Most Recent Blogs

Security Operations Spending and ROI

Posted: September 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

Return-on-investment.jpgESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Read More

Cybersecurity Pros' Opinions on Their Organization’s Security Operations

Posted: September 05, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOAPA, SOC

voicing_opinions.jpgESG recently published a new research report titled, Cybersecurity Analytics and Operations in TransitionThe report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
Read More

Security Operations Challenges Galore

Posted: August 28, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations, SOC

GettyImages-695971570.jpgAfter a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals (Cybersecurity Analytics and Operations in Transitionidentified some of the biggest security analytics and operations challenges. For example:

  • 30% of respondents say that their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
Read More

Cybersecurity Analytics and Operations Skills Shortage

Posted: August 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, CISO, security analytics, mssp, security operations, ISSA, SOC

skill-shortage-cyber.jpgIf you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Read More

Addressing Security Analytics and Operations Issues

Posted: August 07, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, security analytics, security operations

collaborationSecurity budgets are up in 2017 and in many cases, dollars are earmarked for enhancing security operations. According to recent ESG research, 81% of cybersecurity professionals agree that improving security analytics and operations is a high priority at their organizations.

Read More

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

Posted: July 17, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, CISO, security operations, network security analytics, SOC

Global_Security.jpgESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Read More

Why Is IR Automation and Orchestration So Hot?

Posted: March 16, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, rsa conference, security operations, SOAPA, IRP

click.jpgI couldn’t attend the RSA Conference this year but many cybersecurity professionals and my ESG colleagues told me that incident response automation and orchestration was one of the hottest topics in the halls of the Moscone Center, through the bar at the W hotel, and even at the teahouse on the garden at Yerba Buena.   

Read More

In and Around the 2017 RSA Conference

Posted: February 15, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, endpoint security, security analytics, security operations, SOAPA

ASan_Francisco_Cable_Car.jpgs you may have guessed from my blogs, I was really excited about this year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. 

Yup, I was all set to head to San Francisco at the end of last week when fate and personal issues jumped in. Alas, I had to cancel my plans.    

Despite my geographic separation, I continue to monitor RSA from afar. Here are a few stories that jumped out at me as of now:

Read More

Security Analytics and Operations at RSA

Posted: February 06, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

analytics.jpgSo far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security while the second focused on network security

I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e., security operations and analytics platform architecture). Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts.

Read More

Toward Omniscient Cybersecurity Systems

Posted: May 19, 2015   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, big data security analytics, Security Management, security operations

security-systemCybersecurity systems suffer from compartmentalization. Vulnerability management systems know which software revisions are installed on which systems, but have no idea how endpoints and servers are connected together. Similarly, an anti-malware gateway can perform static and dynamic analysis on a suspicious file but doesn’t know if a user downloaded analogous malware when she was connected to the Internet on a public network. 

Read More

Posts by Topic

see all