Time to Embrace a Security Management Plane in the Cloud

There’s an old saying that change is the enemy of security. To avoid disruptive changes, many cybersecurity professionals strive for tight control of their environment and this control extends to the management of security technologies. Experienced cybersecurity professionals often opt to install management servers and software on their networks so that management and staff “owns” their technologies and can control everything they can.

Now this type of control has long been thought of as a security best practice so many CISOs continue to eschew an alternative model: a cloud-based security management control plane. 

Topics: Cybersecurity SaaS SIEM CISO Security Management software-as-a-service (SaaS) SOAPA

Security Data Growth Drives Security Operations and Analytics Platform Architecture (SOAPA)

Happy new year, cybersecurity community!  Hope you are well rested, it’s bound to be an eventful year ahead.

Way back at the end of November 2016, I posted a blog about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their SOCs. This will continue but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (i.e., security operations and analytics platform architecture). 

Topics: Cybersecurity SIEM Security Management SOAPA

Toward Omniscient Cybersecurity Systems

Cybersecurity systems suffer from compartmentalization. Vulnerability management systems know which software revisions are installed on which systems, but have no idea how endpoints and servers are connected together. Similarly, an anti-malware gateway can perform static and dynamic analysis on a suspicious file but doesn’t know if a user downloaded analogous malware when she was connected to the Internet on a public network. 

Topics: Network Security Cybersecurity endpoint security big data security analytics Security Management security operations

The Security Industry Remains Strong with Computer Science but Weak on IT

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.

It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO.

Topics: IBM Cybersecurity Cisco Information and Risk Management FireEye HP Dell Oracle Security and Privacy Security Enterprise SIEM E&Y Leidos Accenture CISO saic IPO Security Management CSC Unisys

It Takes a Village: The Splunk User Conference 2013

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Topics: IBM Apple Information and Risk Management Security and Privacy Security big data security analytics SIEM security intelligence log management F5 Security Management Splunk

Biggest Information Security Management Challenges for Enterprise Organizations

In the recently-published ESG Research Report, Security Management and Operations: Changes on the Horizon, ESG surveyed 315 security professionals working at North America-based enterprise organizations (i.e., more than 1,000 employees).

Topics: IBM Microsoft Information and Risk Management HP McAfee Enterprise Software Oracle Security and Privacy risk management sap SIEM SANS ISC2 RSA Security Security Management security operations CISSP Tibco

What's Driving Enterprise Security Strategy?

ESG recently published a new research report titled, Security Management and Operations: Changes on the Horizon. As part of the survey, ESG asked 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to identify the most important factors driving their organization’s information security strategy in 2012.

The top two responses were quite predictable: 55% said “protecting sensitive data and intellectual property (IP)” while 50% pointed to regulatory compliance. What is interesting is the responses beyond these two traditional security drivers:

  • 41% said “addressing new types of threats”
  • 39% said “improving/automating security operations”
  • 38% said “addressing security issues created by the use of mobile devices”
  • 35% said “improving our ability to analyze security data and detect attacks in progress”
  • 33% said “aligning security policies and controls with business processes”
Topics: IBM Big Data End-User Computing Information and Risk Management FireEye McAfee Security and Privacy BYOD malware SIEM RSA Invincea Security Management Damballa APT security operations managed security services Countertack

The Information Security 80/20 Rule

Over the past few months, I've been engaged in a research project on enterprise security management and operations. As part of some quantitative research, ESG created a segmentation model that divided survey respondent organizations into three sub-segments. The segmentation model broke down as follows:

Topics: Information and Risk Management Security and Privacy risk management SIEM incident detection incident response log management Security Management security analytics APT security operations