Visit one of the Subject Area Blogs or ESG Analyst Blogs by clicking any link below:

Application Development & Deployment Truths               The Bigger Truth Insecure About Security
Cloud Computing Truths               Big Data, the Universe, and Everything IT Artillery
Data Management & Analytics Truths               The Business of Storage IT Depends
Data Protection Truths               Channeling IT Liquefying IT
Information Security Truths               Decoding Development and Developers Technical Optimist
Networking Truths               ESG Lab Blog  
Storage Truths                  

Individual Author Blogs can be found via EXPLORE, selecting the Author, and clicking on "Read blog."

  • March 26, 2015

    In Cybersecurity, the Network Doesn’t Lie

    In a recent ESG Research Report, enterprise security professionals were asked to identify the primary objectives associated with their organization’s network security strategy. It turns out that 40% of organizations plan to move toward continuous monitoring of all assets on the network while 30% of organizations plan to capture more network traffic for security analytics.

    Learn More

  • March 23, 2015

    Massive Enterprise Endpoint Security Opportunity

    In the past, large organizations spent most if not all of their endpoint security dollars on a single product—antivirus software. This decision created a multi-billion dollar market dominated by 5 vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro.

    Learn More

  • March 19, 2015

    The Increasing Cybersecurity Attack Surface

    I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes. This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses.

    Learn More

  • March 16, 2015

    Information Security: The Most Important IT Initiative in 2015

    At an elementary level, IT is all about using technology to enable the business. This really hasn’t changed, even back in the early days when IT was called data processing or management information systems. In today’s IT world, business enablement is driving a few meta-trends. Cheap hardware and open source software are driving big data analytics to the mainstream. Organizations are abandoning the costs and constraints of on-site IT systems as they move applications and systems to the cloud. Mobile devices are becoming the primary compute platform for users, automating business processes and changing application development.

    Learn More

  • March 12, 2015

    Will Public/Private Threat Intelligence Sharing Work?

    In January, Representative Charles Albert “Dutch” Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) as H.R. 234 into the 114th Congress. The bill was first introduced by Mike Rogers (R-MI) in 2011.

    Learn More

  • March 9, 2015

    Book Report: @War: The Rise of the Military-Internet Complex

    I’ve read a fair amount of cybersecurity books across a wide spectrum of topics—early hackers, cyber-crime, hacktivists, nation state activity, etc. A few years ago, new books were few and far between, but this is no longer the case. I recently posted a blog/book report on Kim Zetter’s fantastic book, Countdown to Zero Day. Allow me to recommend another good one, @War: The Rise of the Military-Internet Complex, by Shane Harris.

    Learn More

  • March 5, 2015

    Endpoint Security Meets the Cybersecurity Skills Shortage

    Just about every cyber-attack follows a similar pattern: An end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file. This is one of the early stages of the famous Lockheed Martin “kill chain.”

    Learn More

  • March 2, 2015

    Challenges with SSL/TLS Traffic Decryption and Security Inspection

    As I’ve mentioned in several recent blogs, enterprise organizations are encrypting more and more of their network traffic. A majority (87%) of organizations surveyed as part of a recent ESG research project say they encrypt at least 25% of their overall network traffic today.

    Learn More

  • February 26, 2015

    0% Cybersecurity Job Unemployment in Washington

    I’ve written a lot about the global cybersecurity skills shortage over the past few years. Here’s some recent ESG data that illustrates this problem...

    Learn More

  • February 25, 2015

    More on Network Encryption and Security

    In a blog I posted last week, I described that enterprise organizations are encrypting more of their network traffic. This is a mixed blessing in that it can protect data confidentiality and integrity but it also opens a camouflaged threat vector back into the organization. To address this risk, a majority (87%) of organizations decrypt and then inspect SSL/TLS traffic looking for things like reconnaissance activity, malware, and C2 communications according to ESG research.

    Learn More

More Results:

Enter your email address, and click subscribe