SOCaaS versus Managed SOC (with video)

We live in a sea of acronyms: SOC, MSS, MDR, IDS, IDP, SOCaaS, SECaaS… Three of these in particular are causing consternation in the market: SOCaaS, MSS, and MDR. Let’s see if we can shed some light on them.

Topics: Cybersecurity

SOAPA Video with Devo (Part 2)

In part 2 of my SOAPA video with old friend Dimitri Vlachos from Devo, we discuss:

  1. Devo use cases. Dimitri describes some of the most popular security use cases for Devo, including threat detection, security analytics/investigations, and threat hunting. I’ve got to hand it to Dimitri as he came up with one of the best SOAPA video soundbites ever, “You can’t use old tools to cover new security analytics needs.”
Topics: Cybersecurity SOAPA

Endpoint Security Is Consolidating, but What Does That Mean?

In 2017, my colleague Doug Cahill conducted research on endpoint security. Back then, the research indicated that 87% of organizations were considering a comprehensive endpoint security suite rather than several disconnected endpoint security point tools.

Topics: Cybersecurity

The Case for Continuous Automated Security Validation (CASV)

Chinese military strategist Sun Tzu is quoted as saying, “if you know the enemy and you know yourself, you need not fear the results of a hundred battles.” In cybersecurity terms, this means knowing the cyber-adversaries and associated tactics, techniques, and procedures (TTPs) they use to attack your organization. Additionally, Sun Tzu’s quote extends to an organizational reflection where you must know everything about your technical, human, and even physical vulnerabilities in order to apply the best protection for critical assets.

Topics: Cybersecurity

SOAPA Video with Devo (Part 1)

Whip it good--as old friend Dimitri Vlachos from Devo stopped by the ESG video studio to kick off our 2019 SOAPA video series. If you are unfamiliar with Devo, the company describes itself as follows:

Devo delivers real-time operational and business insights from analytics on streaming and historical data to operations, IT, security, and business teams at the world’s largest organizations.

Topics: Cybersecurity SOAPA security operations security analytics

Endpoint Security Platforms Destined to Simplify Operations and Reduce Complexity, but There Are Risks

As organizations struggle with the complexity and number of security tools in use, the dream of an integrated platform seems convincingly like a good idea. Surely life would be less complex with fewer tools to manage, systems that were designed and built to work together, and fewer vendors to deal with. But there will be new challenges and tradeoffs to consider that will require some planning and effort.

Topics: Cybersecurity endpoint security

OpenC2 Can Accelerate Security Operations, Automation, and Orchestration

Over the past few years, ESG has promoted the security operations and analytics platform architecture (SOAPA). Just what is SOAPA? A multi-layered heterogenous architecture designed to integrate disparate security analytics and operations tools. This architecture glues incongruent security analytics tools together to improve threat detection, and then tightly-couples security analytics with operations tools to accelerate and automate risk mitigation and incident response. After all, you can have great security analytics for investigations, threat hunting, and root-cause analysis, but this all means diddlysquat if you can’t use these analytics to make and execute timely incident response and risk mitigation decisions.

Topics: Cybersecurity SOAPA

Vulnerability Management Woes Continue but There Is Hope

I remember giving a presentation when I first started working in cybersecurity in 2003 (note: it was called information security back then). I talked about the importance of good security hygiene, focusing on deploying secure system configurations, managing access controls, and performing regular vulnerability scans. 

Topics: Cybersecurity

The Cybersecurity Technology Consolidation Conundrum

If you are in the cybersecurity market, you’ve heard (or read) about the point tools problem hundreds or thousands of times. Enterprise organizations base their cybersecurity defenses on dozens of point tools from different vendors. These point tools don’t talk to one another, making it difficult to get a complete end-to-end picture for situational awareness. This also leads to tremendous operational overhead as the cybersecurity staff is called upon to act as the glue between disparate tools.

Topics: Cybersecurity

The State of Endpoint and Application Security (Includes Video)

I had a terrific week at RSA, meeting and talking with many of the world’s leading endpoint security and application security vendors. Every year, RSA provides a unique opportunity to take a fresh look at new and existing vendors, through in-person meetings with technical and marketing leaders, and checking out messaging through booths, signage, and materials.

Topics: Cybersecurity