Enterprise Objectives for Threat Intelligence Programs

It wouldn’t be a stretch to call 2015 the year of threat intelligence. In February, President Obama signed an executive order at a cybersecurity event held at Stanford University that encourages and promotes threat intelligence sharing between the private sector and federal government. Meanwhile, the US Congress has introduced several threat sharing bills of their own. And at the annual RSA Security Conference in April, threat intelligence was clearly one of the primary topics of discussion among cybersecurity professionals, technology vendors, and government representatives.

Topics: risk management threat intelligence sharing

Note to Executives, Legislators, and Consumers: Time For a Serious Dialogue About Cybersecurity

Like everyone else in the cybersecurity domain, I’ve been pretty busy the past week or so. First there was the UPS store breach, which was small change compared to the nefarious cybersecurity situation at JP Morgan Chase. The condition became a bit more whimsical when photos of naked celebrities floated around the web but quickly became serious again with the breach at Home Depot, which may trump the Target breach when all is said and done.

Here is a terse synopsis of what’s going on: We’ve gotten really good at rapidly developing and implementing new applications on new technologies. We can even do so at scale (with the exception of healthcare.gov, but that’s another story). Yup, we want immediate gratification from our technology toys but we really don’t have the right people, skills, processes, or oversight to actually protect them.

Topics: Cybersecurity Information and Risk Management Security and Privacy risk management

Big Data Security Analytics Can Become the Nexus of Information Security Integration

In a recent ESG research survey, security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked the following question: How do you believe that your organization will change its security technology strategy decisions in any of the following ways over the next 24 months in order to improve its security management? In response:

Topics: Data Management & Analytics Information and Risk Management Security and Privacy risk management incident detection and response big data security analytics enterprise security

Enterprises Need Outside-In Continuous Monitoring for Risk Management

Ask any CISO what their job entails and they are likely to respond with a common mantra: Assess IT risk, communicate IT risk to business executives, and then create and execute a mutually agreed upon plan to address risk.

Topics: IBM Cloud Computing Cybersecurity Information and Risk Management Security and Privacy Security risk management DHS Booz Allen Hamilton Lockheed Martin RiskIQ BitSight Target CSC CDM cyber supply chain security Public Cloud Service

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Topics: IBM Palo Alto Networks Fortinet Cisco Information and Risk Management FireEye McAfee Security and Privacy Security risk management endpoint security Proofpoint incident detection incident response Blue Coat RSA Security Anti-malware incident prevention APT

Enterprise CISO Challenges In 2014

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014. Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it.

At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year:

  1. Improve risk management. This translates into threat/vulnerability measurement, threat prevention, and ongoing communication with the business mucky mucks. The problem here is that their networks are constantly changing, scans are done on a scheduled rather than real-time basis, and the threat landscape is dangerous, sophisticated, and mysterious.
Topics: IBM Palo Alto Networks Cisco Information and Risk Management FireEye HP Security and Privacy Security risk management Centrify Malwarebytes LogRhythm bromium 21CT Leidos RSA Invincea Accenture ISC8 Blue Coat CloudPassage click security Bit9 CSC Hexis HyTrust

Why Blue Coat Acquired Solera Networks

A few weeks ago, Blue Coat Systems acquired Solera Networks. No one was surprised about the acquisition of Solera as it plays in the white hot big data security analytics market. That said, many people remain perplexed by the acquiring company. Several dozen reporters, vendors, and end-users have already posed a common question to me: Why Blue Coat?

Topics: Information and Risk Management Security and Privacy risk management incident detection

Biggest Information Security Management Challenges for Enterprise Organizations

In the recently-published ESG Research Report, Security Management and Operations: Changes on the Horizon, ESG surveyed 315 security professionals working at North America-based enterprise organizations (i.e., more than 1,000 employees).

Topics: IBM Microsoft Information and Risk Management HP McAfee Enterprise Software Oracle Security and Privacy risk management sap SIEM SANS ISC2 RSA Security Security Management security operations CISSP Tibco

Big Data Security Is Inevitable

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Topics: IBM Big Data Data Management & Analytics Hadoop Information and Risk Management HP Dell McAfee Enterprise Software Security and Privacy risk management NoSQL SIEM Data Analytics Symantec RSA log management Cassandra security analytics BT Verizon Unisys vulnerability management threat management Tibco

The Information Security 80/20 Rule

Over the past few months, I've been engaged in a research project on enterprise security management and operations. As part of some quantitative research, ESG created a segmentation model that divided survey respondent organizations into three sub-segments. The segmentation model broke down as follows:

Topics: Information and Risk Management Security and Privacy risk management SIEM incident detection incident response log management Security Management security analytics APT security operations