Cybersecurity Goes Private: McAfee and RSA

There are some interesting industry dynamics going on in the cybersecurity market. Just a few months ago, Symantec bought Blue Coat, taking a private company public and forming a cybersecurity industry colossus in the process. Now two other historical cybersecurity powerhouses are heading in the other direction and going private. When the Dell/EMC deal was approved this week, industry veteran RSA became the security division of the world’s largest diversified private technology company. Not to be outdone, Intel and partner TPG are spinning out McAfee as an independent private company. To read the complete article, CLICK...

Read More
Cybersecurity: The Emperor’s New Clothes
Jul21

Cybersecurity: The Emperor’s New Clothes

Intel Security has just released a new report that once again illustrates the threadbare state of cybersecurity: most organizations believe they are better protected than the facts support. “We believe we have a degree of overconfidence, possibly complacency,” said Raj Samani, EMEA CTO, Intel. The survey of IT executives within critical infrastructure organizations, ‘Holding the Line Against Cyber Threats: Critical Infrastructure Readiness Survey‘, produced by Intel Security and The Aspen Institute, found that 41% of respondents are already experiencing physical damage from attacks, and that 86% want more public-private cooperation. “This data raises new and vital questions about how public and private interests can best join forces to mitigate and defend against cyberattacks,” said Clark Kent Ervin, Director, Homeland Security Program, Aspen Institute, in a prepared statement. “This issue must be addressed by policymakers and corporate leaders alike.” Critical infrastructure security – or its lack – has been all over the news recently, including: -Germany passes strict cybersecurity law to protect ‘critical infrastructure’ -Ireland gears up for cyber war with a new strategy to protect critical infrastructure; -Britain’s Ministry of Defence fends off thousands of cyber attacks every day while its military systems log more than a million suspicious incidents on a daily basis; -the government of Canada was the target of a distributed denial of service (DDoS) attack that took down multiple federal websites, including those of the Departments of Justice, and Foreign Affairs; and, -Poland’s national airline had to ground 22 of its planes after finding hackers had attacked its computer system in Warsaw. At the end of June Tripwire reported that nearly all critical infrastructure industry executives recognize that their organizations are targets for cybercriminals, and more than half (61%) are confident their systems could detect attack in less than a day. The company questions this confidence. “The idea that these attacks would be detected quickly is basically a perception that’s driven from the ability of these organizations to deliver energy with very high availability,” wrote Rekha Shenoy, VP of business and corporate development for Tripwire. “However, in our experience, these organizations don’t have the visibility into cybersecurity issues that would allow them to detect an attack faster than other industries.” According to a new report a cyber attack on the US east coast could cost the economy $1 trillion. “The evidence of major attacks during 2014 suggests that attackers were often able to exploit vulnerabilities faster than defenders could remedy them,” Tom Bolt, director of performance management at Lloyd’s, said in the report from the University of Cambridge Centre for Risk Studies and the Lloyd’s of London insurance market. A lot of money is being...

Read More

Enterprise[s]… Establishing a “Cybersecurity Cavalry”

Based upon numerous discussions I’ve had with CISOs, the cybersecurity cavalry [highly-skilled and well-armed troops that establish security outposts to encounter adversaries out on the frontier] isn’t a passing fad but rather a major organizational shift that is gaining momentum. Indeed, large organizations are rapidly adding headcount and increasing budgets for this group. I’ve also seen financial services, defense contractors, and retail organizations giving CISOs the cybersecurity equivalent of eminent domain, allowing them to commandeer IT segments, sound alarm bells, and establish active network policy enforcement actions to improve threat response, even if these actions may temporarily disrupt business operations. This type of authority was unheard of in the past. To read the complete article, CLICK...

Read More

Cisco, FireEye Announcements: A Microcosm of the …

The Cisco and FireEye announcements are a microcosm of what’s happening in cybersecurity. Large organizations are abandoning individual point tools in favor of integrated cybersecurity technology architectures – exactly why Cisco bought Sourcefire and is now bringing the best of both companies together. Aside from technology alone, CISOs also need to supplement internal infosec resources with the right skills. FireEye is now addressing this. These trends are not a secret – other vendors including HP, IBM, RSA, and Symantec have their own plans for integrated security technology architecture and managed/professional services. This may be the market direction but it’s important to note that the move toward integrated security architecture and managed services represents a major cybersecurity transition for enterprise organizations. Vendors who can guide customers through this evolution with the right project plans, reference architectures, and industry-specific implementation guidelines will put themselves in the best position. To read the complete article, CLICK...

Read More

Cloud Security Priorities and Synergies with Enterprise…

According to ESG research, 63% of mid-market (i.e., 250 to 999 employees) and enterprise (i.e., more than 1,000 employees) are currently using software-as-a service (SaaS), 33% use infrastructure-as-a-service (IaaS), and 27% employ platform-as-a-service (PaaS) today. Additionally, 72% of all firms are increasing their spending on cloud computing initiatives this year. (Source: ESG Research Report, 2014 IT Spending Intentions Survey, February 2014.) Wasn’t IT risk supposed to put the brakes on cloud computing deployment? Security professionals are still quite concerned. In an ESG research survey, infosec pros identified numerous cloud security risk areas as follows (Source: ESG Custom Research, IaaS Security Survey, September 2013.): To read the complete article, CLICK...

Read More