Most Recent Blogs

Security Data Growth Drives Security Operations and Analytics Platform Architecture (SOAPA)

Posted: January 03, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, Security Management, SOAPA

charts.jpgHappy new year, cybersecurity community!  Hope you are well rested, it’s bound to be an eventful year ahead.

Way back at the end of November 2016, I posted a blog about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their SOCs. This will continue but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (i.e., security operations and analytics platform architecture). 

Read More

Toward Omniscient Cybersecurity Systems

Posted: May 19, 2015   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, big data security analytics, Security Management, security operations

security-systemCybersecurity systems suffer from compartmentalization. Vulnerability management systems know which software revisions are installed on which systems, but have no idea how endpoints and servers are connected together. Similarly, an anti-malware gateway can perform static and dynamic analysis on a suspicious file but doesn’t know if a user downloaded analogous malware when she was connected to the Internet on a public network. 

Read More

The Security Industry Remains Strong with Computer Science but Weak on IT

Posted: November 18, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Cisco, Information and Risk Management, FireEye, HP, Dell, Oracle, Security and Privacy, Security, Enterprise, SIEM, E&Y, Leidos, Accenture, CISO, saic, IPO, Security Management, CSC, Unisys

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.

It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO.

Read More

It Takes a Village: The Splunk User Conference 2013

Posted: October 04, 2013   /   By: Jon Oltsik   /   Tags: IBM, Apple, Information and Risk Management, Security and Privacy, Security, big data security analytics, SIEM, security intelligence, log management, F5, Security Management, Splunk

When IBM distributed its operating system in the 1950s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code.

Read More

Biggest Information Security Management Challenges for Enterprise Organizations

Posted: August 17, 2012   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Information and Risk Management, HP, McAfee, Enterprise Software, Oracle, Security and Privacy, risk management, sap, SIEM, SANS, ISC2, RSA Security, Security Management, security operations, CISSP, Tibco

In the recently-published ESG Research Report, Security Management and Operations: Changes on the Horizon, ESG surveyed 315 security professionals working at North America-based enterprise organizations (i.e., more than 1,000 employees).

Read More

What's Driving Enterprise Security Strategy?

Posted: August 14, 2012   /   By: Jon Oltsik   /   Tags: IBM, Big Data, End-User Computing, Information and Risk Management, FireEye, McAfee, Security and Privacy, BYOD, malware, SIEM, RSA, Invincea, Security Management, Damballa, APT, security operations, managed security services, Countertack

ESG recently published a new research report titled, Security Management and Operations: Changes on the Horizon. As part of the survey, ESG asked 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees) to identify the most important factors driving their organization’s information security strategy in 2012.

The top two responses were quite predictable: 55% said “protecting sensitive data and intellectual property (IP)” while 50% pointed to regulatory compliance. What is interesting is the responses beyond these two traditional security drivers:

  • 41% said “addressing new types of threats”
  • 39% said “improving/automating security operations”
  • 38% said “addressing security issues created by the use of mobile devices”
  • 35% said “improving our ability to analyze security data and detect attacks in progress”
  • 33% said “aligning security policies and controls with business processes”
Read More

The Information Security 80/20 Rule

Posted: June 07, 2012   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, risk management, SIEM, incident detection, incident response, log management, Security Management, security analytics, APT, security operations

Over the past few months, I've been engaged in a research project on enterprise security management and operations. As part of some quantitative research, ESG created a segmentation model that divided survey respondent organizations into three sub-segments. The segmentation model broke down as follows:

Read More

Posts by Topic

see all