Most Recent Blogs

Consumer Security and Consumer Privacy Are Two Separate Conversations

Posted: February 04, 2016   /   By: Kyle Prigmore   /   Tags: Security and Privacy, Security, endpoint security, antivirus, privacy, antivirus software, consumer security

The-Endpoint-Security-Paradox.jpegAs the title of this blog post implies, there seems to be a blurred line in the general rhetoric between “privacy” and “security”. These topics are not the same, and yet I see them lumped together all too often (ahem, CNN & Co). It's tough, however, to weave a coherent single narrative on the subjects, so let me present a few disparate points to help distinguish the two:

Read More

What Consumers Really Need to Worry About in 2016

Posted: January 11, 2016   /   By: Kyle Prigmore   /   Tags: IoT, Security, endpoint security, consumer security

security in 2016New Year’s Eve has come and gone, and thusly, the annual prediction blog cycle draws to a close. Permit me to sneak one in just before the doors are locked, if you would. I've put together a list of three consumer security bogeymen (more hype than substance) and three consumer security issues that everyone needs to actually worry about. There is a very obvious theme here in terms of the division — see if you can spot it!

Read More

Some Thoughts for Millennials that Diss Antivirus

Posted: October 27, 2015   /   By: Kyle Prigmore   /   Tags: Cybersecurity, Security, endpoint security, antivirus, Anti-malware, cyber crime

blameMy generation can get awfully snarky about antivirus: go on reddit, search for the topic, and you’ll find some arrogant responses along the lines of “antivirus is just adware and all I need is Malwarebytes”.

Well hey, good for you, and Malwarebytes is great (I use it too). But we millennials have a harder time remembering what the internet was like before AV came along, a time when any email or misclicked website could brick your computer. Now with the rise of ransomware and targeted attacks putting entire devices at risk once more, we have somehow resorted to blaming antivirus for not being effective enough at blocking these attacks. It’s unfair and short-sighted, and the popularity of the “AV is unnecessary” trend remains perpetually premature.

Read More

People (Still) Don’t Care About Cyber Attacks

Posted: May 01, 2015   /   By: Kyle Prigmore   /   Tags: Cybersecurity, Security, privacy, cyber attack

business-peopleLet’s get something out of the way: I know that all the data says people care more about their privacy than ever before, and especially the under-40 age group sees it as a “key issue.” And I don’t for a second doubt the data—if you ask me in a survey, “Is privacy important to you?,” I’ll say yes. If you ask “Would you do business with a company that does not protect your privacy?,” I would say no—because those are the right answers, and intellectually we understand that. But there is a gigantic disconnect between what people say in a survey, and how they actually behave. I’m the first to admit guilt here.

Read More

Leading Enterprise Organizations Have Established a Dedicated Network Security Group

Posted: October 06, 2014   /   By: Jon Oltsik   /   Tags: IBM, Network Security, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Networking, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security

When an enterprise organization wanted to buy network security equipment a few years ago, there was a pretty clear division of labor. The security team defined the requirements and the networking team purchased and operated equipment. In other words, the lines were divided. The security team could describe what was needed but didn’t dare tell the networking team what to buy or get involved with day-to-day care and feeding related to “networking” matters.

This “us-and-them” mentality appears to be legacy behavior. According to ESG research on network security trends, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security. Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

Read More

Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Posted: May 27, 2014   /   By: Jon Oltsik   /   Tags: IBM, Big Data, Cisco, Information and Risk Management, FireEye, Dell, endpoint, Security and Privacy, Security, SIEM, Narus, Mandiant, Cybereason, LogRhythm, 21CT, Leidos, ISC8, Blue Coat, RSA Security, Lancope, netSkope, SDN, click security, Bit9, cybercrime, Carbon Black

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords.

Read More

Is Cisco Back (as an Enterprise Security Leader)?

Posted: May 22, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Cisco, Hadoop, Networking, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, CiscoLive, trend micro, Symantec, Blue Coat, TrustSec, Crossbeam, Mergers / Acquisitions, Anti-malware

It wasn’t too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and e-mail security and was actively pushing products for endpoint security and SIEM as well as security “blades” for Catalyst switches. Heck, Cisco even articulated a bold vision of “self-defending networks” with security policy, enforcement, and intelligence all baked into the network.

Somewhere around 2008, however, Cisco security went into a prolonged slump. Cisco security products didn’t offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco’s security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.

Read More

Big Data Security Analytics Meets Identity and Access Management (IAM)

Posted: May 19, 2014   /   By: Jon Oltsik   /   Tags: IBM, End-User Computing, Data Management & Analytics, Information and Risk Management, Enterprise Software, Security and Privacy, Security, big data security analytics, Courion, Sailpoint, compliance, IAM, Governance, cybercrime, Anti-malware

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Read More

The Emerging Cybersecurity Software Architecture

Posted: May 08, 2014   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Check Point, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, McAfee, Oracle, Security and Privacy, Security, Apache, SIEM, Mitre, Kaspersky, ERP, Raytheon, Proofpoint, Lockheed, IDS, E&Y, Leidos, Booz Allen, Accenture, Blue Coat, AV, CSC, Anti-malware

It’s been a busy week for the information cybersecurity industry. FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio. IBM chimed in with a new Threat Prevention System that includes an endpoint security client, threat intelligence feeds, and integration with its network security, and analytics platforms. Finally, Symantec unveiled its Advanced Threat Protection strategy that combines existing products, future deliverables, and services.

It’s no coincidence that these three infosec security leaders are moving in this direction as the whole industry is on the same path. I’ve written about this trend a few times. I wrote a security-vendors-are-racing-toward-a-new-anti-malware-technology-model/index.html" target="_blank">blog about the integrated anti-malware technology model in March, and this the-new-cybersecurity-technology-reality-the-whole-is-greater-than-the-sum-of-its-parts/index.html">one in April about the new cybersecurity technology reality. Other vendors such as Blue Coat, Cisco, McAfee, Palo Alto Networks, and Trend Micro are also on board.

Read More

Antivirus Software Is Not Quite Dead Yet

Posted: May 06, 2014   /   By: Jon Oltsik   /   Tags: End-User Computing, Palo Alto Networks, Cisco, Information and Risk Management, Sourcefire, FireEye, McAfee, Security and Privacy, Security, endpoint security, Malwarebytes, Kaspersky, Triumfant, Guidance Software, Crowdstrike, trend micro, Symantec, RSA Security, Cylance, Bit9, Carbon Black, Anti-malware

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.” Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.”

I beg your pardon, Brian? Isn’t Symantec the market leader? Just what are you saying? In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc. Panic and wild predictions abound. Dogs and cats living together in the streets . . .

Read More

Posts by Topic

see all