CybSec Scores An ‘F’
Feb02

CybSec Scores An ‘F’

With the the RSA Conference 2017 just a week away, cybersecurity surveys are showing up everywhere, including Cisco’s 10th study, 2017 Annual Cybersecurity Report. However, while the networking giant wants to paint a more positive picture, my big takeaway is that the bad guys are winning. There are a number of positive developments in the survey — with input from 3,000 CISOs and SecOps from 15 countries, as well as telemetry data — but the key findings are, if not surprising, at the very least cause for increased concern. The key findings Cisco focused on were: -over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20%; and, -90% of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38%), increasing security awareness training for employees (38%), and implementing risk mitigation techniques (37%). The Cisco findings that concerned me were: -just 56% of security alerts are investigated and less than half of legitimate alerts remediated; -more than 50% of organizations faced public scrutiny after a security breach; operations and finance systems were the most affected, followed by brand reputation and customer retention; -for organizations that experienced an attack, the effect was substantial: 22% of breached organizations lost customers — 40% of them lost more than 20% of their customer base; 29% lost revenue, with 38% percent of that group losing more than 20% of revenue; and, 23% lost business opportunities, with 42% percent of them losing more than 20%. Cisco is also touting (justifiably) that it has reduced the ‘time to detection’, the window of time between a compromise and the detection of a new threat, from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. That’s good, but hardly good enough: while the industry average for TTD is 201 days (with a range of 20 to 569 days), in  almost all breaches (93%), it took attackers minutes or less to compromise systems, and data exfiltration occurred within minutes in 28% of the cases. These issues are not a new story, said Cisco’s Security Business Group Architect, Franc Artes. He told IT Trends & Analysis that there are ongoing issues around budgets, trained personnel and the complexity of security environments, “but at the end of the day it’s really a human issue. We’re leaving a lot on the cutting room floor.” People are a big problem when it comes to CybSec. They both cause most of the security vulnerabilities — 55% of all attacks were carried out by either...

Read More

RSA Conference Topic: Endpoint Security

As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan on writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security. To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today. Here’s a brief list of some endpoint security activities I anticipate at RSA: To read the complete article, CLICK...

Read More

…Organizations Still Opt for ‘Good Enough’ Cybersecurity

Late last year, ESG published a research report titled Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that: -39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. -27% of organizations experienced one or several incidents of ransomware. -20% of organizations experienced one or several incidents resulting in the disruption of a business application. -19% of organizations experienced one or several incidents resulting in the disruption of a business process. To read the complete article, CLICK...

Read More

Endpoint Security in 2017

Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation. Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. To read the complete article, CLICK...

Read More
Dell Security Aims To Be One Step Ahead
Dec08

Dell Security Aims To Be One Step Ahead

It’s still too early to talk about Dell EMC’s security plans, said Brett Hansen, VP, Endpoint Data Security and Management, Dell, but he tells IT Trends & Analysis there is a lot of work going on behind the scenes on the future of the company’s post-merger enterprise security strategy. “I’m like a kid in the candy store with this acquisition.” What’s not to be excited about? Cybersecurity is getting a lot more attention — and customer budgets — and the acqusition brings together two sets of technology assets, skills and customer bases. While overall IT spending may be inching upward, security is expected to grow at a compound annual growth rate of 8.3% through 2020, from $73.6 billion in 2016 to more than $100 billion. Other estimates put this year’s cybersecurity spend at $122.45 billion, and a 10.6% CAGR to $202.36 billion by 2021. EMC’s former security division, RSA (with more than 30,000 customers), will retain its autonomy, but will benefit from being part of the world’s largest privately controlled technology company, said president Amit Yoran in a September conference call. “RSA is now part of the broader Dell Technologies – a much broader platform that allows us to make decisions along private company timelines and horizons for a more strategic perspective, and less maniacally focused on the 90-day public company window,” he stated. “There is a natural upside [for enterprises] of having the broader ecosystem of Dell Technologies from a leveraging relationships standpoint.” He said authentication and identity, advanced security operations and analytics, and the business context and business drivers around those will continue to be the three key areas that RSA is focusing on. As for the unit’s R&D focus, he said in a world where there is no longer any perimeter, being able to identify who is where on what and provide them the appropriate access with strong multi-factor authentication and an elegant user experience “is a key area where RSA has great capability and we will continue to invest aggressively in R&D in that area”. In addition, it is investing heavily in advanced security operations, which includes RSA’s endpoint threat detection and response product Ecat, the NetWitness suite, and all the analytics around those. “Ultimately, context matters most to the organisation. What is mission-critical, what is business-critical, what is required from a compliance and regulatory perspective, and ensuring that the limited security resources are being spent on the most impactful and critical things for the enterprise,” said Yoran. In June, prior to the acquisition’s close, EMC announced the findings from its global enterprise backup survey, ‘Are You Protected?’, which included: -incidents of traditional data loss...

Read More