Visit one of the Subject Area Blogs or ESG Analyst Blogs by clicking any link below:
|Application Development & Deployment Truths||The Bigger Truth||Insecure About Security|
|Cloud Computing Truths||Big Data, the Universe, and Everything||IT Artillery|
|Data Management & Analytics Truths||The Business of Storage||IT Depends|
|Data Protection Truths||Channeling IT||Liquefying IT|
|Information Security Truths||Decoding Development and Developers||Technical Optimist|
|Networking Truths||ESG Lab Blog|
Individual Author Blogs can be found via EXPLORE, selecting the Author, and clicking on "Read blog."
In a recent ESG Research Report, enterprise security professionals were asked to identify the primary objectives associated with their organization’s network security strategy. It turns out that 40% of organizations plan to move toward continuous monitoring of all assets on the network while 30% of organizations plan to capture more network traffic for security analytics.
In the past, large organizations spent most if not all of their endpoint security dollars on a single product—antivirus software. This decision created a multi-billion dollar market dominated by 5 vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro.
I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes. This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses.
I’ve read a fair amount of cybersecurity books across a wide spectrum of topics—early hackers, cyber-crime, hacktivists, nation state activity, etc. A few years ago, new books were few and far between, but this is no longer the case. I recently posted a blog/book report on Kim Zetter’s fantastic book, Countdown to Zero Day. Allow me to recommend another good one, @War: The Rise of the Military-Internet Complex, by Shane Harris.
Just about every cyber-attack follows a similar pattern: An end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file. This is one of the early stages of the famous Lockheed Martin “kill chain.”
In a blog I posted last week, I described that enterprise organizations are encrypting more of their network traffic. This is a mixed blessing in that it can protect data confidentiality and integrity but it also opens a camouflaged threat vector back into the organization. To address this risk, a majority (87%) of organizations decrypt and then inspect SSL/TLS traffic looking for things like reconnaissance activity, malware, and C2 communications according to ESG research.