Cybersecurity Skills Shortage Impact on Technology Innovation

I continue to research and write about the ongoing global cybersecurity skills shortage. For example, ESG research indicates that 45% of organizations report a problematic shortage of cybersecurity skills today, more than any other area within IT.

Want more?  Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:

Topics: Network Security Cybersecurity ISSA SOAPA security operations and analytic platform

The Role of Standards in a Security Ops and Analytics Platform Architecture (Video)

In this second of a two-part video series, Mike Viscuso, Carbon Black CTO, and I pull on more SOAPA (security operations and analytics platform architecture) threads, including the role of SIEM in the next-gen SOC. Because it is in the context of SIEMs that we’ve seen the adoption of standard formats such as CEF and LEEF for alert propagation and STIX and TAXII for threat intelligence sharing, we explore not only the need for more such standards but the factors that lead to adoption. We then discuss user behavior analytics (UBA) data enrichened with other sensor data as an example of how a reference architecture like SOAPA makes data actionable, in this case to thwart the insider threat. We wrap up with a view into the future with respect to possible industry consolidation and the emergence of cybersecurity platforms to relieve point tool fatigue, a theme Mike challenges, noting the need for ongoing innovation to counter the motivated adversary. 

Topics: Cybersecurity SIEM SOAPA security operations and analytic platform

An EDR Perspective on Security Ops and Analytics Architecture (Video)

In this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Topics: Cybersecurity SOAPA security operations and analytic platform EDR endpoint detection and response

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

RSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Topics: Cybersecurity endpoint security rsa conference security analytics SOAPA security operations and analytic platform

Scratching the Surface on What to Expect at RSA 2017 (Video)

With what is expected to be the largest RSA Conference to date just around the corner, my colleague Jon Oltsik and I share some thoughts on what we are expecting at this year’s seminal cybersecurity event in this video. We discuss the broad-based nature of ransomware, with commentary on how “rearview mirror ransomware protection” will address certain tiers of ransomware while new blended ransomware attacks, as well as those that target back-end infrastructure, will require additional controls and techniques. One such technique being applied in many cybersecurity products is machine learning, for which we frame its role in the context of a layered defense. We also consider how the rapid evolution of the cloud security product category, driven by the broad adoption of cloud service, could be an area of functional convergence and note the need for a security operations and analytic platform architecture (SOAPA) for hybrid cloud environments. On the topic of cloud, we also note the compelling benefits of cloud-delivered security solutions (security-as-a-service) for operational efficiency at cloud scale.

Topics: Cybersecurity rsa conference ransomware SOAPA security operations and analytic platform