John Grady

John Grady

ESG Analyst John Grady covers network security at ESG. John leverages over 15 years of IT vendor and analyst experience to help clients identify and quantify key market trends to facilitate data-driven business decisions. Prior to ESG, John spent four years at Symantec, where he was responsible for developing market insights in support of product, go-to-market, and executive stakeholders. Previous to that, John worked as an analyst covering network, web, and email protection, leading initial research initiatives on then-emerging areas such as advanced threat prevention and DDoS. As an analyst, he has also focused on infrastructure channels, assessing and advising on the go-to-market strategies of IT vendors, especially from an indirect perspective. John has been quoted in Network World, CSO, eWeek, and Investor’s Business Daily, among other publications. He holds a B.A. in History from Providence College in Providence, Rhode Island.

Recent Posts by John Grady:

Fastly’s Acquisition of Signal Sciences Highlights the Growing Importance of Converged Application Protection

The application security market is in a state of transition as legacy approaches to web application firewall, API protection, bot mitigation, and DDoS prevention have struggled to meet the needs of modern applications. The decentralization of application development and shift to agile methodologies, significant shortage of security skills with regards to applications, and evolution towards sophisticated, multi-vector attacks have forced organizations to rethink their approaches to application security. The evolution towards WAAP, or web application and API protection has been a direct result but remains a work in progress, with many providers just starting to loosely couple the required pieces.

Topics: Cybersecurity

A Zero-trust Discussion with ESG's John Grady and Mark Peters (Video)

Zero-trust has seen an explosion in interest over the last few years. As the perimeter has become increasingly porous due to cloud usage and distributed network architectures, a fresh look at some of the foundational cybersecurity concepts was sorely needed. This has only been exacerbated by the pandemic, with many organizations not only supporting a primarily remote workforce, but also trying to complete their digital transformation journey in a matter of months, rather than the years they originally planned.

Topics: Cybersecurity

The Elastic Cloud Gateway Architecture as an Implementation Path to SASE

The first blog I wrote about elastic cloud gateways prior to Black Hat 2019 referenced next-generation firewalls relative to the shift to application-centric, Layer 7 scanning, and the massive impact that had on the network security market. What I didn’t appreciate at the time is how similar the trajectory of the two spaces would be. In the 10 months since Black Hat, we’ve witnessed a massive amount of momentum in this area. In fact, recently completed ESG research on elastic cloud gateways found that 94% of organizations reported usage of, or some level of interest in, these types of solutions. With secure access services edge (SASE) having become common terminology within the network security space, I’m often asked what the difference is between ECG and SASE. The fact is, there are many more similarities than differences; however, the differences that do exist are important.

Topics: Cybersecurity

Elastic Cloud Gateway Research Discussion with Jon Oltsik and John Grady

To explore user perspectives around SASE solutions and elastic cloud gateway architectures, ESG recently completed a research study on the convergence of network security tools through a consolidated, cloud-delivered platform. The study explored pain points with current approaches and tools, interest in and important elements of an ECG approach, and what organizations expect to gain from implementing an ECG architecture. To explore some of the research, I invited my colleague Jon Oltsik to discuss the findings and what they mean.

Topics: Cybersecurity

Zscaler Looks to Build on Zero-trust Access Momentum with Edgewise Acquisition

In addition to reporting very strong growth in its fiscal third quarter, Zscaler announced the completed acquisition of Edgewise Networks last week. At a price tag of $31 million, this won’t be a deal that turns many heads, but maybe it should. We’ve seen much of the industry shift to a cloud-delivered network security approach over the last 10 months, something ESG calls elastic cloud gateways (ECGs). In many ways, this is the logical evolution of the approach Zscaler introduced more than 10 years ago. However, the Edgewise Networks deal, along with the recent acquisition of cloud security posture management (CSPM) vendor Cloudneeti show that Zscaler is beginning to think beyond just user access and toward a broader approach to cloud security overall. Specifically, the addition of Edgewise Networks strengthens Zscaler’s zero-trust capabilities to address not only the workforce, but also applications and workloads.

Topics: Cybersecurity

ESG Digital Work Survey – Cybersecurity Takeaways

ESG recently completed an interesting study where, rather than surveying IT buyers and practitioners as is normally the case, we targeted employees in non-IT roles like sales, human resources, marketing, and finance. This provided a view of how the typical worker thinks about technology and the impact it has on their professional life. While a lot of the survey focused on end-user focused processes and technologies (mobile devices, applications, voice assistants), respondents were also asked for their perspectives on cybersecurity.

Topics: Cybersecurity

Exploring the Cloud-native Aspect of Elastic Cloud Gateways

In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach.

Topics: Cybersecurity

Palo Alto Networks Announces DLP and SD-WAN Capabilities to Further Its Elastic Cloud Gateway Architecture

When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.

Topics: Cybersecurity

Time Flies…Recapping McAfee’s MPOWER 2019

McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it's worth, I felt that my time attending was well-spent. McAfee’s always done a good job focusing its message and approach for these types of events, and this year was no different. The major announcements focused on cloud and analytics, with a bit of open architectures and partnerships included as well – all top of mind priorities for security practitioners.

Topics: Cybersecurity

Recapping Juniper's Industry Analyst Day

I had the opportunity to attend Juniper’s analyst event at its Sunnyvale, California headquarters on September 10. Truth be told, Juniper has been fairly quiet on the security front for the last few years, so I was interested to get up to speed on the company’s direction. Juniper divested the Pulse Secure portion of its portfolio in 2014 and since that time has not always articulated a consistent vision around, or emphasis on, security. My impression after listening to CEO Rami Rahim and CTO Bikash Koley lay out Juniper’s corporate vision and how the Connected Security approach ties in, is that they do see security as a core component of the overall strategy, especially as it relates to expanding the company’s enterprise footprint. Admittedly, there weren’t a lot of specifics provided relative to security announcements, but I’m an optimist and believe there will be some meat put on the bone sooner rather than later.

Topics: Cybersecurity