Anticipating Black Hat

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next [THIS] week for cocktails, sushi bars, and oh yeah – Black Hat. Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on: To read the complete article, CLICK...

Read More

Enterprise(s)… Taking Steps to Improve … Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords. The eBay hack is just the latest in a perpetual series of bad cybersecurity news. What’s worse here is that eBay is no slouch when it comes to information security best practices. So it’s especially alarming when a firm like eBay is compromised – if eBay can suffer a data breach, anyone can suffer a data breach. If there is a silver lining here it is that other large organizations realize that they have to do more to protect themselves from cybercrime. For example, many enterprises are taking a harder look at their incident prevention controls and exploring ways to block threats and/or reduce the attack surface across their networks. Aside from these traditional defenses, however, firms are also investing a lot of time, money, and human resources on security analytics. Why? Most CISOs realize that legacy SIEM and log management tools are no match for today’s social engineering attacks and sophisticated malware payloads. To read the complete article, CLICK...

Read More

Advanced Malware Detection and Response and… on the Rise

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs. Yup, all of these technology vendors seem to be doing just fine, but there is another parallel success story in play – albeit a rather stealthy one. Advanced malware detection and response services revenue is actually growing at about twice as fast as product revenue. Much of this growth is coming from the midmarket but enterprise organizations are also jumping on the bandwagon. According to ESG research, 60% of enterprise organizations already working with professional/managed security services have increased their use of these services “substantially” or “somewhat” over the last 2 years. To read the complete article, CLICK...

Read More

Enterprise CISO Challenges In 2014

I’m sure lots of CISOs spent this week meeting with their teams, reviewing their 2013 performance, and solidifying plans for 2014.  Good idea from my perspective. The CISOs I’ve spoken with recently know exactly what they have to do but aren’t nearly as certain about how to do it. At a high level, here’s what I’m hearing around CISO goals and the associated challenges ahead this year: To read the complete article, CLICK...

Read More

New Year’s Forecast For The Info Security Industry: Part 1

I hope my cybersecurity colleagues enjoyed their holiday these past few weeks. It was surely well deserved as the year 2013 will be remembered as a whirlwind of activity featuring successful IPOs and scary security incidents. Given this, it’s likely that security professionals spent the last few weeks with one eye on family and holidays and another on emerging details about the massive breach at Target. So what’s in store for the information security industry in 2014? On the surface, it should be a happy new year across the board for security technology vendors, MSSPs, and professional service firms. That said, there is a lot of work ahead as enterprise organizations figure out how to transform an army of point tools and manual processes into a cohesive security strategy. To read the complete article, CLICK...

Read More