The Emerging Cybersecurity Software Architecture

It’s been a busy week for the information cybersecurity industry. FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio. IBM chimed in with a new Threat Prevention System that includes an endpoint security client, threat intelligence feeds, and integration with its network security, and analytics platforms. Finally, Symantec unveiled its Advanced Threat Protection strategy that combines existing products, future deliverables, and services.

It’s no coincidence that these three infosec security leaders are moving in this direction as the whole industry is on the same path. I’ve written about this trend a few times. I wrote a security-vendors-are-racing-toward-a-new-anti-malware-technology-model/index.html" target="_blank">blog about the integrated anti-malware technology model in March, and this the-new-cybersecurity-technology-reality-the-whole-is-greater-than-the-sum-of-its-parts/index.html">one in April about the new cybersecurity technology reality. Other vendors such as Blue Coat, Cisco, McAfee, Palo Alto Networks, and Trend Micro are also on board.

Topics: IBM Microsoft Check Point Palo Alto Networks Cisco Information and Risk Management FireEye HP McAfee Oracle Security and Privacy Security Apache SIEM Mitre Kaspersky ERP Raytheon Proofpoint Lockheed IDS E&Y Leidos Booz Allen Accenture Blue Coat AV CSC Anti-malware

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Topics: IBM Palo Alto Networks Fortinet Cisco Information and Risk Management FireEye McAfee Security and Privacy Security risk management endpoint security Proofpoint incident detection incident response Blue Coat RSA Security Anti-malware incident prevention APT

RSA Conference Recap: Positive Direction for Security Industry

Last week’s RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I’m not sure about the attendance numbers but it seemed especially busy – not surprising after the many cybersecurity events of 2013.

I met with around 40 different security vendors throughout the week and heard some encouraging news. Rather than crow about the latest technology fad or threat Du Jour, many security vendors are now focused on:

  1. Integration. In the past, vendors tended to push a bunch of point products on a one-off basis but enterprise CISOs are now resisting this onslaught as they don’t have the time or personnel to manage an army of security widgets. Smart vendors are responding with more integrated product suites and central management. For example, Trend Micro is aggregating all of its endpoint elements into one product offering while FireEye is extending its protection across the enterprise. Similarly, Cisco is adding Sourcefire technology into traditional Cisco security and networking, while Symantec has consolidated a number of products into a data center security suite. Finally, Palo Alto Networks has externalized integration with a number of proof-of-concept projects with VMware NSX for virtual network security in large data centers. These efforts aren’t simple bundling and marketing spin, there is actual R&D going on to make products work better together.
  2. Ease-of-use. Security professionals don’t have the time for complex product deployment, customization, or lengthy training classes on product administration. Fortunately, some vendors are addressing this by making their products much easier to use. Newcomer TraceVector is designed to identify and apply risk scores to malware with a simple but thorough graphical interface. Click Security uses visual analytics to help security professionals see the relationships associated with malicious traffic patterns between various internal and external hosts. LogRhythm’s new 6.2 release is designed to advance and improve how security intelligence gets delivered to security analysts. Given the IT security skills shortage, this trend is very encouraging.
  3. Middleware. Once you start integrating security piece parts, you need middleware to act as the software glue between them. McAfee announced this type of architecture as part of its Security Connected and Threat Intelligence Exchange (TIE) announcements. In the short term, McAfee will use its middleware to integrate its own products and threat intelligence but it plans to extend these capabilities to 3rd parties over time to support heterogeneous environments.
  4. Automation. Given the scale of network traffic and malware, CISOs want intelligent technologies to take some of the risk management and remediation burden. I hosted a panel discussion on security automation that featured speakers from Boeing, NIST, and JW Secure (sponsored by the TCG) around this topic. All agreed that we need to instrument security tools and provide standard enumeration and protocols so we can share information more effectively. Many vendors are using the DHS/Mitre TAXII and STIX standards along this line to automate and integrate threat intelligence sharing. Aside from standards discussions, new security products from companies like Proofpoint, Tufin, and vArmour, are designed specifically to automate today’s complex security tasks. Once again, the security skills shortage makes automation a necessity.
Topics: Palo Alto Networks Cisco VMware Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security SIEM Proofpoint LogRhythm rsa conference trend micro Symantec click security Anti-malware NIST Firewall & UTM