Anticipating Black Hat

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next [THIS] week for cocktails, sushi bars, and oh yeah – Black Hat. Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on: To read the complete article, CLICK...

Read More

Enterprise(s)… Taking Steps to Improve … Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords. The eBay hack is just the latest in a perpetual series of bad cybersecurity news. What’s worse here is that eBay is no slouch when it comes to information security best practices. So it’s especially alarming when a firm like eBay is compromised – if eBay can suffer a data breach, anyone can suffer a data breach. If there is a silver lining here it is that other large organizations realize that they have to do more to protect themselves from cybercrime. For example, many enterprises are taking a harder look at their incident prevention controls and exploring ways to block threats and/or reduce the attack surface across their networks. Aside from these traditional defenses, however, firms are also investing a lot of time, money, and human resources on security analytics. Why? Most CISOs realize that legacy SIEM and log management tools are no match for today’s social engineering attacks and sophisticated malware payloads. To read the complete article, CLICK...

Read More

Enterprise CISO Challenges In 2014

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014.  Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it. At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year: To read the complete article, CLICK...

Read More
Security 2014: Expect A Bad Situation To Get Worse
Dec16

Security 2014: Expect A Bad Situation To Get Worse

With the IT Trends & Analysis holiday break starting next week (December 23-January 3), I’m clearing out my mailbox, and trying to incorporate the various vendor 2014 predictions into this week’s stories, including today’s focus on security. One would expect doom and gloom forecasts from security vendors – and IT industry analysts – and you won’t be disappointed. Looks like CISOs can expect the Grinch for the holidays… and the foreseeable future. Recent publicity about cyberattacks and data security breaches has increased IT risk awareness among CIOs, chief information security officers (CISOs) and senior business executives. However, Gartner’s 2013 Global Risk Management Survey found that fear of attack is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security. This shift in focus is driven by what Gartner analysts refer to as fear, uncertainty and doubt (FUD), which often leads to reactionary and highly emotional decision making. “While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making,” said John A. Wheeler, research director at Gartner. “These disciplines focus squarely on the uncertainty (as in, risk) as well as the methods or controls to reduce it. By doing so, the associated fear and doubt are subsequently eliminated.” The IT security market will grow at a CAGR of 9.29% over the 2012-2016 period, more than double the 4% increase overall IT budgets will see in 2014. In addition to Cisco, the key vendors include EMC, Fortinet, Hewlett-Packard, Juniper Networks, McAfee, Palo Alto Networks, Symantec, and Trend Micro. Despite being busy spying itself, the US government’s security budget is expected to be $6.1 billion next year. That’s up from last year’s $5.9 billion, and a lot less than the $7.3 billion projected for 2017. Contrast that with the U.S. intelligence budget for FY13, which was set at $52.3 billion, with an additional $400 million in spending across other government agencies, which require some level of interaction of data sharing with the intelligence community. However, earlier this month IDC’s 2014 predictions included two items highlighting why security’s future looks so dismal, including 70% of CIOs will increase enterprise exposure to risk to accelerate business agility through increased cloud adoption. Unfortunately for that increased risk exposure, by 2015, 60% of CIO security budgets for increasingly vulnerable legacy systems will be 30-40% too small to fund enterprise threat assessments. Next year will see plenty of opportunities for big data security analytics to enter the enterprise...

Read More

Big Data Security Analytics: Strong Opps, Some challenges

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March. To read the complete article, CLICK...

Read More