ESG Blogs

Judging by this week’s Capital One breach and Equifax settlement, cybersecurity remains a topical if not ugly subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community will get together next week in Las Vegas for Black Hat and Defcon to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. 

As Black Hat 2019 quickly approaches, I couldn’t help but think back to the tail-end of my previous life attending industry conferences as an analyst covering network security. By 2014, you couldn’t get a conversation with a user on the show floor if you were a firewall vendor that didn’t offer robust application control. Palo Alto Networks had successfully shifted the industry focus to application layer inspection and next-generation firewalls had all but been accepted as the default standard for network protection. This transition addressed the fundamental shift in internet usage affecting the way we live and work. Traditional Layer 3 and 4 scanning could not provide the visibility and control over Layer 7 traffic required to protect the modern enterprise. Of course, at the time it was the need for control over applications like Facebook, Twitter, and YouTube driving the change. But it clearly foreshadowed the upcoming transition to cloud application usage.

The Israeli tech news site, Globes, reported today that Amazon is acquiring the NVMe flash storage start-up, E8. The report mentions the deal is estimated to be between $50 and $60 million. However, the article also notes that other sources estimate the deal might have been for less.  

So, why is Amazon buying E8?

At this time, I have not seen an official statement from Amazon. I speculate, however, that this is a technology, rather than a business, acquisition, something that offers high performance NVMe storage that fits Amazon’s hyperscale architecture. E8’s technology may be delivered as an ultra-fast storage tier. Or Amazon may use the technology in future versions of Outposts. Either presents a fascinating opportunity for Amazon and its customers.  

Stu Bradley, VP of fraud and security intelligence stopped by the ESG video studio to participate in our latest SOAPA video. 

If you are a cybersecurity professional and you don’t know SAS, I strongly suggest you watch this video (and part 2 which is posted here). SAS Software has had a leadership role in data analytics for years and is now applying its craft to cybersecurity. In part 1 of this SOAPA video, Stu and I discuss:

Over the past five years, we’ve seen an explosion in security data collection, processing, and analysis. As part of a recent security analytics research project, ESG found that 28% of organizations claimed that they were collecting, processing, and analyzing significantly more security data than they did 2 years ago, while another 49% were collecting, processing, and analyzing somewhat more data during the same timeframe.

Security loves to tout the “blinky lights” or the newest technology. Don’t get me wrong, advancements in firewalls, endpoint detection and response (EDR), cloud access security brokers (CASBs), and others have revolutionized protection in their respective corners of the environment. But a more holistic approach is needed. I talk a lot about services helping the organization manage and monitor its blinky lights with managed security services (MSS), and others in the industry discuss staff augmentation as a key component of services because of the skills shortage. (Note, three-quarters of cyber professionals state they have been impacted by the skills shortage.) These are necessary pieces of services. But the biggest reason services matter goes beyond these two: To mature, security must grow beyond the tactical management of security products and become more strategic thinking.

Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA Security Conference circa 2012 or so. 

This is an accurate comparison from an attendance perspective but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs), threat intelligence, and defensive playbooks. Rather than host lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.

When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say that NTA is a “first line of defense” for detecting and responding to threats.  

One of the pleasures of my job is speaking at events, some vendor-internal and some public. I say to speak ‘at’ but the formal presenting is really just the job aspect…much of the pleasure comes from the speaking with that naturally accompanies these engagements.

One example was when I addressed HPE’s Americas Storage Sales Kick Off in [mainly cloudy!] Orlando back in January. It was interesting because, frankly, for some time now, ‘storage’ would not be the first choice in a game of word association after HPE is uttered. At least not for anyone who was not in attendance in Orlando! Yes, there’s been progress and of course there are highlights; moreover, HPE is a huge machine so its revenue in all areas is pretty significant. But there has been little really new with which to grab the spotlight for storage – 3PAR and Nimble are established standards, and even HPE’s magnificent InfoSight analytics tool is delivering more genuine value than innovative excitement these days.

According to ESG research, 74% of cybersecurity professionals believe that cyber-risk management is more difficult today than it was two years ago. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries.

Okay, so there’s a cyber-risk management gap at most organizations--so what are they going to do about it? The research indicates that: