ESG Blogs

In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.

Winning in this market requires more than just a deep understanding of cyberattacks and how to stop them. It requires a deep understanding of what challenges organizations are facing as they strive to protect themselves while their attack-surface grows, amid a growing base of adversaries who are innovating at a pace that rivals many of the world’s most successful tech companies.

Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways:

Sophos announced in June 2019 that it has acquired Rook Security, which it will integrate across all products. In today’s managed security services (MSS) landscape, it’s imperative to have managed detection and response (MDR). The requirement to enter MSS no longer demands a security operations center (SOC) and SOC analysts (though those are still necessary to the enterprise). Rather, strong security vendors, such as Sophos, can broaden services with an acquisition of an MDR provider. In this case, Rook Security does have a SOC and SOC analysts, making this a boon to Sophos. The new MDR solution will initially launch in the Americas later this year. An invitation-only early access program (EAP) will focus on existing endpoint detection and response (EDR) customers to gain feedback from them on the new solution.

One of the marketing campaigns that resonated the most with me over the last few years is the messaging behind Trend Micro’s XGen campaign because it aptly captures the challenge cybersecurity teams face: the complexity of securing multiple generations of technology. That is, it’s not just about next-gen. It’s also about protecting the last gen, and whatever comes after next-gen.

After all, while we still have mainframes, tape libraries, and Oracle running on UNIX, appdev teams are leveraging public cloud platforms and a rich set of microservices to rapidly build and deliver applications. Such heterogeneity represents a requirement to secure a diverse set of applications stacks deployed across hybrid, multi-clouds. Palo Alto Networks' stated intention to acquire Twistlock and PureSec, the former for container security, and the latter for serverless security, is a strong move to add cloud-native application security controls to companies' already extensive product portfolio.

As architectures move increasingly to the cloud, hybrid environments are harder to keep secure. Nearly nine out of ten (85%) respondent organizations in ESG’s 2019 Public Cloud Computing Trends are currently leveraging at least one of the three public cloud computing service models, with another 11% expressing plans for or interest in using these services.

As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.

ESG and the Information Systems Security Association (ISSA) just published a third annual research report titled, The Life and Times of Cybersecurity Professionals. 

Cybersecurity professionals are paranoid by nature. That’s not a bad thing, it’s a job requirement. We want our cybersecurity team to “think like the enemy” to discover and remediate vulnerabilities as rapidly as they possibly can. 

Aside from this cynicism, my cybersecurity friends also take great pride in what they do. Like Elliot Alderson from the TV series “Mr. Robot,” many cybersecurity professionals want to save the world (from hackers and the like). 

I’ve been writing about the cybersecurity skills shortage for 7 years and have become the “Chicken Little” of this topic. Now, we’ve all read about the number of cybersecurity job openings out there, but what is the impact of the skills shortage on cybersecurity professionals who are gainfully employed?

Finding the right metrics to measure the effectiveness of your security programs can be challenging and subjective. While most everyone can agree on the ultimate objective of preventing breaches, there is much discussion about how to objectively measure and report on the effectiveness of everything between your first dollar invested in security and your planned security investments for the coming year.