Most Recent Blogs

Cybersecurity Skills Shortage Impact on Technology Innovation

Posted: April 25, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, ISSA, SOAPA, security operations and analytic platform

I continue to research and write about the ongoing global cybersecurity skills shortage. For example, ESG research indicates that 45% of organizations report a problematic shortage of cybersecurity skills today, more than any other area within IT.

Want more?  Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:

Read More

The Role of Standards in a Security Ops and Analytics Platform Architecture (Video)

Posted: April 24, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, SIEM, SOAPA, security operations and analytic platform

In this second of a two-part video series, Mike Viscuso, Carbon Black CTO, and I pull on more SOAPA (security operations and analytics platform architecture) threads, including the role of SIEM in the next-gen SOC. Because it is in the context of SIEMs that we’ve seen the adoption of standard formats such as CEF and LEEF for alert propagation and STIX and TAXII for threat intelligence sharing, we explore not only the need for more such standards but the factors that lead to adoption. We then discuss user behavior analytics (UBA) data enrichened with other sensor data as an example of how a reference architecture like SOAPA makes data actionable, in this case to thwart the insider threat. We wrap up with a view into the future with respect to possible industry consolidation and the emergence of cybersecurity platforms to relieve point tool fatigue, a theme Mike challenges, noting the need for ongoing innovation to counter the motivated adversary. 

Read More

An EDR Perspective on Security Ops and Analytics Architecture (Video)

Posted: April 17, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, SOAPA, security operations and analytic platform, EDR, endpoint detection and response

Doug-Cahill-Mike-Viscuso.jpgIn this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Read More

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

Posted: March 03, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, endpoint security, rsa conference, security analytics, SOAPA, security operations and analytic platform

Jon and Doug.jpgRSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Read More

Scratching the Surface on What to Expect at RSA 2017 (Video)

Posted: January 30, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, rsa conference, ransomware, SOAPA, security operations and analytic platform

Jon & Doug Still.jpgWith what is expected to be the largest RSA Conference to date just around the corner, my colleague Jon Oltsik and I share some thoughts on what we are expecting at this year’s seminal cybersecurity event in this video. We discuss the broad-based nature of ransomware, with commentary on how “rearview mirror ransomware protection” will address certain tiers of ransomware while new blended ransomware attacks, as well as those that target back-end infrastructure, will require additional controls and techniques. One such technique being applied in many cybersecurity products is machine learning, for which we frame its role in the context of a layered defense. We also consider how the rapid evolution of the cloud security product category, driven by the broad adoption of cloud service, could be an area of functional convergence and note the need for a security operations and analytic platform architecture (SOAPA) for hybrid cloud environments. On the topic of cloud, we also note the compelling benefits of cloud-delivered security solutions (security-as-a-service) for operational efficiency at cloud scale.

Read More

Posts by Topic

see all