Enterprise[s]… Establishing a “Cybersecurity Cavalry”

Based upon numerous discussions I’ve had with CISOs, the cybersecurity cavalry [highly-skilled and well-armed troops that establish security outposts to encounter adversaries out on the frontier] isn’t a passing fad but rather a major organizational shift that is gaining momentum. Indeed, large organizations are rapidly adding headcount and increasing budgets for this group. I’ve also seen financial services, defense contractors, and retail organizations giving CISOs the cybersecurity equivalent of eminent domain, allowing them to commandeer IT segments, sound alarm bells, and establish active network policy enforcement actions to improve threat response, even if these actions may temporarily disrupt business operations. This type of authority was unheard of in the past. To read the complete article, CLICK...

Read More

Enterprise(s)… Taking Steps to Improve … Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords. The eBay hack is just the latest in a perpetual series of bad cybersecurity news. What’s worse here is that eBay is no slouch when it comes to information security best practices. So it’s especially alarming when a firm like eBay is compromised – if eBay can suffer a data breach, anyone can suffer a data breach. If there is a silver lining here it is that other large organizations realize that they have to do more to protect themselves from cybercrime. For example, many enterprises are taking a harder look at their incident prevention controls and exploring ways to block threats and/or reduce the attack surface across their networks. Aside from these traditional defenses, however, firms are also investing a lot of time, money, and human resources on security analytics. Why? Most CISOs realize that legacy SIEM and log management tools are no match for today’s social engineering attacks and sophisticated malware payloads. To read the complete article, CLICK...

Read More
Security 2014: Expect A Bad Situation To Get Worse
Dec16

Security 2014: Expect A Bad Situation To Get Worse

With the IT Trends & Analysis holiday break starting next week (December 23-January 3), I’m clearing out my mailbox, and trying to incorporate the various vendor 2014 predictions into this week’s stories, including today’s focus on security. One would expect doom and gloom forecasts from security vendors – and IT industry analysts – and you won’t be disappointed. Looks like CISOs can expect the Grinch for the holidays… and the foreseeable future. Recent publicity about cyberattacks and data security breaches has increased IT risk awareness among CIOs, chief information security officers (CISOs) and senior business executives. However, Gartner’s 2013 Global Risk Management Survey found that fear of attack is causing security professionals to shift focus away from disciplines such as enterprise risk management and risk-based information security to technical security. This shift in focus is driven by what Gartner analysts refer to as fear, uncertainty and doubt (FUD), which often leads to reactionary and highly emotional decision making. “While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making,” said John A. Wheeler, research director at Gartner. “These disciplines focus squarely on the uncertainty (as in, risk) as well as the methods or controls to reduce it. By doing so, the associated fear and doubt are subsequently eliminated.” The IT security market will grow at a CAGR of 9.29% over the 2012-2016 period, more than double the 4% increase overall IT budgets will see in 2014. In addition to Cisco, the key vendors include EMC, Fortinet, Hewlett-Packard, Juniper Networks, McAfee, Palo Alto Networks, Symantec, and Trend Micro. Despite being busy spying itself, the US government’s security budget is expected to be $6.1 billion next year. That’s up from last year’s $5.9 billion, and a lot less than the $7.3 billion projected for 2017. Contrast that with the U.S. intelligence budget for FY13, which was set at $52.3 billion, with an additional $400 million in spending across other government agencies, which require some level of interaction of data sharing with the intelligence community. However, earlier this month IDC’s 2014 predictions included two items highlighting why security’s future looks so dismal, including 70% of CIOs will increase enterprise exposure to risk to accelerate business agility through increased cloud adoption. Unfortunately for that increased risk exposure, by 2015, 60% of CIO security budgets for increasingly vulnerable legacy systems will be 30-40% too small to fund enterprise threat assessments. Next year will see plenty of opportunities for big data security analytics to enter the enterprise...

Read More

Big Data Security Analytics: Strong Opps, Some challenges

My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March. To read the complete article, CLICK...

Read More