Most Recent Blogs

BYOA: Bring Your Own Authentication

Posted: July 28, 2014   /   By: Jon Oltsik   /   Tags: Cloud Computing, Microsoft, End-User Computing, Private Cloud Infrastructure, Information and Risk Management, mobile, Security and Privacy, google, Lenovo, multi-factor authentication, ARM, RSA Security, Public Cloud Service

Most people who use IT or Internet applications would agree that the current username/password mode of authentication is cumbersome, ineffective, and obsolete. According to ESG research, 55% of information security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that username/password authentication should be completely eliminated or relegated to non-business critical applications only.

Read More

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Posted: May 27, 2014   /   By: Jon Oltsik   /   Tags: IBM, Big Data, Cisco, Information and Risk Management, FireEye, Dell, endpoint, Security and Privacy, Security, SIEM, Narus, Mandiant, Cybereason, LogRhythm, 21CT, Leidos, ISC8, Blue Coat, RSA Security, Lancope, netSkope, SDN, click security, Bit9, cybercrime, Carbon Black

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Read More

Antivirus Software Is Not Quite Dead Yet

Posted: May 06, 2014   /   By: Jon Oltsik   /   Tags: End-User Computing, Palo Alto Networks, Cisco, Information and Risk Management, Sourcefire, FireEye, McAfee, Security and Privacy, Security, endpoint security, Malwarebytes, Kaspersky, Triumfant, Guidance Software, Crowdstrike, trend micro, Symantec, RSA Security, Cylance, Bit9, Carbon Black, Anti-malware

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.” Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.”

I beg your pardon, Brian? Isn’t Symantec the market leader? Just what are you saying? In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc. Panic and wild predictions abound. Dogs and cats living together in the streets . . .

Read More

CISOs Must “Think Different”

Posted: April 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Apple, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, SIEM, ArcSight, Blue Coat, RSA Security, CISO, Anti-malware, NetWitness, IDS/IPS, Firewall & UTM

Remember the “Think Different” advertising campaign from Apple? It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso.

The “Think Different” ads coincided with Steve Jobs’s return to Apple as well as his somewhat contrarian and analytical mindset. In a PBS interview, Jobs offered this philosophical insight about life:

Read More

The New Cybersecurity Technology Reality - the Whole Is Greater than the Sum of its Parts

Posted: April 03, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Fortinet, Cisco, Information and Risk Management, FireEye, McAfee, Security and Privacy, Security, risk management, endpoint security, Proofpoint, incident detection, incident response, Blue Coat, RSA Security, Anti-malware, incident prevention, APT

I wrote a blog last week about new integrated anti-malware technology in response to Palo Alto Network’s acquisition of Cyvera. In fact, this integrated technology model isn’t limited to anti-malware but is becoming the new reality across the cybersecurity lifecycle of risk management, incident prevention, incident detection, and incident response.

I’m convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked how their organization’s security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would “design and build a more integrated enterprise security architecture,” the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.

Read More

Can the FIDO Alliance Act as a Game-Changer and Help Obsolete User Name/Password Authentication?

Posted: February 14, 2014   /   By: Jon Oltsik   /   Tags: IBM, Apple, Microsoft, End-User Computing, Information and Risk Management, mobile, Security and Privacy, Security, google, Lenovo, endpoint security, mobile device, multi-factor authentication, RSA Security, Facebook

It seems like yesterday when I was logging onto the VAX system at my alma mater UMass so I could work on a market research project with a statistics program. When my time slot came up, I would sit in front of a VT100 terminal, input my username and password, and voila – a timesharing session at the cutting-edge of high tech.

Well this memory may seem recent but in truth it was back in the mid-1980s. I probably had a mullet and was hankering to listen to Flock of Seagulls at the time. The VAX, mullet, and new wave music are now ancient history but we’re still using user names and passwords for authentication most of the time.

Read More

Addressing advanced malware in 2014

Posted: December 16, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Information and Risk Management, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, Kaspersky, LogRhythm, trend micro, bromium, Symantec, Invincea, antivirus, RSA Security, Sophos, Bit9, Anti-malware, Hexis, Splunk

In the cybersecurity annals of the future, 2013 may be remembered as the year of advanced malware. Yes, I know that malware is nothing new and the term “advanced” is more hype than reality as a lot of attacks have involved little more than social engineering and off-the-shelf exploits. That said, I think it’s safe to say that this is the year that the world really woke up to malware dangers (advanced or not) and is finally willing to address this risk.

So how will enterprise organizations (i.e., more than 1,000 employees) change their security strategies over the next year to mitigate the risks associated with advanced malware threats? According to ESG research:

  • 51% of enterprise organizations say they will add a new layer of endpoint software to protect against zero day and other types of advanced malware. Good opportunity for Kaspersky, McAfee, Sophos, Symantec, and Trend Micro to talk to customers about innovation and new products but the old guard has to move quickly to prevent an incursion by new players like Bit9, Bromium, Invincea, and Malwarebytes. The network crowd (i.e., Cisco, Check Point, FireEye, Fortinet, and Palo Alto Networks, etc.) may also throw a curveball at endpoint security vendors as well. For example, Cisco (Sourcefire) is already selling an endpoint/network anti-malware solution with a combination of FireAMP and FirePOWER.
  • 49% of enterprise organizations say they will collect and analyze more security data, thus my prediction for an active year in the big data security analytics market – good news for LogRhythm and Splunk. Still, there is a lot of work to be done on the supply and demand side for this to really come to fruition.
  • 44% of enterprise organizations say they will automate more security operations tasks. Good idea since current manual security processes and informal relationship between security and IT operations is killing the effectiveness and pace of security remediation. Again, this won’t be easy as there is a cultural barrier to overcome but proactive organizations are already moving in this direction. If you are interested in this area, I suggest you have a look at Hexis Cyber Solutions’ product Hawkeye G. Forward thinking remediation stuff here.
  • 41% of enterprise organizations say they will design and build a more integrated information security architecture. In other words, they will start replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement. Good idea, CISOs should create a 3-5 year plan for this transition. A number of vendors including HP, IBM, McAfee, RSA Security, and Trend Micro are designing products in this direction with the enterprise in mind.
Read More

Information Security versus “Shadow IT” (and mobility, cloud computing, BYOD, etc.)

Posted: November 04, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Sailpoint, 21CT, RSA Security, Bit9, Octa, Splunk

We’ve all read the marketing hype about “shadow IT” where business managers make their own IT decisions without the CIO’s knowledge or approval. According to ESG research, this risk is actually overstated at most organizations, but there is no denying that IT is getting harder to manage as a result of BYOD, cloud computing, IT consumerization, and mobility.

As these trends perpetuate, CISOs find themselves in the proverbial hot seat – it’s difficult to secure applications, assets, network sessions, and transactions that you don’t own or control.

Read More

The Keys to Big Data Security Analytics Solutions: Algorithms, Visualization, Context, and Automation (AVCA)

Posted: October 15, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Cisco, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Narus, LogRhythm, 21CT, RSA Security, SilverTail, LexisNexis, Solera Networks, Lancope, click security, Hexis Cyber Solutions, Splunk

ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).

So enterprises will likely move to some type of big data security analytics product or solution over the next few years. That said, many CISOs I speak with remain confused about this burgeoning category and need help cutting through the hype.

Read More

IBM Extends Its Cybersecurity Footprint With Trusteer Acquisition

Posted: August 26, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Information and Risk Management, Security and Privacy, Security, big data security analytics, enterprise security, ArcSight, RSA Security, Anti-malware, Trusteer

Yes, the IBM/Trusteer deal happened on 8/15 but summer activities interrupted my blogging schedule so I’m just catching up.

Rumor has it that IBM paid somewhere between $800m and $1 billion for the Israeli cybersecurity firm. That’s a lot of dollars, shekels, or any other currency but Trusteer can help IBM extend its information security shadow with:

  1. A greater presence in the financial services market. IBM is a major player in financial services with IT equipment, software, and services but is still playing catch up with CISOs in this space. With the acquisition of Trusteer, IBM grabs an established leader in web fraud detection (along with Silver Tail/RSA)and a killer installed base in the world’s largest banks. IBM will certainly use this new stature to position QRadar against ArcSight and establish a leadership position in big data security analytics. This is important since financial services firms tend to be aggressive spenders when it comes to information security.
  2. An advanced endpoint security solution. In spite of its aggressive push into security over the past few years, IBM’s participation in endpoint security has been limited to management (i.e. BigFix) and partnerships. The Trusteer acquisition gives IBM a new type of anti-malware solution that can act as an additional layer of endpoint security and can be deployed on PCs, Macs, and mobile devices. Trusteer endpoint security technology is sound but it was not big enough to push into the enterprise market to compete with Bromium, Invincea, Malwarebytes, or Sourcefire. IBM certainly has the resources to make this happen soon. Look for IBM to integrate Trusteer anti-malware capabilities with its network-based solutions (i.e., ISS) to form a comprehensive network/endpoint anti-malware architecture.
  3. Greater intelligence and cloud services. Trusteer solutions are anchored by research, intelligence, and cloud-based protection. IBM can spread these capabilities across existing resources like its xForce security research, QRadar SIEM, and various managed security services options.
  4. Mobile security solutions. Rather than develop its own MDM, IBM is pitching mobile security as part of a bigger play that includes secure application development processes, application security testing, endpoint device management, identity and access management, and network security. IBM will likely fold the Trusteer mobile risk engine, SDK, and secure browser, and out-of-band mobile authentication into its mobile enterprise security mix.
  5. A recruiting hub. IBM plans to establish a presence in Israel for cybersecurity research and development. Given the global shortage of security talent this is a very shrewd move giving IBM access to elite talent coming out of the IDF and Unit 8200.
Read More

Posts by Topic

see all