Most Recent Blogs

Are Enterprise Organizations Ready to Use Free AV Software?

Posted: March 20, 2014   /   By: Jon Oltsik   /   Tags: Microsoft, Endpoint & Application Virtualization, Cisco, Information and Risk Management, Sourcefire, McAfee, Security and Privacy, Security, Bradford Networks, Malwarebytes, Kaspersky Lab, Juniper Networks, freeware, ForeScout, Avast, trend micro, bromium, Symantec, security intelligence, Great Bay Software, antivirus, Cylance, Bit9, Anti-malware, APT

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

Read More

Large Organizations Need Open Security Intelligence Standards and Technologies

Posted: November 21, 2013   /   By: Jon Oltsik   /   Tags: Cisco, Information and Risk Management, Security and Privacy, Security, SIEM, trend micro, Norse, Symantec, TAXII, Blue Coat, STIX, security intelligence, CISO, Anti-malware

A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last vendor to embrace this type of architecture. In fact, just about everyone now has a toe in the cloud-based security intelligence pool. For example, Blue Coat promotes its WebPulse security intelligence, Cisco champions its Security Intelligence Operations (SIO), and Symantec trumpets DeepSight. Security intelligence sharing initiatives (like CISPA) are also a big part of the Federal government’s cybersecurity initiatives.

What does cloud-based security intelligence entail? In many cases, it takes advantage of the proverbial “network effect” (sometimes referred to as Metcalfe’s law and attributed to Ethernet inventor Bob Metcalfe). According to Wikipedia: Metcalfe's law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system (n2). Each instance of the vendor’s product acts as a sensor for security intelligence (i.e., malware detection, rogue URL detection, rogue application detection, etc.). The vendor then implements a cloud repository to publish, analyze, and distribute this information to all other customer nodes around the network.

Read More

It Takes a Village: The Splunk User Conference 2013

Posted: October 04, 2013   /   By: Jon Oltsik   /   Tags: IBM, Apple, Information and Risk Management, Security and Privacy, Security, big data security analytics, SIEM, security intelligence, log management, F5, Security Management, Splunk

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Read More

Cisco/Sourcefire: A Potential Game Changer for Cisco and the Cybersecurity Industry

Posted: July 29, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, security intelligence, Anti-malware

Last week while I was on vacation, Cisco was hard at work when it announced that it was buying Sourcefire for $2.7 billion. Now that I’m back, I’ve got to blog about this deal.

Before I get into the details, I have to give Cisco a lot of credit on this one. By grabbing Sourcefire, Cisco management was in effect admitting that information security needed to be a much bigger part of its overall strategy and that it couldn’t achieve this goal in a timely manner with its existing portfolio of security products. During CiscoLive (i.e., Cisco’s customer conference held in June), John Chambers confessed, “we are not our customer’s primary security vendor and that’s got to change.” This acquisition proves that Chambers is willing to put Cisco’s money where his mouth is. For a network hardware company, this decision took a lot of guts.

Read More

The Intersection of Security Intelligence and Big Data Analytics

Posted: February 13, 2012   /   By: Jon Oltsik   /   Tags: IBM, Data Management & Analytics, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, SIEM, LogRhythm, ArcSight, security intelligence, NetFlow, log management, Splunk, Big Data Analytics, Q1 Labs, RedLambda

It's official, the security industry has jumped on the "big data" bandwagon with both feet. How do I know? Well, I'm participating in a panel discussion on this topic at RSA and I believe there are 2 other sessions on the topic. I guess anyone headed to San Francisco later this month should be prepared to get a big dose of big data.

Read More

Cybersecurity Lessons from the Battlefields of Europe

Posted: January 31, 2012   /   By: Jon Oltsik   /   Tags: Cybersecurity, Information and Risk Management, Security and Privacy, security intelligence, security analytics, APT, advanced persistent threat

At the beginning of WWI, battlefield tactics had not advanced much since the U.S. Civil War. The general goal was to continually advance on the enemy with waves of infantry attacks and eventually break through the lines by overwhelming enemy defenses.

Read More

Posts by Topic

see all