ESG Blogs

Folks come to cybersecurity services for a lot of reasons, complexity and compliance being two of the top ones. In fact, 40% of respondents to a recent ESG cybersecurity services study state that they need advice on dealing with the complexity from multi-cloud and hybrid architecture. And another 26% specifically call out that they need help rearchitecting their security posture during cloud migration and digital transformation efforts.

The set of announcements at AWS’s annual re:Invent is always impressive, albeit a bit of a firehose for which AWS’s own Amazon Kinesis data streaming processing engine would be helpful. At last week’s AWS re:Invent, a seminal annual IT event only AWS can get away with scheduling the week after Thanksgiving, the company announced a number of important security capabilities, some small, some big, all customer-driven. Thematically, in addition to a clear focus on identity and access management features designed to help customers rein in their AWS identities and secure S3 buckets, AWS is clearly focused on enabling enterprise-class use cases.

Getting Email Security Right Is More Important than Ever Before

With business email compromise racking up some of the largest financial theft associated with cyber-crime, and the relentless use of phishing as a means to trick users into handing over user credentials and other personal and sensitive data to bad actors, security organizations need to take a hard look at how their email security solutions are protecting against these issues.

In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach.

When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.

I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.

Good move by Secureworks partnering with Microsoft. I wrote a blog just a few days ago about how cloud providers are blurring the lines in cybersecurity services delivery, especially in managed security services.

A ZDNet article yesterday brought to my attention today just how far Microsoft has moved the needle to becoming a cybersecurity services provider. Increasingly, cloud providers are entering this market and Microsoft has started off by providing the most important services to cloud customers. Cloud has become a ubiquitous infrastructure and buyers are demanding cloud security monitoring and alerting. In fact, 40% of respondents to a recent ESG cybersecurity services study state that these services are must-haves from managed security services providers (MSSPs). In this instance, Microsoft can be considered an MSSP as it offers many of the services in this market.

Microsoft is making great strides in adding cybersecurity services to its arsenal. In April, it introduced the managed threat hunting service called Threat Experts on Demand as part of the Microsoft Defender Advanced Threat Protection (ATP) service for customers with subscriptions such as Windows 10 Enterprise E5 and the Microsoft 365 bundle, giving enterprise customers access to top Microsoft security experts when they need help working through a tough threat. Last September, the company launched its Azure Sentinel cloud-SIEM, enabling data collection across the enterprise and detection of unknown and advanced threats utilizing Microsoft’s threat intelligence telemetry, which is significant in quantity and is made actionable by the company’s artificial intelligence (AI) and machine learning (ML) and threat hunting capabilities. These ingredients enable faster response to incidents, but not all enterprises have the resources to dig deep into these tools on their own. Now with Threat Experts on Demand, Microsoft assists the enterprise to make sense of the most challenging threats. 

As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.

With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives?