event was getting stale and rather morose recently. It was quite invigorating then to witness the high-energy security crowd at Black Hat in comparison. There was lots of energy, great discourse, and plenty of knowledge transfer. Yes, there was commercialism and Vegas schmaltz, but Black Hat is more of a community get together than your typical stale trade show – and way more lively than Interop post the late 1990s.
  2. Black Hat vs. RSA. When I worked at EMC back in the late 1980s, one of the common sales mantras of the company was, “people who know how always work for people who know why.” This was a “solution selling” message intended to get the sales team to focus on the “why” customers who own business processes, financial results, and budgets, rather than the “how” customers who twiddle bits and bytes. With this analogy in mind, RSA is a “why” conference while Black Hat (and to some extent, (DEFCON) is a “how” conference. With this explained, there is also a difference as cybersecurity is a hardcore “how” discipline that revolves around the folks who know how to twiddle bits and bytes or can detect when someone else has twiddled bits and bytes in a malicious way. In my humble opinion, these two shows complement each other. Yes, we need extremely competent CISOs who know business, IT, and security technology but we must also have security practitioners with deep technical skills, devotion, and passion. RSA is focused on the former while Black Hat/DEFCON appeals to the latter.
  3. Security vendors should be at Black Hat. Many leading security vendors passed on Black Hat and allocated event budget dollars to RSA and shows like VMware instead. I get this but would suggest that they find ways to spread event investments around so they can attend Black Hat 2015. Why? Black Hat attendees may not be budget holders but they are the actual people who influence technology decisions and make up the majority of the cybersecurity community at large. These are the people who choose cybersecurity technologies that can meet technical requirements. Creative security technology vendors can also approach Black Hat as a recruiting opportunity, not just a sales and marketing event.
  4. I left Black Hat with even more cybersecurity concern. I’m in the middle of this world all the time so I hear lots more about the bad guys’ Tactics, Techniques, and Practices (TTPs) than most people do. Even so, I spent the week hearing additional scary stories. For example, Blue Coat labs reported on 660 million hosts with a 24 hour lifespan it calls “one-day wonders.” As you can imagine, many of these hosts are malicious and their rapid lifespan files under the radar of signature-based security tools and threat intelligence. I also learned more about the “Operation Emmantel,” (i.e., from Trend Micro) that changes DNS settings and installs SSL certificates on clients, intercepts legitimate One-time passwords (OTPs) and steals lots of money from online banking customers. Black Hat chatter served as further evidence that our cyber-adversaries are not only highly-skilled, but way more organized than most people think.
  5. Endpoint security is truly “in play.” A few years ago, endpoint security meant antivirus software and a cozy oligopoly dominated by McAfee, Symantec, and Trend Micro (and to some extent, Kaspersky Lab and Sophos as well). To use Las Vegas terminology, all bets are off with regard to endpoint security now. With the rash of targeted attacks and successful security breaches over the past few years, enterprise organizations are questioning the value of AV and looking for layered endpoint defenses. Given this market churn, Black Hat was an endpoint security nexus with upstarts like Bromium, Cisco, Crowdstrike, Digital Guardian (formerly Verdasys), Druva, FireEye, Guidance Software, IBM, Invincea, Palo Alto Networks, Raytheon Cyber Products, RSA, and Webroot ready to talk about “next-generation” endpoint security requirements and products. While the incumbents have an advantage, endpoint security is becoming a wide-open market as evidenced by the crowd at Black Hat.

Black Hat is a great combination of Las Vegas shtick, hacker irreverence, and a serious cybersecurity focus. Yup, it’s only a tradeshow but there is a serious undercurrent at Black Hat/DEFCON that is sorely missing from most IT events.

Read More

Anticipating Black Hat

Posted: August 01, 2014   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, Data Management & Analytics, Information and Risk Management, Juniper, HP, McAfee, Enterprise Software, Security and Privacy, Crowdstrike, Lockheed Martin, Black Hat, trend micro, RiskIQ, 21CT, Leidos, Norse, CybOX, BitSight, Symantec, RSA, TAXII, ISC8, Blue Coat, STIX, Webroot

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.

Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:

  • Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations.
  • The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
  • Threat intelligence. All of the leading infosec vendors (i.e., Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot, etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse.
  • Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e., 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics.
Read More

Is Cisco Back (as an Enterprise Security Leader)?

Posted: May 22, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Hadoop, Networking, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, CiscoLive, trend micro, Symantec, Blue Coat, TrustSec, Crossbeam, Mergers / Acquisitions, Anti-malware

It wasn’t too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and e-mail security and was actively pushing products for endpoint security and SIEM as well as security “blades” for Catalyst switches. Heck, Cisco even articulated a bold vision of “self-defending networks” with security policy, enforcement, and intelligence all baked into the network.

Somewhere around 2008, however, Cisco security went into a prolonged slump. Cisco security products didn’t offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco’s security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.

Read More

The Emerging Cybersecurity Software Architecture

Posted: May 08, 2014   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Check Point, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, McAfee, Oracle, Security and Privacy, Security, Apache, SIEM, Mitre, Kaspersky, ERP, Raytheon, Proofpoint, Lockheed, IDS, E&Y, Leidos, Booz Allen, Accenture, Blue Coat, AV, CSC, Anti-malware

It’s been a busy week for the information cybersecurity industry. FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio. IBM chimed in with a new Threat Prevention System that includes an endpoint security client, threat intelligence feeds, and integration with its network security, and analytics platforms. Finally, Symantec unveiled its Advanced Threat Protection strategy that combines existing products, future deliverables, and services.

It’s no coincidence that these three infosec security leaders are moving in this direction as the whole industry is on the same path. I’ve written about this trend a few times. I wrote a security-vendors-are-racing-toward-a-new-anti-malware-technology-model/index.html" target="_blank">blog about the integrated anti-malware technology model in March, and this the-new-cybersecurity-technology-reality-the-whole-is-greater-than-the-sum-of-its-parts/index.html">one in April about the new cybersecurity technology reality. Other vendors such as Blue Coat, Cisco, McAfee, Palo Alto Networks, and Trend Micro are also on board.

Read More

Antivirus Software Is Not Quite Dead Yet

Posted: May 06, 2014   /   By: Jon Oltsik   /   Tags: End-User Computing, Palo Alto Networks, Cisco, Information and Risk Management, Sourcefire, FireEye, McAfee, Security and Privacy, Security, endpoint security, Malwarebytes, Kaspersky, Triumfant, Guidance Software, Crowdstrike, trend micro, Symantec, RSA Security, Cylance, Bit9, Carbon Black, Anti-malware

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.” Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.”

I beg your pardon, Brian? Isn’t Symantec the market leader? Just what are you saying? In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc. Panic and wild predictions abound. Dogs and cats living together in the streets . . .

Read More

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Posted: April 22, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Dell, Security and Privacy, Security, Mandiant, Lockheed, DHS, Barracuda, Booz Allen Hamilton, bromium, Leidos, nsa, Cylance, cybercrime, CSC, Damballa, NIST, BT, NSF, mssp

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Read More

CISOs Must “Think Different”

Posted: April 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Apple, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, SIEM, ArcSight, Blue Coat, RSA Security, CISO, Anti-malware, NetWitness, IDS/IPS, Firewall & UTM

Remember the “Think Different” advertising campaign from Apple? It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso.

The “Think Different” ads coincided with Steve Jobs’s return to Apple as well as his somewhat contrarian and analytical mindset. In a PBS interview, Jobs offered this philosophical insight about life:

Read More

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

Posted: April 03, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, FireEye, McAfee, Security and Privacy, Security, risk management, endpoint security, Proofpoint, incident detection, incident response, Blue Coat, RSA Security, Anti-malware, incident prevention, APT

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Read More

RSA Conference Recap: Positive Direction for Security Industry

Posted: March 03, 2014   /   By: Jon Oltsik   /   Tags: Palo Alto Networks, Cisco, VMware, Information and Risk Management, Sourcefire, FireEye, McAfee, Security and Privacy, Security, SIEM, Proofpoint, LogRhythm, rsa conference, trend micro, Symantec, click security, Anti-malware, NIST, Firewall & UTM

Last week’s RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I’m not sure about the attendance numbers but it seemed especially busy – not surprising after the many cybersecurity events of 2013.

I met with around 40 different security vendors throughout the week and heard some encouraging news. Rather than crow about the latest technology fad or threat Du Jour, many security vendors are now focused on:

  1. Integration. In the past, vendors tended to push a bunch of point products on a one-off basis but enterprise CISOs are now resisting this onslaught as they don’t have the time or personnel to manage an army of security widgets. Smart vendors are responding with more integrated product suites and central management. For example, Trend Micro is aggregating all of its endpoint elements into one product offering while FireEye is extending its protection across the enterprise. Similarly, Cisco is adding Sourcefire technology into traditional Cisco security and networking, while Symantec has consolidated a number of products into a data center security suite. Finally, Palo Alto Networks has externalized integration with a number of proof-of-concept projects with VMware NSX for virtual network security in large data centers. These efforts aren’t simple bundling and marketing spin, there is actual R&D going on to make products work better together.
  2. Ease-of-use. Security professionals don’t have the time for complex product deployment, customization, or lengthy training classes on product administration. Fortunately, some vendors are addressing this by making their products much easier to use. Newcomer TraceVector is designed to identify and apply risk scores to malware with a simple but thorough graphical interface. Click Security uses visual analytics to help security professionals see the relationships associated with malicious traffic patterns between various internal and external hosts. LogRhythm’s new 6.2 release is designed to advance and improve how security intelligence gets delivered to security analysts. Given the IT security skills shortage, this trend is very encouraging.
  3. Middleware. Once you start integrating security piece parts, you need middleware to act as the software glue between them. McAfee announced this type of architecture as part of its Security Connected and Threat Intelligence Exchange (TIE) announcements. In the short term, McAfee will use its middleware to integrate its own products and threat intelligence but it plans to extend these capabilities to 3rd parties over time to support heterogeneous environments.
  4. Automation. Given the scale of network traffic and malware, CISOs want intelligent technologies to take some of the risk management and remediation burden. I hosted a panel discussion on security automation that featured speakers from Boeing, NIST, and JW Secure (sponsored by the TCG) around this topic. All agreed that we need to instrument security tools and provide standard enumeration and protocols so we can share information more effectively. Many vendors are using the DHS/Mitre TAXII and STIX standards along this line to automate and integrate threat intelligence sharing. Aside from standards discussions, new security products from companies like Proofpoint, Tufin, and vArmour, are designed specifically to automate today’s complex security tasks. Once again, the security skills shortage makes automation a necessity.
Read More

Posts by Topic

see all