Blogs

The Israeli tech news site, Globes, reported today that Amazon is acquiring the NVMe flash storage start-up, E8. The report mentions the deal is estimated to be between $50 and $60 million. However, the article also notes that other sources estimate the deal might have been for less.  

So, why is Amazon buying E8?

At this time, I have not seen an official statement from Amazon. I speculate, however, that this is a technology, rather than a business, acquisition, something that offers high performance NVMe storage that fits Amazon’s hyperscale architecture. E8’s technology may be delivered as an ultra-fast storage tier. Or Amazon may use the technology in future versions of Outposts. Either presents a fascinating opportunity for Amazon and its customers.  

Stu Bradley, VP of fraud and security intelligence stopped by the ESG video studio to participate in our latest SOAPA video. 

If you are a cybersecurity professional and you don’t know SAS, I strongly suggest you watch this video (and part 2 which is posted here). SAS Software has had a leadership role in data analytics for years and is now applying its craft to cybersecurity. In part 1 of this SOAPA video, Stu and I discuss:

Over the past five years, we’ve seen an explosion in security data collection, processing, and analysis. As part of a recent security analytics research project, ESG found that 28% of organizations claimed that they were collecting, processing, and analyzing significantly more security data than they did 2 years ago, while another 49% were collecting, processing, and analyzing somewhat more data during the same timeframe.

Security loves to tout the “blinky lights” or the newest technology. Don’t get me wrong, advancements in firewalls, endpoint detection and response (EDR), cloud access security brokers (CASBs), and others have revolutionized protection in their respective corners of the environment. But a more holistic approach is needed. I talk a lot about services helping the organization manage and monitor its blinky lights with managed security services (MSS), and others in the industry discuss staff augmentation as a key component of services because of the skills shortage. (Note, three-quarters of cyber professionals state they have been impacted by the skills shortage.) These are necessary pieces of services. But the biggest reason services matter goes beyond these two: To mature, security must grow beyond the tactical management of security products and become more strategic thinking.

Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA Security Conference circa 2012 or so. 

This is an accurate comparison from an attendance perspective but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs), threat intelligence, and defensive playbooks. Rather than host lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.

When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say that NTA is a “first line of defense” for detecting and responding to threats.  

One of the pleasures of my job is speaking at events, some vendor-internal and some public. I say to speak ‘at’ but the formal presenting is really just the job aspect…much of the pleasure comes from the speaking with that naturally accompanies these engagements.

One example was when I addressed HPE’s Americas Storage Sales Kick Off in [mainly cloudy!] Orlando back in January. It was interesting because, frankly, for some time now, ‘storage’ would not be the first choice in a game of word association after HPE is uttered. At least not for anyone who was not in attendance in Orlando! Yes, there’s been progress and of course there are highlights; moreover, HPE is a huge machine so its revenue in all areas is pretty significant. But there has been little really new with which to grab the spotlight for storage – 3PAR and Nimble are established standards, and even HPE’s magnificent InfoSight analytics tool is delivering more genuine value than innovative excitement these days.

According to ESG research, 74% of cybersecurity professionals believe that cyber-risk management is more difficult today than it was two years ago. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries.

Okay, so there’s a cyber-risk management gap at most organizations--so what are they going to do about it? The research indicates that:

Today, Google Cloud announced that it has entered into a definitive agreement to acquire Elastifile. For those of you who are not familiar the emerging storage firm or why Google might want to acquire the company, let me help break it down.

Jerry Garcia once said the Grateful Dead is like black licorice—you either love them or hate them. Well, I have finally been able to make a connection between the Dead and cybersecurity as it sure seems to me that “DevSecOps” is the Grateful Dead of cybersecurity—you either love it or hate it.

Early in my high-tech career, SUN Microsystems was thought of as a computing visionary. SUN coined an intriguing company tagline early on, "the network is the computer." What did this mean? That IT infrastructure was linked together in a loosely coupled architecture, tied together via networking technologies like Ethernet cables and the TCP/IP protocol. Thus, it was critical to engineer the network correctly to maximize network availability, performance, and business benefits.

In this latest edition of Data Protection Conversations, I speak with David Chang, Senior Vice President of Products at Actifio. We discuss the company's data protection announcements from Actifio Data Driven 2019, held in Boston.

Cyber Pros Join Together for a Night of Classic Rock

In conjunction with the AWS re:Inforce conference last week, ESG hosted an evening of classic rock, where we invited our clients to join us on the stage at the Hard Rock Café Boston for a classic rock jam night. While a few of the musicians knew each other, most did not, yet they jumped right in to perform tunes from bands like Led Zeppelin, Billy Squier, Pat Benatar, AC/DC, and many more.