Are Enterprise Organizations Ready to Use Free AV Software?

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

Topics: Microsoft Endpoint & Application Virtualization Cisco Information and Risk Management Sourcefire McAfee Security and Privacy Security Bradford Networks Malwarebytes Kaspersky Lab Juniper Networks freeware ForeScout Avast trend micro bromium Symantec security intelligence Great Bay Software antivirus Cylance Bit9 Anti-malware APT

Large Organizations Need Open Security Intelligence Standards and Technologies

A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last vendor to embrace this type of architecture. In fact, just about everyone now has a toe in the cloud-based security intelligence pool. For example, Blue Coat promotes its WebPulse security intelligence, Cisco champions its Security Intelligence Operations (SIO), and Symantec trumpets DeepSight. Security intelligence sharing initiatives (like CISPA) are also a big part of the Federal government’s cybersecurity initiatives.

What does cloud-based security intelligence entail? In many cases, it takes advantage of the proverbial “network effect” (sometimes referred to as Metcalfe’s law and attributed to Ethernet inventor Bob Metcalfe). According to Wikipedia: Metcalfe's law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system (n2). Each instance of the vendor’s product acts as a sensor for security intelligence (i.e., malware detection, rogue URL detection, rogue application detection, etc.). The vendor then implements a cloud repository to publish, analyze, and distribute this information to all other customer nodes around the network.

Topics: Cisco Information and Risk Management Security and Privacy Security SIEM trend micro Norse Symantec TAXII Blue Coat STIX security intelligence CISO Anti-malware

It Takes a Village: The Splunk User Conference 2013

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Topics: IBM Apple Information and Risk Management Security and Privacy Security big data security analytics SIEM security intelligence log management F5 Security Management Splunk

Cisco/Sourcefire: A Potential Game Changer for Cisco and the Cybersecurity Industry

Last week while I was on vacation, Cisco was hard at work when it announced that it was buying Sourcefire for $2.7 billion. Now that I’m back, I’ve got to blog about this deal.

Before I get into the details, I have to give Cisco a lot of credit on this one. By grabbing Sourcefire, Cisco management was in effect admitting that information security needed to be a much bigger part of its overall strategy and that it couldn’t achieve this goal in a timely manner with its existing portfolio of security products. During CiscoLive (i.e., Cisco’s customer conference held in June), John Chambers confessed, “we are not our customer’s primary security vendor and that’s got to change.” This acquisition proves that Chambers is willing to put Cisco’s money where his mouth is. For a network hardware company, this decision took a lot of guts.

Topics: Information and Risk Management Security and Privacy security intelligence Anti-malware

The Intersection of Security Intelligence and Big Data Analytics

It's official, the security industry has jumped on the "big data" bandwagon with both feet. How do I know? Well, I'm participating in a panel discussion on this topic at RSA and I believe there are 2 other sessions on the topic. I guess anyone headed to San Francisco later this month should be prepared to get a big dose of big data.

Topics: IBM Data Management & Analytics Hadoop Information and Risk Management HP McAfee Security and Privacy SIEM LogRhythm ArcSight security intelligence NetFlow log management Splunk Big Data Analytics Q1 Labs RedLambda

Cybersecurity Lessons from the Battlefields of Europe

At the beginning of WWI, battlefield tactics had not advanced much since the U.S. Civil War. The general goal was to continually advance on the enemy with waves of infantry attacks and eventually break through the lines by overwhelming enemy defenses.

Topics: Cybersecurity Information and Risk Management Security and Privacy security intelligence security analytics APT advanced persistent threat