The New McAfee

I’ve worked with McAfee for a long time – from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. To be honest, Intel’s acquisition of McAfee was always a head scratcher for me. The 20-somethings on Wall Street crowed about Intel cramming McAfee security in its chip set but this made no sense to me – Intel had long added security (and other) functionality into its processors with lukewarm market reception. The two cultures were a mismatch as well. Ultimately it seems that Intel came to a similar conclusion and recently spun out McAfee in a private equity stew. So, what are the prospects for McAfee this time around? Like comedy, timing is everything when it comes to financial markets, customer demand, and market opportunity. The new McAfee starts its comeback in a robust $100 billion+ cybersecurity market where customers want help, vision, and leadership from their cybersecurity vendors. McAfee has a few real strengths it can deliver to this hungry market including: To read the complete article, CLICK...

Read More

Micro-segmentation Projects Span…

Micro-segmentation is nothing new. We started talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads. Micro-segmentation is simply a new software-based spin on the old practice of network segmentation, which organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs) etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research: To read the complete article, CLICK...

Read More
Compuware Revs Up Mainframe Threat Detection By 30%
Apr06

Compuware Revs Up Mainframe Threat Detection By 30%

It is generally accepted that the mainframe, AKA Big Iron, is the most secure IT platform available, and a significant reason why: 55% of enterprise apps need the mainframe; 70% of enterprise transactions touch a mainframe; and, 70-80% of the world’s corporate data resides on a mainframe. However, the things which are driving today’s dominant IT paradigm, digital transformation — cloud computing, Internet of Things (IoT), big data and analytics (BDA), mobility, social media and security — are also increasing the mainframe threatscape, and Compuware is trying to do something about that. “It is the most secure platform by far,” said Compuware CEO, Chris O’Malley. But breaches happen, he tells IT Trends & Analysis, although most of these things that happen can be prevented. “Most of the breaches are from the inside.” That was the challenge a customer presented to Compuware, identify where and how recurring breach was taking place. The mainframe software vendor’s response led to Compuware Application Audit, a cybersecurity and compliance solution that ‘enhances the ability of enterprises to stop insider threats by fully capturing and analyzing start-to-finish mainframe application session user activity.’ The new standalone solution is a one-stop shop to: -detect, investigate and respond to inappropriate activity by internal users with access; -detect, investigate and respond to hacked or illegally purchased user accounts; -support criminal/legal investigations with complete and credible forensics; and, -fulfill compliance mandates regarding protection of sensitive data. A year ago the company partnered with CorreLog to provide a similar set of capabilities by integrating Compuware’s Hiperstation Application Auditing solution with CorreLog SIEM Agent for z/OS. The new solution brings a number of advantages, including collaborations with CorreLog, Syncsort and Splunk, to enable it to be integrated with popular SIEM solutions such as Splunk, IBM QRadar SIEM and HPE Security ArcSight ESM. While cybersecurity is not and won’t be a core focus of the company, Compuware Application Audit continues the company’s recent practice of making a major product introduction every 90 days. “We’ve put in more innovation in the last 10 quarters than our competitors have done in the last 10 years,” said O’Malley. The mainframe computing environment, with protocols dating back decades, is a new frontier of exploration for both the White Hat (ethical) and the Black Hat (criminal) hackers. “Ultimately we want people to understand that, because of its widespread usage as a core system in many critical infrastructures from finance to air travel; its relative obscurity; and lack of real wide-spread exposure to the hacking public; this system is rife with opportunities to be further secured and hardened.“  Chad Rikansurd (@bigendiansmalls) What he’s saying is that mainframe computing environments...

Read More

Security Analytics and Operations at RSA

So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e., security operations and analytics platform architecture). Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts. With SOAPA in mind, here’s what I’m expecting to see at RSA: To read the complete article, CLICK...

Read More
CybSec Scores An ‘F’
Feb02

CybSec Scores An ‘F’

With the the RSA Conference 2017 just a week away, cybersecurity surveys are showing up everywhere, including Cisco’s 10th study, 2017 Annual Cybersecurity Report. However, while the networking giant wants to paint a more positive picture, my big takeaway is that the bad guys are winning. There are a number of positive developments in the survey — with input from 3,000 CISOs and SecOps from 15 countries, as well as telemetry data — but the key findings are, if not surprising, at the very least cause for increased concern. The key findings Cisco focused on were: -over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20%; and, -90% of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38%), increasing security awareness training for employees (38%), and implementing risk mitigation techniques (37%). The Cisco findings that concerned me were: -just 56% of security alerts are investigated and less than half of legitimate alerts remediated; -more than 50% of organizations faced public scrutiny after a security breach; operations and finance systems were the most affected, followed by brand reputation and customer retention; -for organizations that experienced an attack, the effect was substantial: 22% of breached organizations lost customers — 40% of them lost more than 20% of their customer base; 29% lost revenue, with 38% percent of that group losing more than 20% of revenue; and, 23% lost business opportunities, with 42% percent of them losing more than 20%. Cisco is also touting (justifiably) that it has reduced the ‘time to detection’, the window of time between a compromise and the detection of a new threat, from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. That’s good, but hardly good enough: while the industry average for TTD is 201 days (with a range of 20 to 569 days), in  almost all breaches (93%), it took attackers minutes or less to compromise systems, and data exfiltration occurred within minutes in 28% of the cases. These issues are not a new story, said Cisco’s Security Business Group Architect, Franc Artes. He told IT Trends & Analysis that there are ongoing issues around budgets, trained personnel and the complexity of security environments, “but at the end of the day it’s really a human issue. We’re leaving a lot on the cutting room floor.” People are a big problem when it comes to CybSec. They both cause most of the security vulnerabilities — 55% of all attacks were carried out by either...

Read More