A few years ago, the cybersecurity industry adopted a new mindset that went something like this:
Jon Oltsik, on Mar 27, 2017
In 2015, ESG did an in-depth research project on cyber threat intelligence usage at enterprise organizations (i.e., more than 1,000 employees). The goal of this project was to determine how large firms were using threat intelligence, what challenges they faced, how they were addressing these challenges, and what their strategies were moving forward.
Coming out of Black Hat a few weeks ago, it’s pretty frightening what’s going on with cyber-threats. Overall malware volume is down but the number of variants has gone up precipitously. In fact, according to the Webroot threat report, about 97% of all malware variants are seen only one time. In other words, they are designed to target and attack specific organizations.
In 2015, I conducted some in-depth research around enterprise organizations’ consumption, use, and sharing of threat intelligence (login required). Time and time again, I heard cybersecurity professionals proclaim that their organizations had to do a better job “operationalizing” threat intelligence.
According to ESG research, enterprise organizations continue to invest in all types of threat intelligence. For example, 60% of organizations have had a threat intelligence program in place for more than 2 years, 69% consume 6 or more open-source or commercial threat intelligence feeds as part of cybersecurity analytics efforts, and 72% of enterprises plan on increasing spending on their threat intelligence programs over the next 12 to 18 months.
Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:
The CASB market, as relatively new as it is, is experiencing an accelerated maturation process, looking at the number of acquisitions, late-stage venture funding, and the entry of established brands. And it makes perfect sense: controlling the access to SaaS apps and protecting the associated corporate data assets heading north to the cloud is a broad-based concern exacerbated by the BYOD and telecommuting aspects of mobility.
Last week's announcement of Blue Coat's acquisition of Elastica is a notable marker of the rapid evolution of this cybersecurity segment with the company clearly doubling down on the palpable cloud access and control security market opportunity by following up their July acquisition of Perspecsys to further bolster their CASB offering. Already possessing essential network-based elements in its ProxySG proxy gateway and SSL decryption products, Blue Coat has key solution components — and this acquisition warrants looking at how these pieces fit together and what this may portend for the CASB market.
I’ve been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land.
Jon Oltsik, on Sep 11, 2015
When it comes to threat intelligence, there seem to be two primary focus areas in play: The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e., CISA, CISPA, etc.). What’s missing? The answer to a basic question: How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?
Jon Oltsik, on Jul 1, 2015
It seems like everyone is talking about threat intelligence these days: the feds are promoting public/private threat intelligence sharing across the executive and legislative branches, and the industry is buzzing about threat intelligence feeds, sharing platforms, and advanced analytics.