ESG Blogs

Cyber Pros Join Together for a Night of Classic Rock

In conjunction with the AWS re:Inforce conference last week, ESG hosted an evening of classic rock, where we invited our clients to join us on the stage at the Hard Rock Café Boston for a classic rock jam night. While a few of the musicians knew each other, most did not, yet they jumped right in to perform tunes from bands like Led Zeppelin, Billy Squier, Pat Benatar, AC/DC, and many more.

In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.

Winning in this market requires more than just a deep understanding of cyberattacks and how to stop them. It requires a deep understanding of what challenges organizations are facing as they strive to protect themselves while their attack-surface grows, amid a growing base of adversaries who are innovating at a pace that rivals many of the world’s most successful tech companies.

As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.

Finding the right metrics to measure the effectiveness of your security programs can be challenging and subjective. While most everyone can agree on the ultimate objective of preventing breaches, there is much discussion about how to objectively measure and report on the effectiveness of everything between your first dollar invested in security and your planned security investments for the coming year.

As organizations struggle with the complexity and number of security tools in use, the dream of an integrated platform seems convincingly like a good idea. Surely life would be less complex with fewer tools to manage, systems that were designed and built to work together, and fewer vendors to deal with. But there will be new challenges and tradeoffs to consider that will require some planning and effort.

I had a terrific week at RSA, meeting and talking with many of the world’s leading endpoint security and application security vendors. Every year, RSA provides a unique opportunity to take a fresh look at new and existing vendors, through in-person meetings with technical and marketing leaders, and checking out messaging through booths, signage, and materials.

As adversaries continue to be more aggressive and more targeted in their attack techniques, security teams are continuously challenged to implement more comprehensive endpoint protection strategies to keep up. Next-generation security vendors like Carbon Black, CrowdStrike, and Cylance have set the agenda, delivering integrated prevention, detection, and response platforms leveraging the cloud and a single agent. Established endpoint players like Symantec, Trend Micro, and Sophos have quickly responded, delivering integrated solutions leveraging both cloud and a common agent. ESG research shows that 77% of companies surveyed plan to move to an integrated security suite with a preference towards a single vendor, with an even split between companies who are looking to next-gen providers and those looking to the large, established security players.