A few years ago, the cybersecurity industry adopted a new mindset that went something like this:
Recently the NSA, a highly secure US government entity, left an unprotected disk image loaded with classified information right out in public on AWS.
AWS, as an established public cloud leader, can afford to rest on its laurels, but with competitors sprinting behind it, it is not slowing down in any way. During the Global Partner Summit at the re:Invent trade show, there were numerous announcements, including the Networking Competency for AWS Partners and the availability of PrivateLink for customer and partner network services.
Are there any patterns I see?
Here’s a quick review of some of the cybersecurity skills shortage data I’ve cited in recent blogs:
Jack Poller, on Nov 22, 2017
According to my colleagues Mike Leone, Edwin Yuen, and Terri McClure, organizations are now confident enough in HCI that they’re deploying HCI as their primary infrastructure housing their tier-1 applications. Thus, buying criteria has evolved from answering “Can this offering support my applications?” to “How well can it support my application?”
Jon Oltsik, on Nov 22, 2017
As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors.
Public cloud has its pros and cons, but enterprises today can't afford to be anti-cloud.
After I moderated a panel discussion at Interop ITX titled "Cloud Adoption Experiences: Backlash or Goodness?" some attendees said they were disappointed that all three panelists were enthusiastic about using a public cloud provider. Were they expecting a spirited debate or even fight on stage, or were they looking for a way to justify their existing systems? Ultimately, the feedback indicated that attendees need to understand the pros and cons of public cloud to make their IT decisions. They’re looking to do the right thing for their organizations.
Read the rest on Network Computing.
Edwin Yuen, on Nov 21, 2017
Now more than ever, the IT world is a giant game of buzzword bingo, where vendors are adopting hot buzzwords for their products like they are writing a online dating profile. One of the biggest buzzwords that I run into is DevOps. There probably isn't an application or management product out there that doesn't claim to be DevOps or enable DevOps.
Jon Oltsik, on Nov 20, 2017
ESG recently published a new research report titled, The Life and Times of Cybersecurity Professionals, with its research partner, the Information Systems Security Association (ISSA).
The research looks closely at the ramifications of the cybersecurity skills shortage – beyond the obvious conclusion that there are more cybersecurity jobs than people with the right skills and background to fill these jobs.
In the second part of my SOAPA video with Arabella Hallawell from Arbor Networks, we discuss:
In my last blog, I reviewed some new research from ESG and the Information Systems Security Association (ISSA), revealing that 70% of cybersecurity pros say that the global cybersecurity skills shortage has impacted their organizations. Based upon this and other similar research, I’m convinced that the cybersecurity skills shortage represents an existential risk to our data, businesses, and national security.
Jon Oltsik, on Nov 14, 2017
I’ve been writing about the cybersecurity skills shortage for 7 years, clucking like a digital "chicken little" to anyone who would listen. If you’ve followed my blogs, you probably know that ESG research from early 2017 indicated that 45% of organizations said they have a problematic shortage of cybersecurity skills. This data represents large and small organizations across all geographic regions so the cybersecurity skills shortage can be considered a pervasive global issue.
Terri McClure, on Nov 14, 2017
There is a lot of hype around hyperconverged infrastructure (HCI). All the big vendors and a number of lesser-known smaller ones are in the game. Dell EMC has doubled down on its HCI portfolio investments; NetApp is entering the market leveraging its Solidfire technology; HPE is investing in growing its SimpliVity line; Cisco acquired Springpath so it could offer its own line, but it also partners with Nutanix, HPE and just about everyone else! Speaking of Nutanix, it was a category pioneer (along with SimpliVity) and its Dell EMC branded business is still growing, even though Dell EMC has somewhat competing products with VxRack and VxRail (the 3 HCI products serve different use cases - a topic for another blog!). Nutanix is also doing a healthy business through Lenovo and its channel partners and it has an agreement with IBM to offer its HCI on Power systems. Lesser-known (but fast growing) Pivot3 just announced 50% growth in bookings! Hitachi Vantara has a product it is also leveraging for Lumada IoT, and VMware sells vSAN for HCI use cases. I'm still just scratching the surface- I know I've left some vendors out - it's a long list!
Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc.
Mark Bowker, on Nov 10, 2017
As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.
Siemplify, like other companies I’ve interviewed, is a security operations technology company. What sets Siemplify apart, however, is the background of its founders. This team isn’t composed of serial startup technologists from Silicon Valley, but rather cybersecurity experts from Israel. In fact, Amos Stern spent a good portion of his career as a security analyst, building SOCs, and training security personnel.
Jack Poller, on Nov 9, 2017
Hyperconverged infrastructures (HCI) are one of the drivers of the current data center revolution—39% of organizations have already deployed their first HCI solution.
Mark Bowker, on Nov 9, 2017
IAM creates the first link in the “chain of trust” when a user, device, or a connected thing authenticates with a trusted source. Establishing this initial handshake is critical since it initializes the path to access and authorization—no wonder IAM has quickly become a renewed focal point for IT operations and information security professionals. To that end, ESG recently completed an IAM research study to validate existing business pain points around authentication, IAM professional white board priorities, and opportunities for IAM vendors to differentiate themselves amongst the countless tools littering a complex IAM landscape that are leading to buyer confusion.
According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:
I guess I still think like a product manager. In my last blog, the first of a few analyzing key findings from ESG’s recent endpoint security, I shared my take on the net-net design center for contemporary endpoint security solutions, one that serves two masters – efficacy and efficiency. The state of endpoint security can be characterized as one of constant change in which organizations are implementing compensating measures to improve both the efficacy and efficiency. But what factors are driving the “efficient efficacy” market requirement?
With respect to efficacy, ESG’s endpoint security research highlights that customers have experienced, and are concerned about, a diverse range of threats:
Dell EMC made a broad swathe of announcements pertaining to its midrange storage systems this week.
Aside from the product news (and there’s certainly some important technological advances/catch-ups in the announcement*) there’s notable news on the commercial front, with Dell EMC launching its full blown “Future Proof Storage Loyalty Program.” It is a mix of assurances, flexibility, and guarantees - and I think one would have to say that objectively it’s pretty darned good. Certainly, having such assurances from a market leader like Dell EMC will be especially welcome for its myriad users (and channel partners too, I would imagine).
Today Dell EMC announced an update to its midrange storage portfolio. And with the addition of several new and compelling features to both Unity and SC, Dell EMC reaffirms its commitment to both midrange product lines.
So what's new?
For the SC family, Dell EMC introduces two options, the SC5020F and the SC7020F. The takeaway here is the move to flash, with Dell EMC claiming all-flash performance of up to 399,000 IOPS per array and 3.9 million aggregate IOPS per multi-array federated cluster. As part of the SC family, the SC5020F and SC7020F support the core SC functionality, such as federated clusters for scalability, data deduplication and compression, along with an all-inclusive software model.
Jon Oltsik, on Nov 7, 2017
My colleague Mark Bowker just completed some comprehensive research on identity and access management (IAM) challenges, plans, and strategies at enterprise organizations. As a cybersecurity professional, I welcome this data. Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning.
As part of the ESG SOAPA video series, Amos Stern, CEO of Siemplify, stopped by the ESG studio last week to join the discussion. Not familiar with Siemplify? The company was founded by a team of experienced security operations experts who believe that security operations technology should be easier, provide greater integration, and align better with SOC processes. Based upon these goals, Siemplify offers a product called ThreatNexus, a security operations platform designed to help analysts manage, investigate, and automate, and centralize security operations.
PJ Bihuniak, COO of ThetaPoint, has a wealth of experience and knowledge in security operation, going back to his time at ArcSight. PJ is still active in this area, as ThetaPoint specializes in professional and managed services for security operations. It was great having him participate in the ESG SOAPA video series.
In part 2 of our video, PJ and I discussed:
Dan Conde, on Nov 2, 2017
The announcement of VMware’s intention to acquire VeloCloud signals the broadening of the NSX Everywhere story. SD-WAN is a solution that offers agility, security, orchestration, and other business outcomes for remote and branch offices. It should not be considered just an MPLS replacement for the WAN with savings on bandwidth costs.
At a core level, both NSX and VeloCloud’s products are based on an overlay network, which offers the flexibility to treat a logical network separately from the physical network, and this core concept has been popularized for many years via MPLS. Ironically, it’s the perceived lack of flexibility and costs of MPLS that have become the initial drivers for the popularization of SD-WAN, which promised to modernize the branch networks and WAN.
Mark Peters, on Nov 2, 2017
ESG recently completed in-depth research on the state of the storage market; its own technologies and market trends as well as its key intersections to other notable IT implementations and shifts. We are presenting some of the extended highlights from the findings in multiple ESG Briefs (each focused on a particular topic), as well as tighter summaries of those Briefs in accompanying ESG videos. These will be rolling out over the next few weeks and we’ll capture all the available links in these blogs each time a new piece is posted.
As we ease into 2018, endpoint security technology is in play. Next-generation players like Barkly, Cylance, and SentinelOne offer products based upon machine learning algorithms to block traditional and new types of threats. EDR experts like Carbon Black, CrowdStrike, and Cybereason monitor PC behavior looking for anomalous activity. Meanwhile, traditional vendors like McAfee, Sophos, Symantec, Trend Micro, and Webroot are buying companies and adding new functionality to their products to provide a one-stop endpoint security shop.
Dan Conde, on Nov 1, 2017
The Internet of Things will move more processing to telecom suppliers' facilities.
Network engineers have traditionally treated networks managed by their telecom suppliers as outside their immediate domain of concern. The telco network was brought into the data center, appropriate routes or peering set up, and that was it.