Happy Summer!
Jun29

Happy Summer!

IT Trends & Analysis will resume publication in September. Have a great summer!

Read More

Predictions for Cybersecurity in 2016

My colleague Doug Cahill and I recorded a video shortly before the holidays outlining what we’re expecting to see in 2016 in the cybersecurity space. We’re excited to share that video with you now. To read the complete article, CLICK HERE

Read More

Handicapping Enterprise Security Vendors

In the course of my average work day, I try to read all the cybersecurity news I can. I came across a very good article in Forbes that looks at the cybersecurity opportunities for companies like IBM, Cisco, Dell, and others. The article points out that the market for cybersecurity products and services is estimated at $77b today, growing to $120b by 2020. That’s a lot of firewalls, AV software, and identity tokens! Since I agree with some of the author’s points and disagree with others, I decided to post my own thoughts on my list of leading enterprise security vendors: To read the complete article, CLICK...

Read More
CA & CAW15: The Rest Of The Story
Nov23

CA & CAW15: The Rest Of The Story

With the fun and games behind them (CA World ’15), CA Technologies has to get back to the work at hand, continuing its reinvention. The software giant is pinning its future on where the market is going — variously tagged as the digital economy and the API/business as software worlds — while chained to its very profitable, if more slowly growing (or slowly declining), mainframe (over 50% of company revenues), management and security software roots. It’s a monumental task: can CA sell enough product and services to its new opportunities (which grew more than 40% year-over-year last quarter), while keeping its mature business moving forward, albeit at a snail’s pace (overall revenues continued to decline and share prices are anemic), and stave off the possibility of shareholders looking for more value, and/or potential acquirers? CA has made great progress in its offerings, but they are not satisfied, said CEO Mike Gregoire in his opening keynote to 5,000 customers plus assorted partners and staff. “We are committed to raising our game. There is no finish line in customer service.” I asked analyst Joe Clabby, Clabby Analytics, what CA got right at this year’s event, and what they need to do moving forward. He said they stuck to the messages that they came out with last year on application development the application economy, DevOps, management, agile, etc. and “showed solid progress” in all of those areas (including customer case studies). “They appear to me to have a solid strategy, and they’re executing well. Gregoire has revamped the salesforce, made his workforce more efficient, and is well-prepared for growth. The financial analyst who sat behind me on day one has even issued a strong buy recommendation.” As for what remains undone for CA is getting more analytics into their management offerings. “Here’s the deal: they collect tons and tons of big data information about the health of systems, on applications behavior and the like. They then turn all of that data over to humans to figure out what to do with it. They need to get analytics programs in place that will help sort through that data, making it easier to do root cause analysis and fix things. They have a few products that do analytics on the data that they capture, they need a lot more.” The company is moving as quickly as possible down the “agile” path, and its 4,000 software developers all being trained in agile, said Gregoire. “Within one year, my expectation is everybody in the company, especially on the development side, will be proficient.” He expects this to be reflected positively in their products, although with caveats....

Read More
Survey Reports Bad-Boy Behavior After The Breach
Jun25

Survey Reports Bad-Boy Behavior After The Breach

We know that cybersecurity is anything but secure, and the situation appears to be worsening. However, a new study from Vectra Networks – the self-proclaimed ‘leader in real-time detection of in-progress cyber attacks’ – provides a fascinating view of what happens after your cyber defenses have been breached. According to the second edition of its Post-Intrusion Report, there was non-linear growth in lateral movement (580%) and reconnaissance (270%) detections that outpaced the 97% increase in overall detections compared to last year. Although the sample size was relatively small – just 42 customers – it did represent data collected from more than 250,000 hosts over a six-month period, said Vectra’s Wade Williamson, Director of Product Marketing. Like most other security vendors, he told IT Trends & Analysis that it’s a matter of when, not if there will be a security breach. However, as soon as they get in, they’re going to move laterally. “The increase in lateral movement and reconnaissance detections shows that attempts at pulling off targeted attacks continue to be on the rise,” said Oliver Tavakoli, Vectra Networks CTO, in a prepared statement. “The attackers’ batting average hasn’t changed much, but more at-bats invariably has translated into more hits.” Williamson said his company is looking for threats in new ways and new places. Our model is considerably different, pulling security deeper into the network, to see not just how traffic is going to the Internet, but the 90% that is staying inside. “We’re still looking at packets… but we’re applying data science to those data flows”, he said. What Vectra is seeing year-over-year is an uptake in those two aspects — laterally and reconnaissance – proportionately they’re growing way faster than others, and these are the hardest to deal with. “Once they get in, they literally have free reign.” Williamson calls the lateral movement as probably the most important aspect for an advanced attack. “People are getting in the front door by avoiding analyses… this is essentially us being able to watch inside and notice that there is a particular node… spreading… without having to recognize a particular payload… and do this for anything. It doesn’t matter what type of malware it is.” As the run up to – and immediately following – April’s RSA Conference, a plethora of surveys surfaced to highlight just how bad the security environment is. Cisco reported that customers are only just starting to come to terms with the wide gap between perception and protection, and security budgets – and skills – aren’t where they need to be. Cisco’s latest data offers a disturbing look at why cyber security is in such a...

Read More

VCE Gets Creative with Bright Box Technologies

It is interesting to watch large companies. Some seem to make the same mistakes over and over again, while others, typically younger firms, tend to learn from their mistakes and those made by others. VCE is a young firm and a case in point. Their new VxRack line addition is the packaging of commodity white box servers – which VCE calls “bright box” nodes – into a solution that scales from 4-1000+ nodes and brings VCE’s factory integration and incredible customer support makes them price competitive in one of the most popular growing enterprise and service provider segments – the Hyper-converged infrastructure. To read the complete article, CLICK HERE NOTE: This column was originally published in the Pund-IT...

Read More