To Automate or Not to Automate (Incident Response): That…

The recently published Senate report on the Target breach exposed a dicey situation that is all too familiar to enterprise security professionals. As it turns out, Target implemented malware detection technology from FireEye, which happened to detect the now infamous POS memory scrapping code but the IT team was running FireEye in detection rather than prevention mode. This meant that Target had to take some manual action to remove the malware and remediate the incident. Alas, Target did not take this faithful act and the rest is cybercrime history. To the uninitiated, Target’s behavior seems misguided at best, or even completely incompetent if you take a harder line. Why wouldn’t Target let FireEye do what it was designed to do and avoid this whole disaster? To read the complete article, CLICK...

Read More
Security 2014: Expect A Bad Situation To Get Worse
Dec16

Security 2014: Expect A Bad Situation To Get Worse

With the IT Trends & Analysis holiday break starting next week (December 23-January 3), I’m clearing out my mailbox, and trying to incorporate the various vendor 2014 predictions into this week’s stories, including today’s focus on security. One would expect doom and gloom forecasts from security vendors – and IT industry analysts – and you won’t be disappointed. Looks like CISOs can expect the Grinch for the holidays… and the foreseeable future. Recent publicity about cyberattacks and data security breaches has increased IT risk awareness among CIOs, chief information security officers (CISOs) and senior business executives. However, Gartner’s 2013 Global Risk Management Survey found that fear of attack is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security. This shift in focus is driven by what Gartner analysts refer to as fear, uncertainty and doubt (FUD), which often leads to reactionary and highly emotional decision making. “While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making,” said John A. Wheeler, research director at Gartner. “These disciplines focus squarely on the uncertainty (as in, risk) as well as the methods or controls to reduce it. By doing so, the associated fear and doubt are subsequently eliminated.” The IT security market will grow at a CAGR of 9.29% over the 2012-2016 period, more than double the 4% increase overall IT budgets will see in 2014. In addition to Cisco, the key vendors include EMC, Fortinet, Hewlett-Packard, Juniper Networks, McAfee, Palo Alto Networks, Symantec, and Trend Micro. Despite being busy spying itself, the US government’s security budget is expected to be $6.1 billion next year. That’s up from last year’s $5.9 billion, and a lot less than the $7.3 billion projected for 2017. Contrast that with the U.S. intelligence budget for FY13, which was set at $52.3 billion, with an additional $400 million in spending across other government agencies, which require some level of interaction of data sharing with the intelligence community. However, earlier this month IDC’s 2014 predictions included two items highlighting why security’s future looks so dismal, including 70% of CIOs will increase enterprise exposure to risk to accelerate business agility through increased cloud adoption. Unfortunately for that increased risk exposure, by 2015, 60% of CIO security budgets for increasingly vulnerable legacy systems will be 30-40% too small to fund enterprise threat assessments. Next year will see plenty of opportunities for big data security analytics to enter the enterprise...

Read More

Big Data Security Analytics: Strong Opps, Some challenges

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March. To read the complete article, CLICK...

Read More