CybSec Scores An ‘F’
Feb02

CybSec Scores An ‘F’

With the the RSA Conference 2017 just a week away, cybersecurity surveys are showing up everywhere, including Cisco’s 10th study, 2017 Annual Cybersecurity Report. However, while the networking giant wants to paint a more positive picture, my big takeaway is that the bad guys are winning. There are a number of positive developments in the survey — with input from 3,000 CISOs and SecOps from 15 countries, as well as telemetry data — but the key findings are, if not surprising, at the very least cause for increased concern. The key findings Cisco focused on were: -over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20%; and, -90% of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38%), increasing security awareness training for employees (38%), and implementing risk mitigation techniques (37%). The Cisco findings that concerned me were: -just 56% of security alerts are investigated and less than half of legitimate alerts remediated; -more than 50% of organizations faced public scrutiny after a security breach; operations and finance systems were the most affected, followed by brand reputation and customer retention; -for organizations that experienced an attack, the effect was substantial: 22% of breached organizations lost customers — 40% of them lost more than 20% of their customer base; 29% lost revenue, with 38% percent of that group losing more than 20% of revenue; and, 23% lost business opportunities, with 42% percent of them losing more than 20%. Cisco is also touting (justifiably) that it has reduced the ‘time to detection’, the window of time between a compromise and the detection of a new threat, from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. That’s good, but hardly good enough: while the industry average for TTD is 201 days (with a range of 20 to 569 days), in  almost all breaches (93%), it took attackers minutes or less to compromise systems, and data exfiltration occurred within minutes in 28% of the cases. These issues are not a new story, said Cisco’s Security Business Group Architect, Franc Artes. He told IT Trends & Analysis that there are ongoing issues around budgets, trained personnel and the complexity of security environments, “but at the end of the day it’s really a human issue. We’re leaving a lot on the cutting room floor.” People are a big problem when it comes to CybSec. They both cause most of the security vulnerabilities — 55% of all attacks were carried out by either...

Read More

RSA Conference Topic: Endpoint Security

As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan on writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security. To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today. Here’s a brief list of some endpoint security activities I anticipate at RSA: To read the complete article, CLICK...

Read More

Dell EMC & VMware… Multiple Manifestations of SDS

Recently my colleagues and I were embroiled in an intricate discussion with some of the Dell EMC/VMware team about the status, applicability, and positioning of the various SDS manifestations that behemoth now offers. And suddenly I had one of those “the penny dropped” moments…not of the “epiphany/eureka” type, but more of the “yeah, I knew that but all-too-often overlook it” type. And one more thing before I say what it was: it’s also somewhat ironic when you consider the tangled semantic machinations we have all gone through as an industry to actually define software-defined storage that we have – dropping penny time – overlooked the fact that it is an approach (or concept), and not a specific thing (or singular manifestation). Like many such moments, its outcome is really rather obvious and simple….having storage functionality as software not only allows, but one might say demands, different implementations and deployments in order to address different needs – be they of situation, scale, workloads, attitudes, or indeed as any or all of these change over time. While that’s great for IT users (as, with SDS choices, they are more likely by definition to be able to tune a tool to what they need), it can be something of a challenge for IT vendors, since they now have to provide inter-product positioning and applicability advice. Although, frankly, it turns out this is not a challenge for many vendors or to much extent……for the simple reason that very few vendors actually offer a choice when it comes to SDS! To read the complete article, CLICK...

Read More

IBM OpenPOWER Moves on Deep Learning with a Vengeance

IBM’s OpenPOWER organization has clearly stepped up its game this week with a massive move towards making deep learning and AI efforts far more affordable. The latest announcement was to expand both its Open Source efforts to include TensorFlow—a Google-developed numerical platform designed for AI and deep learning—and significant enhancements to its NVIDIA-enhanced POWER8 platform—the S822LC (as these things get smarter I’m starting to wonder when we’ll stop using letters and numbers for names and just call them “Bruce”). You can read the announcement here yourself. Let’s chat a bit about what it means. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More

Dropbox Seeks New Growth/Opportunities in the Enterprise

It’s no surprise that vendors are systematically targeting workers who leverage their own personal technologies for company projects and functions. That practice has been commonplace since the 1980s when employees first began sneaking home PCs into their offices to run spreadsheet and word processing programs. On the plus side, those efforts can increase flexibility and efficiency but they also circumvent established IT and, increasingly, traditional IT vendors. More recently, vendors, like Amazon with its AWS solutions, recognized that proactively engaging individuals and work groups, and thus entering their workplaces through the “side door” constituted a highly effective business model. Many others have followed or tried to follow Amazon’s lead, especially software as a service (SaaS) vendors and others leveraging cloud computing infrastructures. Those that succeed eventually reach an interesting position where pursuing or achieving upward growth requires them to prove their solutions are worthy of broader adoption within the enterprises they initially entered informally. This can result in a fascinating dance, technologically and rhetorically as proved by this week’s Dropbox announcement of new cloud, workspace and collaboration services and solutions. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More

Reflections on a Flickering SPARC

A report last Friday in the San Jose Mercury News that Oracle was laying off 450 workers in its hardware division suggests that the proprietary silicon experiment the company began with its 2010 acquisition of Sun Microsoft is nearing the end. It’s sensible from a financial point of view, especially for a company like Oracle that is demanding when it comes to business unit performance. In its most recent quarter (Q2 FY2017) Oracle reported that sales of hardware products (servers, etc.) were down -13% to $497M for the quarter, and down -16% in the previous six months to $959M. The company has also suffered double digit sales declines during the past five quarters. Additionally, Oracle’s server business has long been absent from the upper “Top 5” reaches of the server market, and thus relegated to the “Others” category in market sizing studies by IDC and Gartner. You could say that its faltering results suggest that Oracle either didn’t deliver on or wasn’t especially serious about its promises to Sun hardware customers. Considering the strategy espoused by Oracle executives—focusing mainly on engineered/integrated systems and database appliances—the latter interpretation is closer to being correct. High-end solutions certainly have their place at Oracle, especially in applications where optimizing performance of the company’s core database solutions is concerned. But with sales of traditional Unix-based systems, including Oracle’s SPARC/Solaris servers, under continuous pressure, the company needed and yet failed to do considerably more. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More