Most Recent Blogs

The Problem with Collecting, Processing, and Analyzing More Security Data

Posted: September 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, TAXII, STIX, Splunk, SOAPA, CIM

GettyImages-639649350.jpgSecurity teams collect a heck of a lot of data today. ESG research indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. What types of data? The research indicates that the biggest data sources include firewall logs, log data from other types of security devices, log data from networking devices, data generated by AV tools, user activity logs, application logs, etc.

Read More

Splunk on SOAPA (part 1)

Posted: May 22, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, incident response, Splunk, SOAPA

Splunk_SOAPA.jpgI’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

Read More

A Video Interview about SOAPA with Haiyan Song, SVP of Splunk, Part 1

Posted: May 18, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, Splunk, SOAPA, security operations analytics platform

horizon.jpgThe trend toward security operations analytics platform architectures (SOAPA) is impacting the traditional SIEM market, causing leading vendors to adapt their strategies to accommodate the need for product integration and functional expansion. In this video, I talk with Haiyan Song, SVP of Security Markets at Splunk,who comments on changing security requirements, customers’ desired outcomes, and what this means for Splunk’s business strategy and R&D investments.

Read More

Splunk Intent on Extending Cybersecurity Leadership

Posted: September 30, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, security analytics, Splunk

pouring_data.jpgI attended the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40% of Splunk’s revenue. Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.

Read More

My Take-aways from Splunk Conf 2015

Posted: September 25, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, big data security analytics, SIEM, Splunk

Vegas_signWhen I first became familiar with Splunk years ago, I thought of it as a freeware log management tool for inquisitive security analysts. Useful for general purposes, but I didn’t see it as a true enterprise security management system, a category defined by vendors like ArcSight, Intellitactics, and Network Intelligence at that time. 

Read More

Splunk Show Shows Spunk (Includes Video)

Posted: October 22, 2014   /   By: Nik Rouda   /   Tags: Analytics, Big Data, cloud, IoT, Splunk, machine learning

Check out my "man on the street" video from the event, and read my additional takeaways below. 

Read More

Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Posted: January 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Information and Risk Management, FireEye, Security and Privacy, Security, malware, Mandiant, Barracuda, Leidos, Target, cybercrime, CSC, Anti-malware, NIST, APT, Unisys, Splunk

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Read More

Addressing advanced malware in 2014

Posted: December 16, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, IT Infrastructure, Information and Risk Management, Sourcefire, FireEye, HP, McAfee, Security and Privacy, Security, endpoint security, Kaspersky, LogRhythm, trend micro, bromium, Symantec, Invincea, antivirus, RSA Security, Sophos, Bit9, Anti-malware, Hexis, Splunk

In the cybersecurity annals of the future, 2013 may be remembered as the year of advanced malware. Yes, I know that malware is nothing new and the term “advanced” is more hype than reality as a lot of attacks have involved little more than social engineering and off-the-shelf exploits. That said, I think it’s safe to say that this is the year that the world really woke up to malware dangers (advanced or not) and is finally willing to address this risk.

So how will enterprise organizations (i.e., more than 1,000 employees) change their security strategies over the next year to mitigate the risks associated with advanced malware threats? According to ESG research:

  • 51% of enterprise organizations say they will add a new layer of endpoint software to protect against zero day and other types of advanced malware. Good opportunity for Kaspersky, McAfee, Sophos, Symantec, and Trend Micro to talk to customers about innovation and new products but the old guard has to move quickly to prevent an incursion by new players like Bit9, Bromium, Invincea, and Malwarebytes. The network crowd (i.e., Cisco, Check Point, FireEye, Fortinet, and Palo Alto Networks, etc.) may also throw a curveball at endpoint security vendors as well. For example, Cisco (Sourcefire) is already selling an endpoint/network anti-malware solution with a combination of FireAMP and FirePOWER.
  • 49% of enterprise organizations say they will collect and analyze more security data, thus my prediction for an active year in the big data security analytics market – good news for LogRhythm and Splunk. Still, there is a lot of work to be done on the supply and demand side for this to really come to fruition.
  • 44% of enterprise organizations say they will automate more security operations tasks. Good idea since current manual security processes and informal relationship between security and IT operations is killing the effectiveness and pace of security remediation. Again, this won’t be easy as there is a cultural barrier to overcome but proactive organizations are already moving in this direction. If you are interested in this area, I suggest you have a look at Hexis Cyber Solutions’ product Hawkeye G. Forward thinking remediation stuff here.
  • 41% of enterprise organizations say they will design and build a more integrated information security architecture. In other words, they will start replacing tactical point tools with an architecture composed of central command-and-control along with distributed security enforcement. Good idea, CISOs should create a 3-5 year plan for this transition. A number of vendors including HP, IBM, McAfee, RSA Security, and Trend Micro are designing products in this direction with the enterprise in mind.
Read More

Information Security versus “Shadow IT” (and mobility, cloud computing, BYOD, etc.)

Posted: November 04, 2013   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Sailpoint, 21CT, RSA Security, Bit9, Octa, Splunk

We’ve all read the marketing hype about “shadow IT” where business managers make their own IT decisions without the CIO’s knowledge or approval. According to ESG research, this risk is actually overstated at most organizations, but there is no denying that IT is getting harder to manage as a result of BYOD, cloud computing, IT consumerization, and mobility.

As these trends perpetuate, CISOs find themselves in the proverbial hot seat – it’s difficult to secure applications, assets, network sessions, and transactions that you don’t own or control.

Read More

The Keys to Big Data Security Analytics Solutions: Algorithms, Visualization, Context, and Automation (AVCA)

Posted: October 15, 2013   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Cisco, Hadoop, Information and Risk Management, HP, McAfee, Security and Privacy, Security, big data security analytics, SIEM, Narus, LogRhythm, 21CT, RSA Security, SilverTail, LexisNexis, Solera Networks, Lancope, click security, Hexis Cyber Solutions, Splunk

ESG research indicates that 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years (note: In this case, big data security analytics is defined as, “security data sets that grow so large that they become awkward to work with using on-hand security analytics tools”).

So enterprises will likely move to some type of big data security analytics product or solution over the next few years. That said, many CISOs I speak with remain confused about this burgeoning category and need help cutting through the hype.

Read More

Posts by Topic

see all