SOAPA Video with Kenna Security (Part 1)

Karim Toubba, CEO of Kenna Security, stopped by the ESG studio to discuss SOAPA and its application to vulnerability management. In part 1 of our video, Karim and I discuss:

  1. The problem with vulnerability management. Vulnerability management is one of the most mature categories of cybersecurity technology so I pressed Karim on why it applies to a new architecture like SOAPA. His response was intriguing – the issue is sorting through all the data as enterprises are dealing with millions of vulnerabilities across a full technology stack from host systems to applications to cloud workloads. SOAPA and new types of data analytics can help organizations process and manage the data, making it more useful for decision making.
Topics: Cybersecurity vulnerability management SOAPA Kenna Security

More on Advanced Prevention in 2018

Last week, I wrote a blog describing how 2018 will be the year of advanced prevention. Now we’ve had technologies for blocking cyber-attacks and malware for decades (i.e., antivirus software, firewalls, IPS, etc.), so what exactly is advanced prevention? I believe advanced prevention sits at the intersection of two other cybersecurity trends:

  1. Software-defined security functionality. Software-defined everything makes it easier to deploy, configure, and scale security controls.
  2. Artificial intelligence. AI uses algorithms to comb through mountains of data to increase detection/blocking efficacy, provide granular risk scoring, and fine-tune decision making. 
Topics: Cybersecurity vulnerability management software-defined perimeter SDP MFA

SOAPA Video with ServiceNow (Part 1)

ServiceNow in security? Yes. The company has built upon its successful IT service management (ITSM) SaaS offering to bridge the gap between security and IT operations teams in areas like vulnerability management and incident response (IR). This places ServiceNow in the catbird seat. I expect big things and great success moving forward. 

Topics: Cybersecurity incident response ServiceNow vulnerability management incident response automation and orchestration SOAPA

Undercurrent RSA Conference Theme: Security Technology Integration

Just a few days until the start of the RSA Conference and I expect an even bigger event than last year – more presentations, vendors, cocktail parties, etc. The conference will likely focus on security technologies like endpoint security, cloud, security, threat intelligence, IAM, and others which I described in a recent blog

Topics: Network Security TAXII STIX FIDO vulnerability management

Big Data Security Is Inevitable

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Topics: IBM Big Data Data Management & Analytics Hadoop Information and Risk Management HP Dell McAfee Enterprise Software Security and Privacy risk management NoSQL SIEM Data Analytics Symantec RSA log management Cassandra security analytics BT Verizon Unisys vulnerability management threat management Tibco