Thoughts on IBM Think and Cybersecurity

I just got back from attending IBM Think in San Francisco. Though it was a quick trip across the country, I was inundated with IBM’s vision, covering topics from A (i.e., artificial intelligence) to Z (i.e., System Z) and everything in between. 

Despite the wide-ranging discussion, IBM’s main focus was on three areas: 1) Hybrid cloud, 2) Advanced analytics, and 3) Security. For example, IBM’s hybrid cloud discussion centered on digital transformation and leaned heavily on its Red Hat acquisition, while advanced analytics included artificial intelligence, cognitive computing (Watson), neural networks, etc. To demonstrate its capabilities in these areas, IBM paraded out customers like Geico, Hyundai Credit Corporation, and Santander Bank, who are betting on IBM for game-changing digital transformation projects.

Topics: SOAPA Cybersecurity

Security Point Tools Problems

At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat, such as if antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect malicious files, etc. 

Topics: Cybersecurity SOAPA

Security Operations Activities to Watch in 2019

If you’ve read my columns over the past few years, you’ve seen a security operations effort I’ve been pushing called SOAPA (security operations and analytics platform architecture). I first conceived of SOAPA as an antidote for the existing security operations practice of relying on an army of independent and disconnected security tools. 

Topics: SOAPA Cybersecurity

Cloudy Future for Security Analytics

When you think of security analytics and operations, one technology tends to come to mind – security information and event management (SIEM). SIEM technology was around when I started focusing on cybersecurity in 2002 (think eSecurity, Intellitactics, NetForensics, etc.) and remains the primary security operations platform today. Vendors in this space today include AlienVault (AT&T), IBM (QRadar), LogRhythm, McAfee, and Splunk.

Topics: Cybersecurity SOAPA

What Are the Most Important Attributes of a Cybersecurity Platform?

We’ve seen an ongoing cybersecurity technology trend that goes something like this:

Topics: Cybersecurity SOAPA

The Transition Toward Enterprise-class Cybersecurity Vendors

Recently, ESG completed its second annual enterprise-class cybersecurity vendor research. The story behind this project goes something like this: Enterprise organizations (i.e., those with 1,000 employees or more) have too many point tools and are now engaged in projects to integrate security technologies while eliminating some tools and vendors along the way.

Topics: Cybersecurity SOAPA

SOAPA Video with McAfee (Part 2)

In part 2 of our SOAPA video, Jason Rolleston, Vice President of product marketing for security operations products at McAfee, and I chatted about:

  1. Security analytics and operations. Analytics and operations are foundational elements of SOAPA, so I asked Jason to tell me about McAfee’s strategy in each area. Rolleston points out that there is more security data than ever, so finding the signals within the noise is more difficult than ever. McAfee is moving beyond event correlation for security analytics, putting a lot of resources into machine learning for anomaly detection. McAfee believes it has an advantage by applying machine learning across technologies. On the operations side, McAfee wants to help analysts take more effective and efficient actions, so it is investing in automation capabilities with Investigator, Active Response, Sandboxing, etc.
Topics: Cybersecurity SOAPA

Analyst-centric Security Operations

Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.

Topics: Cybersecurity SOAPA

SOAPA Video with McAfee (Part 1)

Jason Rolleston, Vice President of product marketing for security operations products at McAfee, stopped by ESG recently to participate in our SOAPA video series. I must say that this was especially good timing as Jason and I had a similar chat at the RSA Security Conference just over a month ago.

In part 1 of our video, Jason and I chew the fat about:

Topics: Cybersecurity SOAPA

SOAPA Video with FireEye (Part 2)

Paul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. In part 2 of our video, Paul and I chewed the fat on topics like:

  1. Security operations best practices. FireEye has vast institutional security operations experience, built on the back of managed services, professional services, threat intelligence expertise, etc. Given this, I asked how FireEye can build upon this knowledge in its product set. Paul mentioned that Helix has its roots in FireEye’s SOCs and managed defense offerings and is designed to provide a similar unified experience for the security analysts of its customers.
Topics: Cybersecurity SOAPA