Cloudy Future for Security Analytics

When you think of security analytics and operations, one technology tends to come to mind – security information and event management (SIEM). SIEM technology was around when I started focusing on cybersecurity in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include AlienVault (AT&T), IBM (QRadar), LogRhythm, McAfee, and Splunk.

Topics: Cybersecurity SOAPA

What Are the Most Important Attributes of a Cybersecurity Platform?

We’ve seen an ongoing cybersecurity technology trend that goes something like this:

Topics: Cybersecurity SOAPA

The Transition Toward Enterprise-class Cybersecurity Vendors

Recently, ESG completed its second annual enterprise-class cybersecurity vendor research. The story behind this project goes something like this: Enterprise organizations (i.e., those with 1,000 employees or more) have too many point tools and are now engaged in projects to integrate security technologies while eliminating some tools and vendors along the way.

Topics: Cybersecurity SOAPA

SOAPA Video with McAfee (Part 2)

In part 2 of our SOAPA video, Jason Rolleston, Vice President of product marketing for security operations products at McAfee, and I chatted about:

  1. Security analytics and operations. Analytics and operations are foundational elements of SOAPA, so I asked Jason to tell me about McAfee’s strategy in each area. Rolleston points out that there is more security data than ever, so finding the signals within the noise is more difficult than ever. McAfee is moving beyond event correlation for security analytics, putting a lot of resources into machine learning for anomaly detection. McAfee believes it has an advantage by applying machine learning across technologies. On the operations side, McAfee wants to help analysts take more effective and efficient actions, so it is investing in automation capabilities with Investigator, Active Response, Sandboxing, etc.
Topics: Cybersecurity SOAPA

Analyst-centric Security Operations

Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.

Topics: Cybersecurity SOAPA

SOAPA Video with McAfee (Part 1)

Jason Rolleston, Vice President of product marketing for security operations products at McAfee, stopped by ESG recently to participate in our SOAPA video series. I must say that this was especially good timing as Jason and I had a similar chat at the RSA Security Conference just over a month ago.

In part 1 of our video, Jason and I chew the fat about:

Topics: Cybersecurity SOAPA

SOAPA Video with FireEye (Part 2)

Paul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. In part 2 of our video, Paul and I chewed the fat on topics like:

  1. Security operations best practices. FireEye has vast institutional security operations experience, built on the back of managed services, professional services, threat intelligence expertise, etc. Given this, I asked how FireEye can build upon this knowledge in its product set. Paul mentioned that Helix has its roots in FireEye’s SOCs and managed defense offerings and is designed to provide a similar unified experience for the security analysts of its customers.
Topics: Cybersecurity SOAPA

Catching Up with Symantec

When Symantec and Veritas joined forces, Symantec Vision (its customer and analyst event) was a regular spring ritual. Like the swallows coming back to Capistrano, I made an annual pilgrimage to Las Vegas, parked myself at the MGM or Venetian, and spent a few days catching up on the latest Symantec buzz.

Topics: Cybersecurity SOAPA

SOAPA Video with FireEye (Part 1)

Paul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. Paul and I discussed things like:

  1. Technology integration. Through its history, FireEye has grown through acquisition, purchasing companies like iSight Partners, Mandiant, and nPulse. Heck, Paul joined FireEye because of its acquisition of Invotas in 2016. While each of these products can stand on its own, FireEye realized that it could deliver a lot more by stitching all these products together in a common platform. Paul spends a lot of his time figuring out how to combine the elements of each product into a FireEye security operations cocktail to maximize customer value. 
Topics: SOAPA Cybersecurity

The Evolution of Security Operations Automation and Orchestration

The market for security operations automation and orchestration products is rapidly maturing. The most recent proof point of this maturation was Splunk’s acquisition of Phantom in February, but other vendors like FireEye (acquired Invotas), IBM (acquired Resilient), Microsoft (acquired Hexadite), and Rapid7 (acquired Komand) saw the light and bought into this market over the past few years.

Topics: Cybersecurity SOAPA