Most Recent Blogs

The Problem with Collecting, Processing, and Analyzing More Security Data

Posted: September 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, TAXII, STIX, Splunk, SOAPA, CIM

GettyImages-639649350.jpgSecurity teams collect a heck of a lot of data today. ESG research indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. What types of data? The research indicates that the biggest data sources include firewall logs, log data from other types of security devices, log data from networking devices, data generated by AV tools, user activity logs, application logs, etc.

Read More

Security Operations Spending and ROI

Posted: September 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, security operations, SOAPA

Return-on-investment.jpgESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Read More

SOAPA Chat with Vectra Networks (Video, Part 2)

Posted: September 08, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra2.jpgOld friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Read More

Talking SOAPA with Vectra Networks (Video, Part 1)

Posted: August 31, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, network security analytics, SOAPA, EDR, Vectra Networks

SOAPA-Vectra.jpgOld friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Read More

Cybersecurity Analytics and Operations Skills Shortage

Posted: August 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, CISO, security analytics, mssp, security operations, ISSA, SOC

skill-shortage-cyber.jpgIf you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Read More

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

Posted: July 24, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, SIEM, CISO, network security analytics, network security operations

skills-shortage.jpgI’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Read More

Cybersecurity Operations: More Difficult Than It Was 2 Years Ago

Posted: July 17, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, CISO, security operations, network security analytics, SOC

Global_Security.jpgESG just published a new research report titled, Cybersecurity Analytics and Operations in Transition, based upon a survey of 412 cybersecurity and IT professionals working at large midmarket (i.e., 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations in North America and Western Europe.

The data is quite interesting, to say the least, so look for lots of blogs from me over the next few weeks on a myriad of security operations topics we covered in this project. Furthermore, my esteemed colleague Doug Cahill and I are hosting a webinar this Wednesday, July 19. Feel free to attend, more details can be found here

When I do end-user research on cybersecurity topics, I usually ask respondents a basic question: How are things today compared to 2 years ago? This research project was no exception and, as it turns out, 27% of survey respondents say that cybersecurity analytics and operations is much more difficult than 2 years ago while another 45% say that cybersecurity analytics and operations is somewhat more difficult today than 2 years ago.

Read More

ESG Security Operations and Analytics Webinar

Posted: June 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, network security operations, SOAPA, SOC, webinar, Doug Cahill

My colleague Doug Cahill and I spend a lot of time thinking about security operations and analytics these days. Why? Enterprise organizations are under constant attack from increasingly sophisticated cyber-adversaries so they need better situational awareness about their security posture at all times.

Unfortunately, many organizations aren’t doing a very good job in this area. Many anchor security operations to an amalgam of point tools that don’t interoperate. Security operations often depend upon manual processes and the wisdom of a few key employees. And let’s not forget that when it comes to cybersecurity, many organizations remain understaffed and lacking the right skills. ESG research from earlier this year indicates that 45% of organizations say they have a “problematic shortage” of cybersecurity skills today.

Just how bad are these problems and what can be done to address them? Doug and I will discuss these and other security operations topics in an upcoming webinar in July.

Read More

Splunk on SOAPA (Part 2)

Posted: June 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, incident response, SOAPA

Splunk_SOAPA.jpgRecently, I had the pleasure of interviewing Haiyan Song, EVP of security at Splunk, about all things SOAPA. In part 2 of our video series, Haiyan aptly summarizes the current state of cybersecurity by declaring that “security is a team sport.” In other words, it takes cooperation amongst vendors, products, and infosec analysts to succeed. 

To that end, this video discussion highlights things like:

  • Splunk’s Adaptive Response. This is a Splunk customer-driven initiative which Haiyan describes as embodying the spirit of SOAPA. In essence, Adaptive Response unifies security analytics and controls and lets customers make and change enforcement decisions based upon security analytics insights rather than gut feelings or traditional security methodologies.
Read More

Splunk on SOAPA (part 1)

Posted: May 22, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, incident response, Splunk, SOAPA

Splunk_SOAPA.jpgI’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

Read More

Posts by Topic

see all