Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Topics: IBM Palo Alto Networks Information and Risk Management FireEye Security and Privacy Security malware Mandiant Barracuda Leidos Target cybercrime CSC Anti-malware NIST APT Unisys Splunk

The Security Industry Remains Strong with Computer Science but Weak on IT

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.

It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO.

Topics: IBM Cybersecurity Cisco Information and Risk Management FireEye HP Dell Oracle Security and Privacy Security Enterprise SIEM E&Y Leidos Accenture CISO saic IPO Security Management CSC Unisys

The Security Skills Shortage Is Worse Than You Think

I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context. According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find. In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

Given this data, it is fair to assume that many IT security organizations are short staffed and pushing the security team to its limits. As if this wasn’t bad enough, ESG data also points to 3 trends that exacerbate the security skills shortage further impacting the effectiveness of the precious few security personnel in place:

  1. Critical skills deficits. Along with the shortage of staff, many organizations report that their security staff lacks skills in critical areas such as network security, cloud computing/server virtualization security, mobile device security, and security analysis/forensics.
  2. Security staff time management. Large organizations indicate that one of their biggest problems is that their security professionals spend an inordinate amount of their time putting out fires. This limits the time for other more proactive security activities.
  3. Security tools complexity and lack of automation. Security vendors built tools rich in feature/functionality and designed for customization. Unfortunately, many large organizations don’t have the time or staff necessary to fine-tune them or develop expertise in their use.
Topics: IBM Cloud Computing Check Point Palo Alto Networks Private Cloud Infrastructure Information and Risk Management Sourcefire HP Dell McAfee Security and Privacy BYOD Raytheon Lockheed Martin trend micro Symantec saic CSC BT Verizon Unisys Server Virtualization security skills Public Cloud Service

Big Data Security Is Inevitable

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Topics: IBM Big Data Data Management & Analytics Hadoop Information and Risk Management HP Dell McAfee Enterprise Software Security and Privacy risk management NoSQL SIEM Data Analytics Symantec RSA log management Cassandra security analytics BT Verizon Unisys vulnerability management threat management Tibco

Security Services Continue to Grow -- In the Enterprise

In my last blog, I presented some data about the extremely critical but often ignored security skills shortage. While 55% of enterprise organizations (i.e., more than 1,000 employees) plan to add information security headcount this year, 83% say it is "extremely difficult" or "somewhat difficult" to recruit and hire these folks.

Topics: IBM Cloud Computing EMC Private Cloud Infrastructure Information and Risk Management HP Security and Privacy Security SIEM Symantec RSA CISO CSC BT mssp Verizon Unisys security services venture capital Server Virtualization security skills Public Cloud Service

Anticipating the RSA Conference 2012

It's now February although you'd never know it from the balmy winter here in Boston. Aside from Valentine's Day, February is significant because it is when security geeks from around the world get together in San Francisco for the RSA Conference.

Topics: Information and Risk Management Juniper Sourcefire FireEye Security and Privacy sap LogRhythm trend micro RSA Security Rackspace cybercrime Damballa Unisys

Information Security Budgets Will Increase in 2012

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Topics: IBM Network Security Check Point Cisco Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy SIEM Symantec ISC2 Damballa Unisys security skills IT security spending