2018: The Year of Advanced Threat Prevention

A few years ago, the cybersecurity industry adopted a new mindset that went something like this: Cybersecurity controls are not very effective. Therefore, sophisticated cyber-adversaries can easily circumvent them, compromise networks, and execute data breaches. Hence, trying to prevent attacks is essentially a fool’s errand, so organizations should concentrate on incident detection and response. This line of reasoning was supported by an overly simplistic axiom that spread like wildfire in the industry: “There are two types of organizations. Those that have been breached and those that have been breached and don’t know it.” Now, I admit there was and still is some truth to these assumptions. Lots of security technology staples were porous in the past as they were designed to address known rather than zero-day threats. Furthermore, networks tended to be relatively flat and wide open for attack. With these shortcomings, many organizations shifted spending and focus to new technologies designed for threat detection like malware sandboxes, UEBA, EDR, network security analytics, etc.  So, what happened? Firms were soon overwhelmed by disconnected technologies, mountains of new security data, and a cacophony of security alerts. Alas, many organizations realized then that they had neither the staff nor the skills to fully utilize this threat detection technology. Oh, and the pervasive cybersecurity skills shortage probably means that this situation won’t change anytime soon. To read the complete article, CLICK...

Read More
CA Wants To Be The One (DevSecOps) Throat To Choke
Nov30

CA Wants To Be The One (DevSecOps) Throat To Choke

Whether it’s via a perfect storm, product onslaught or the ‘disrupt or be disrupted’ times, CA Technologies appears to be making steady, if slow, progress from its mainframe roots to the app-fueled digital transformation world where trust, AKA cybersecurity, is essential. Changing a $4-billion company is proving challenging, especially when you consider that the bulk of your business is tied up with a mainframe environment synonymous with slow and steady, as befits the platform that holds between 70-80% of corporate data and affects 70% of enterprise transactions. The software developer may be pushing the ‘software factory’ theme together with fast and agile DevOps, or the newer handle, DevSecOps, but that doesn’t mean it’s customers are comfortable with rapid changes. Not that they have much choice: only 12% of the Fortune 500 survived the period between 1955 and 2016, and up to 50% of the S&P 500 ranks are expected to be replaced over the next 10 years. So disruption is the name of the game, and CA is doing its best to change its spots and become the essential go-to partner for fast and agile DevSecOps where ‘everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required.’ That’s a mouthful, but the stakes are mind-boggling, with the potential to take CA’s total addressable market from mainframe billions to DT/DevSecOps trillions. “The ability to manage change, respond to new inputs or insights and pivot has never been more important,” said CA Technologies CEO Mike Gregoire in his opening keynote . “Our entire portfolio is designed around the pillars of the Modern Software Factory to increase the velocity, security and performance of the solutions and the apps that are critical to our customers’ businesses.” He said the company is on a “deliberate journey”, balancing creation and execution and morphing from a solutions company to one that is focused on “accelerating business values.” Operational efficiency isn’t enough, Gregoire added. “First among the tools to confront these challenges is your Modern Software Factory. It ensures that your company is built to change and can adapt to an accelerating digital world.” We may be app-driven, but without security, you’re looking at a world of pain. With DevOps, CA helped break down the barriers between development and operations but “we don’t think about security,” said Gregoire in a media scrum following his keynote. The application is the weakest link in your chain, he said, so you need security involved right from the start, with the coder. However, rather than best-of-breed standalone tools, customers are...

Read More

CA: Connecting the DoTs

To help address the emerging multi-trillion-dollar app-driven digital transformation business phenomenon, CA Technologies made more than 20 new and enhanced product announcements at CA World ‘17. That might seem like a lot, but not when you consider that even after decades of consolidating and rationalizing its software portfolio, the ISV still lists 192 separate products on its website (courtesy of the approximately 70 companies acquired since opening its doors as Computer Associates back in 1976). While its efforts to expand the non-mainframe portion of its business — 65% of total revenues last quarter — seem to be taking longer than expected, CA’s emphasis on four pillars, or what Ayman Sayed, President & Chief Product Officer, called patterns — 1-making the products simpler to use and driving faster time to value; 2-SaaS availability; 3-openness, i.e. any infrastructure, any platform; and 4-AI — figured prominently in the innovation onslaught. Innovation was repeated often in the keynotes and one-on-ones. ”Most everyone in our industry is operationally efficient… but that’s not enough,” said CA CEO Mike Gregoire. “Our job is to break down barriers between technology and innovation,” referring to the event’s ‘No Barriers’ theme. Whether it’s built internally or bought, the company’s promise “and the holy grail” is to take innovation, integrate it with its other offerings and make it a “force multiplier”, he said. The innovations were intended to help address some of the impacts customers are confronting, he said. There has been a shift from building products to providing and supporting business outcomes. Customers are also demanding more intelligence, and security is becoming a bigger concern and a challenge, he added. Customers were another focus for CA, and as important as the announcements were, the “most exciting” news were the “170 customers joining us to talk about using our products to transform themselves,” said Sayed. Then he talked about the products, including the company’s latest artificial intelligence initiatives. CA combined the up and coming technology with its mainframe roots with solutions that ‘help customers speed time to resolution by 5X, reduce insider threats and cut operational expenses by 25%.’ “Through A.I. and machine-learning powered intelligent automation, CA’s new mainframe solutions enable increased insights across broader sets of data,” said CA’s Ashok Reddy, GM, Mainframe, in a prepared statement. It’s not a new concept or term, but as part of its security focus CA is pushing the concept of DevSecOps. In announcing new tools that integrate security throughout the software development lifecycle, Sayed said this approach is “critically important”, and the tools are now available across the company’s Automic, Veracode, and Continuous Delivery portfolios. “Companies that embrace DevSecOps deliver better and...

Read More

Enterprises Must Address Internet of Identities Challenges

As November ends, everyone and their brother/sister will be writing about their IT and security predictions for 2018. Here’s a no-brainer from me: We’ll see massive proliferation of IoT devices on the network next year. Some of these will be general purpose like IP cameras, smart thermostats, smart electric meters, etc., but many others will be industry-specific sensors, actuators, and data collectors. Managing the deployment, operations, and security of all these devices will be quite challenging. Someone must figure out network access controls, connectivity, segmentation, baseline behavior, network performance implications, etc. This is where identity comes into play. Each device should have its own identity and attributes that govern connectivity, policy, and trust. My sagacious colleague, Mark Bowker, calls this trend the Internet of Identities (IoI). With Mark’s help, I introduced the concept of IoI in this blog, and further elaborated on the massive changes the Internet of Identities will bring in this one. So, IoI is coming fast, but ESG research indicates that many organizations are not prepared for the onslaught because: To read the complete article, CLICK...

Read More

Cisco Moves Virtual Assistant into The Office

Well it was due to happen. First we had Siri and Cortana on our phones and PCs, then Alexa invaded our homes and now Cisco is pushing their Spark Assistant into offices and I’m kind of surprised why it took so long. We are about to be up to our armpits in digital assistants, but that isn’t a terrible thing. You see—up until now—we have largely been forced to learn how to communicate with the computers and systems we interface with. But what digital assistants do is they start to bring these systems back towards us. In short, this is the beginning of machines learning how to work with us. I think you could argue that having to learn how to work with someone else puts them in a superior position, the same goes for machines. This past practice kind of made us their servants, where it should have always been the other way around—or, at least more of a peer relationship. This is a major step into creating far better human/machine interfaces and a major step toward a far higher level of efficiency and customer satisfaction with the products we will interface tomorrow. Let’s chat about that this week. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More