Visit one of the Subject Area Blogs or ESG Analyst Blogs by clicking any link below:

Application Development & Deployment Truths               The Bigger Truth Insecure About Security
Cloud Computing Truths               Big Data, the Universe, and Everything IT Artillery
Data Management & Analytics Truths               The Business of Storage IT Depends
Data Protection Truths               Channeling IT Liquefying IT
Information Security Truths               Decoding Development and Developers Technical Optimist
Networking Truths               ESG Lab Blog  
Storage Truths                  

Individual Author Blogs can be found via EXPLORE, selecting the Author, and clicking on "Read blog."

  • October 6, 2015

    U.S. Critical Infrastructure Continue to Make Risky IT Bets

    When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.

    Learn More

  • October 1, 2015

    Happy Cybersecurity Awareness Month?

    As October begins, we in New England look forward to fall foliage, warm days and cool nights. Aside from orange and bright red leaves here in Massachusetts, everyone will see a prominent display of the color pink, as October is also breast cancer awareness month. Finally, if you are a dedicated cybersecurity professional, you may (that’s right, may) know that October is also national cybersecurity awareness month.

    Learn More

  • September 29, 2015

    U.S. Critical Infrastructure under Cyber-Attack

    ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations. The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”.

    Learn More

  • September 25, 2015

    My Take-aways from Splunk Conf 2015

    When I first became familiar with Splunk years ago, I thought of it as a freeware log management tool for inquisitive security analysts. Useful for general purposes, but I didn’t see it as a true enterprise security management system, a category defined by vendors like ArcSight, Intellitactics, and Network Intelligence at that time.

    Learn More

  • September 23, 2015

    Book Report: Future Crimes

    Future Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes. In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.

    Learn More

  • September 18, 2015

    Cyber Supply Chain Security Is Increasingly Difficult for Critical Infrastructure Organizations

    As the old cybersecurity adage states, "The cybersecurity chain is only as strong as its weakest link." Smart CISOs also understand that the proverbial weak link may actually be out of their control.

    Learn More

  • September 15, 2015

    The Network’s Role as a Security Sensor and Policy Enforcer

    According to ESG research, 79% of cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that network security management and operations is more difficult today than it was two years ago. Why? Infosec pros point to a combination of increasingly dangerous cyber-threats, new IT initiatives like cloud and mobile computing, legacy point tools, and growing security operations overhead.

    Learn More

  • September 11, 2015

    Challenges around Operationalizing Threat Intelligence

    When it comes to threat intelligence, there seem to be two primary focus areas in play: The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e., CISA, CISPA, etc.). What’s missing? The answer to a basic question: How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?

    Learn More

  • September 8, 2015

    My Assessment of VMware NSX

    At last week’s VMworld event in San Francisco, I spent a good deal of time speaking with VMware, its customers, and a wide variety of its partners about the cybersecurity use case for NSX

    Learn More

  • September 2, 2015

    The RMS Titanic and Cybersecurity

    Little known fact: Yesterday was the 30th anniversary of Bob Ballard’s discovery of the RMS Titanic, several hundred miles off the coast of Newfoundland Canada. I’ve recently done some research into the ship, its builders, and its ultimate fate and believe that lessons learned from Titanic may be useful for the cybersecurity community at large.

    Learn More

More Results: