Most Recent Blogs

Security Operations Spending and ROI

Posted: September 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

Return-on-investment.jpgESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Read More

SOAPA Chat with Vectra Networks (Video, Part 2)

Posted: September 08, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra2.jpgOld friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Read More

Cybersecurity Pros' Opinions on Their Organization’s Security Operations

Posted: September 05, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOAPA, SOC

voicing_opinions.jpgESG recently published a new research report titled, Cybersecurity Analytics and Operations in TransitionThe report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
Read More

Security Operations Challenges Galore

Posted: August 28, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOC

GettyImages-695971570.jpgAfter a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals (Cybersecurity Analytics and Operations in Transitionidentified some of the biggest security analytics and operations challenges. For example:

  • 30% of respondents say that their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
Read More

Cybersecurity Analytics and Operations Skills Shortage

Posted: August 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, CISO, security analytics, mssp, security operations, ISSA, SOC

skill-shortage-cyber.jpgIf you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Read More

Addressing Security Analytics and Operations Issues

Posted: August 07, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations

collaborationSecurity budgets are up in 2017 and in many cases, dollars are earmarked for enhancing security operations. According to recent ESG research, 81% of cybersecurity professionals agree that improving security analytics and operations is a high priority at their organizations.

Read More

ESG Security Operations and Analytics Webinar

Posted: June 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, network security operations, SOAPA, SOC, webinar, Doug Cahill

My colleague Doug Cahill and I spend a lot of time thinking about security operations and analytics these days. Why? Enterprise organizations are under constant attack from increasingly sophisticated cyber-adversaries so they need better situational awareness about their security posture at all times.

Unfortunately, many organizations aren’t doing a very good job in this area. Many anchor security operations to an amalgam of point tools that don’t interoperate. Security operations often depend upon manual processes and the wisdom of a few key employees. And let’s not forget that when it comes to cybersecurity, many organizations remain understaffed and lacking the right skills. ESG research from earlier this year indicates that 45% of organizations say they have a “problematic shortage” of cybersecurity skills today.

Just how bad are these problems and what can be done to address them? Doug and I will discuss these and other security operations topics in an upcoming webinar in July.

Read More

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

Posted: March 03, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, endpoint security, rsa conference, security analytics, SOAPA, security operations and analytic platform

Jon and Doug.jpgRSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Read More

In and Around the 2017 RSA Conference

Posted: February 15, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, security analytics, security operations, SOAPA

ASan_Francisco_Cable_Car.jpgs you may have guessed from my blogs, I was really excited about this year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. 

Yup, I was all set to head to San Francisco at the end of last week when fate and personal issues jumped in. Alas, I had to cancel my plans.    

Despite my geographic separation, I continue to monitor RSA from afar. Here are a few stories that jumped out at me as of now:

Read More

Security Analytics and Operations at RSA

Posted: February 06, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

analytics.jpgSo far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security while the second focused on network security

I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e., security operations and analytics platform architecture). Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts.

Read More

Posts by Topic

see all