ESG Blogs

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”

It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).

A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last vendor to embrace this type of architecture. In fact, just about everyone now has a toe in the cloud-based security intelligence pool. For example, Blue Coat promotes its WebPulse security intelligence, Cisco champions its Security Intelligence Operations (SIO), and Symantec trumpets DeepSight. Security intelligence sharing initiatives (like CISPA) are also a big part of the Federal government’s cybersecurity initiatives.

What does cloud-based security intelligence entail? In many cases, it takes advantage of the proverbial “network effect” (sometimes referred to as Metcalfe’s law and attributed to Ethernet inventor Bob Metcalfe). According to Wikipedia: Metcalfe's law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system (n²). Each instance of the vendor’s product acts as a sensor for security intelligence (i.e., malware detection, rogue URL detection, rogue application detection, etc.). The vendor then implements a cloud repository to publish, analyze, and distribute this information to all other customer nodes around the network.

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Last week while I was on vacation, Cisco was hard at work when it announced that it was buying Sourcefire for $2.7 billion. Now that I’m back, I’ve got to blog about this deal.

Before I get into the details, I have to give Cisco a lot of credit on this one. By grabbing Sourcefire, Cisco management was in effect admitting that information security needed to be a much bigger part of its overall strategy and that it couldn’t achieve this goal in a timely manner with its existing portfolio of security products. During CiscoLive (i.e., Cisco’s customer conference held in June), John Chambers confessed, “we are not our customer’s primary security vendor and that’s got to change.” This acquisition proves that Chambers is willing to put Cisco’s money where his mouth is. For a network hardware company, this decision took a lot of guts.

It's official, the security industry has jumped on the "big data" bandwagon with both feet. How do I know? Well, I'm participating in a panel discussion on this topic at RSA and I believe there are 2 other sessions on the topic. I guess anyone headed to San Francisco later this month should be prepared to get a big dose of big data.

At the beginning of WWI, battlefield tactics had not advanced much since the U.S. Civil War. The general goal was to continually advance on the enemy with waves of infantry attacks and eventually break through the lines by overwhelming enemy defenses.