RSA Conference Topic: Endpoint Security

As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! 

So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan on writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security.

To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.

Topics: Cybersecurity

Scratching the Surface on What to Expect at RSA 2017 (Video)

With what is expected to be the largest RSA Conference to date just around the corner, my colleague Jon Oltsik and I share some thoughts on what we are expecting at this year’s seminal cybersecurity event in this video. We discuss the broad-based nature of ransomware, with commentary on how “rearview mirror ransomware protection” will address certain tiers of ransomware while new blended ransomware attacks, as well as those that target back-end infrastructure, will require additional controls and techniques. One such technique being applied in many cybersecurity products is machine learning, for which we frame its role in the context of a layered defense. We also consider how the rapid evolution of the cloud security product category, driven by the broad adoption of cloud service, could be an area of functional convergence and note the need for a security operations and analytic platform architecture (SOAPA) for hybrid cloud environments. On the topic of cloud, we also note the compelling benefits of cloud-delivered security solutions (security-as-a-service) for operational efficiency at cloud scale.

Topics: Cybersecurity RSA Conference SOAPA

2017 Predictions for Systems Management, PaaS, and DevOps (Video)

As is the tradition at ESG, I have made this video with my predictions for 2017 in the three main areas I cover, Systems Management, PaaS, and DevOps. For each area, I cover what I think will be one of the biggest areas of discussion in 2017 and what I think will be the end result.

For Systems Management, I cover the need to define what hybrid cloud really is and what impact it will have on the systems management vendors in the space right now.

For PaaS, I cover the state of the on-premises PaaS market, what happened in 2016, and what I think will happen in 2017.

For DevOps, I go over the keys for adopting DevOps in enterprises for 2017 and the challenges companies will face in DevOps adoption.

Topics: Cloud Services & Orchestration

Converged Vs. Hyperconverged Infrastructure: What's The Difference?

Traditionally, the responsibility of assembling IT infrastructure falls to the IT team. Vendors provide some guidelines, but the IT staff ultimately does the hard work of integrating them. The ability to pick and choose components is a benefit, but requires effort in qualification of vendors, validation for regulatory compliance, procurement, and deployment.

Converged and hyperconverged infrastructure provide an alternative. In this blog, I'll examine how they evolved from the traditional infrastructure model and compare their different features and capabilities.


Read the rest on Network Computing.

Topics: Converged Infrastructure Cloud Services & Orchestration

Cloud Computing: Predictions for 2017 (Video) - Part 2

At ESG, I get to work with an amazing team of other analysts, a couple of whom also cover cloud computing. We have put together a three part series of our predictions for 2017 with respect to cloud computing.

In this video, which is part 2 of 3, I interview Terri McClure, who covers cloud infrastructure, including converged and hyperconverged, and Dan Conde, who covers cloud platforms and networking.

For cloud infrastructure, I ask Terri about the impact that public cloud has had on the converged and hyperconverged market, and whether those on-premises systems can really offer the same capabilities as public cloud.

For cloud platform and networking, I ask Dan about how the two big competitors in public cloud, AWS and Microsoft Azure, will change in 2017. Will they continue to grow as they have or will the balance shift any? Will another competitor arise to challenge them or will AWS and Azure close the market into a pure, two horse race?

Topics: Cloud Services & Orchestration

Shadow IT and Cloud Access Security Brokers Video

ESG’s recent cloud security research was designed to gain insights into organizations' awareness of, requirements for, and future plans with regard to cloud security.

One of the most startling takeaways from that research was the pervasiveness of “shadow IT.” Organizations are struggling to get a grip on their cloud application usage and policies, and, in many cases, they are turning to CASB (cloud application security broker) providers for help.

Watch ESG’s infographic research video below for more insights on this topic.

Topics: Cybersecurity

2017 Big Data & Analytics Prediction: Part 2: Machine Learning (Video)

It doesn't take a supra-genius AI to predict that machine learning will continue to get better this year. Yet, there is a disconnect between the public Hollywood view of technology and the current limitations. Check out the video below for my ideas on how the gap will begin to narrow:






Topics: Data Platforms, Analytics, & AI

Commuting Chelsea Manning’s Sentence Was Just and Proper

Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the US government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq.  

The President’s decision to commute Manning’s sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement.  Just today, President Trump referred to Manning as an “ungrateful traitor” who should have never been released from prison on Twitter.

Topics: Cybersecurity

Why Did Cisco Pursue AppDynamics?

Cisco announced its intention to buy AppDynamics, an application performance management vendor. Much of the attention has been focused on the last minute deal while AppDynamics was performing a roadshow for its IPO, or the price being paid.

What is more interesting for the IT community is why Cisco finds this a good fit for its product portfolio. Although they will be a business unit within Cisco’s IoT and Collaboration Technology Group, it’s more important to see the context in which Cisco is transforming itself.   My colleague Edwin Yuen wrote a blog on the deal as well.

Topics: Networking Cloud Services & Orchestration

Cisco Buys AppDynamics to Strengthen Cloud Software Portfolio

Cisco just announced their intent to acquire AppDynamics. AppDynamics is one of the leaders in the application performance monitoring (APM) space. Why is APM so important? Cloud.

Now it may sound marketing to just say "cloud" but the concepts and usage of cloud, as opposed to traditional infrastructure, are why this acquisition is so important. As enterprises shift more into cloud computing, whether it's on-premises or off-premises, they begin to see the true tenet of cloud, that the application is king.

In cloud, the final output of all the work is the application, as that's all the end-user sees. In many cases, especially in public cloud, IT won't have access or visibility into much of the underlying infrastructure and systems that support the application. In fact, as we move towards distributed systems and architectures, they shouldn't care. Thus, monitoring the application, from the end-user experience on back to the infrastructure, is the important cloud management pivot and APM is at the heart of that.

Topics: Cloud Services & Orchestration

Pure Storage Announces General Availability for FlashBlade

Today, Pure Storage announced general availability for FlashBlade. For those not familiar with FlashBlade, it is the all-flash storage company’s massive capacity, incredibly dense--1.6 PB usable in 4 rack units!--all flash storage system designed for unstructured data workloads--think files and objects.

Now I have written quite a bit about FlashBlade since Pure Storage announced it last year. You can check out some of my recent article on SearchStorage or my comment in my 2017 storage industry predictions video, so I don’t simply want to rehash all my early commentary now that the system is finally available to the general public.

 But I do want to make two points.

Topics: Storage

Remarkably, Many Organizations Still Opt for 'Good Enough' Cybersecurity

Late last year, ESG published a research report titled Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that:

  • 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers.
  • 27% of organizations experienced one or several incidents of ransomware.
  • 20% of organizations experienced one or several incidents resulting in the disruption of a business application.
  • 19% of organizations experienced one or several incidents resulting in the disruption of a business process.
Topics: Cybersecurity ISSA

Cloud Computing: Predictions for 2017 (Video) - Part 1


In this video, I interview Edwin Yuen and Terri McClure on their thoughts on cloud computing for 2017.

Edwin covers systems management - including on-premises and on public clouds.

Terri covers cloud infrastructure – including converged and hyperconverged systems.

If you are wondering about these burning questions, our experts proffer their opinions.



  • Systems Management: What will be the positioning between the traditional system management vendors and cloud born vendors? Or can any company meet the needs of managing both traditional apps and the new approaches -- and provide a full solution? Watch Edwin give his answer on whether convergence can exist!
  • Hyperconvergence: Is there a tension between public cloud and hyperconverged systems? Is this a zero-sum game, or will hybrid approaches win over? Battle or peace? Terri shares her views!

Topics: Cloud Services & Orchestration

2017 Enterprise Storage Predictions (Video)

With 2016 behind us, I recently had some time to sit down and record my thoughts on the storage industry for 2017. While I do not wish to spoil the predictions in the video too much, there are a few key points that I would like to make to set the stage.

  1. Public cloud services are fundamentally transforming the storage industry, to a point where the industry could look very different in five years.
  2. In response, on-premises storage solutions have seen insane levels of innovation over the past couple of years, in technologies such as all-flash, hyperconverged infrastructure, and software-defined storage.
  3.  However, the multi-billion dollar question is, “Is it enough?”
Topics: Storage Converged Infrastructure Cloud Services & Orchestration

Anticipating RSA Conference 2017

I will be attending RSA Confererence 2017 (US), along with other ESG analysts, and this year's theme is "Power of Opportunity."  

I want to see what that means from a positive light in terms of what type of opportunities are in front of us, and not be concerned with the dangers of the cybersecurity crisis that some people like to paint.

As I mentioned in the Predictions for Networking blog and video, networking is a critical aspect of security and with current changes in infrastructure  designs, offers challenges and an opportunity to rework it to provide better security.

Topics: Networking Cloud Services & Orchestration

2017 Big Data & Analytics Predictions: Part 1: The Cloud (Video)

It still feels strange to write "2017" on checks, but that's probably because checks are a financial anachronism at this point. In any case, a new year is well upon us, and that means we need to be looking forward to the three biggest big data and analytics trends that will impact our industry of insights. First in the series today is all about the public cloud. Watch the video below for my hot take:

Topics: Data Platforms, Analytics, & AI Cloud Services & Orchestration

Networking: Predictions for 2017 (Video)

2017 will be continuation of the trends that we have seen in the past few years. Networking is a conservative area that works well, so people don't have a sudden urge to rip and replace their infrastructure.

Here are three areas that I think will undergo rapid change in 2017.




Topics: Networking Cloud Services & Orchestration

HPE Acquires SimpliVity as the Market (Hyper)Converges

As you've probably heard by now, HPE announced this week that it intends to acquire hyperconverged infrastructure vendor SimpliVity. This is a definitively good move for HPE. The deal certainly isn't as big as Dell EMC, but it does have far reaching portfolio implications for HPE and its customers and it puts HPE in a much stronger position to take on Dell EMC. HPE now brings more value to the discussion and this aligns with their higher level strategy of focusing on “stack” value.

For IT professionals this is a certainly a win.  HPE is going to bring this to market with force and that will result in more competition, better support and improved buyer leverage.

Topics: Converged Infrastructure

The Case for a Security Operations and Analytics Platform Architecture (SOAPA) - Includes Video

Improving threat detection efficacy and the operational efficiency of doing so has been at odds due to a number of factors including how the adoption of cloud services and worker mobility has expanded the attack surface area, the acute shortage of cybersecurity skills, and the proclivity to employ a series of disparate, disintegrated point tools. These tools include sensors that provide telemetry across the network, endpoints, and the cloud correlated, and when enriched with external threat intelligence, can enable incident response, automated security operations, and threat hunting use cases. But the lack of a reference architecture to engineer how the elements of federated platforms enable such use cases makes these capabilities available for only the most well-resourced organizations. In this video my colleague Jon Oltsik and I discuss how a Security Operations and Analytics Platform Architecture (SOAPA) can help organizations integrate previously siloed tools into a coordinated solution that enables them to shorten time to detection and streamline response.

Topics: Cybersecurity SOAPA

Endpoint Security in 2017

Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. 

Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.

Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. 

Topics: Cybersecurity

Checking on Kudu

Compromise is tough. I'd like a new car that gets over 50 miles per gallon, with 500 horsepower, comfortably seats 8, fits in a small parking spot, looks great, and costs less than $25,000. Not happening anytime soon.

Big data architects want it all. Efficient, fast, scalable, convenient, innovative, and inexpensive. They may have better options with Hadoop than I do with car buying. While HDFS and Hbase have proven themselves as sound choices for file system and NoSQL database approaches, Kudu is stepping up as a relational database that fits squarely between them.

Topics: Data Platforms, Analytics, & AI

Thoughts on Incident Response Automation and Orchestration

Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me:

Topics: Cybersecurity

2017 Data Protection Predictions (Video)

We’re already into 2017, so here are three topics that really ought to be reconsidered and/or focused on in order to ensure that as you modernize production, your protection strategies are up to the tasks at hand:

Cloud – While many organizations continue to investigate where cloud will fit within their data protection strategy, it is NOT inevitable that all things go cloudy. In addition, there isn’t one kind of cloud service that applies to data protection, nor is there a defacto scenario that universally screams “use the cloud, dangit!” (other than endpoints).

Topics: Data Protection

The Good News/Hard Truth about Storage Management Software


Not so long back at ESG, we were asked to comment on the current state of the storage management software space. Remember that space? The question was really focused on a comparative evaluation of the various tools available, but frankly, it made us think more about the long-term relevance of what had been a pretty interesting niche within the overall data storage and management universe. More specifically, it made us wonder with some rigor whether all the current talk of SDS-this and orchestration-that mitigates in favor of storage management software or against it?

Topics: Storage

Cybersecurity Pros to Trump: Critical Infrastructure Is Very Vulnerable to a Cyber-attack

Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:

"Whether it is our government, organizations, associations or business we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” 

These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.

Topics: Cybersecurity

2017: The Year of Cybersecurity Scale

It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe that 2017 will be remembered as the year when cybersecurity analytics and operations encountered a wave of unprecedented scale. 

Topics: Cybersecurity SOAPA

In the Age Of Never-ending Technology Conquests, Common Sense Still Trumps All

Left unchecked, engineers will never actually finish a product. They can always find another great feature to jam into it, and it will only take a few more months. Conversely, salespeople can always sell what’s next way easier than they can sell what’s now. This polarity works, normally. When either is out of balance, companies screw up.

I have a 2015 Chevy Tahoe. Lovely (mostly) vehicle. Has a tremendous amount of bells and whistles. Too many to be useful. Case in point; when I approach a toll booth, the car actually says, “Warning: toll booth.” Someone spent time and money engineering software to determine that a toll booth is within 57 feet of me, and decided it was imperative that the vehicle let me know this fact. Because otherwise I may not know by the simple facts that I’m A: at a toll booth, B: at the toll booth with 8 billion others, or C: it’s probably not a good idea to accelerate to 120MPH whilst going through a toll booth. Fortunately, in this new technology advancement age, the toll booths in MA have all been torn down – and there are new overhead invisible toll suckers in the sky on the highways, which read our plates or tags and charge us accordingly. So now, even when I’m not actually driving through a toll booth, my car still reminds me that I’m driving under a virtual toll booth. That is a prime example of overthinking a non-existing problem.

ESG 2017 Predictions - Cybersecurity, Part 2 (Video)

This is the second in a two-part video series from my colleague Jon Oltsik and I discussing cybersecurity topics on our radar screen for 2017. In contrast to the breaches of 2016 we note some of the truly great work by the collective white hat community, the need to secure at cloud scale, market segments ripe for consolidation, the role of SIEMs in the emerging security operations and analytics platform architecture (SOAPA), as well as a few off the radar screen threads. With RSA Conference earlier on the calendar this year we’ll be sharing some pre-show thoughts in the next few weeks and look forward to seeing everyone at the renovated Moscone Center in February.

Topics: Cybersecurity

Security Data Growth Drives Security Operations and Analytics Platform Architecture (SOAPA)

Happy new year, cybersecurity community!  Hope you are well rested, it’s bound to be an eventful year ahead.

Way back at the end of November 2016, I posted a blog about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their SOCs. This will continue but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (i.e., security operations and analytics platform architecture). 

Topics: Cybersecurity SOAPA