Cloud Security Priorities and Synergies with Enterprise…

According to ESG research, 63% of mid-market (i.e., 250 to 999 employees) and enterprise (i.e., more than 1,000 employees) are currently using software-as-a service (SaaS), 33% use infrastructure-as-a-service (IaaS), and 27% employ platform-as-a-service (PaaS) today. Additionally, 72% of all firms are increasing their spending on cloud computing initiatives this year. (Source: ESG Research Report, 2014 IT Spending Intentions Survey, February 2014.) Wasn’t IT risk supposed to put the brakes on cloud computing deployment? Security professionals are still quite concerned. In an ESG research survey, infosec pros identified numerous cloud security risk areas as follows (Source: ESG Custom Research, IaaS Security Survey, September 2013.): To read the complete article, CLICK...

Read More

BYOA: Bring Your Own Authentication

Most people who use IT or Internet applications would agree that the current username/password mode of authentication is cumbersome, ineffective, and obsolete. According to ESG research, 55% of information security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that username/password authentication should be completely eliminated or relegated to non-business critical applications only. Recognizing the foibles of usernames and passwords, ESG research indicates that 57% of enterprise organizations use multi-factor authentication technologies. Unfortunately, multi-factor authentication technology has been too expensive and complex to roll-out across enterprises or offer to online consumers. To read the complete article, CLICK...

Read More

Big Data Security Analytics “Plumbing”

According to 2012 ESG research, 44% of enterprise organizations (i.e., those with more than 1,000 employees) considered their security data collection and analysis a “big data” application while another 44% believed that their security data collection and analysis would become a big data application within the following two years. Furthermore, 86% of enterprises collected substantially more or somewhat more security data than they had two years earlier. (Source: ESG Research Report, The Emerging Intersection Between Big Data and Security Analytics, November 2012.) The ongoing trend is pretty clear – large organizations are collecting, processing, and retaining more and more data for analysis using an assortment of tools and services from vendors like IBM, Lancope, LogRhythm, Raytheon, RSA Security, and Splunk to make the data “actionable” for risk management and incident prevention/detection/response. To read the complete article, CLICK...

Read More

Enterprise(s)… Taking Steps to Improve … Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee. This gave the hackers access to the user records of 145 million users including home addresses, e-mail addresses, dates of birth, and encrypted passwords. It appears that the hackers made copies of this data so eBay is advising all users to change their passwords. The eBay hack is just the latest in a perpetual series of bad cybersecurity news. What’s worse here is that eBay is no slouch when it comes to information security best practices. So it’s especially alarming when a firm like eBay is compromised – if eBay can suffer a data breach, anyone can suffer a data breach. If there is a silver lining here it is that other large organizations realize that they have to do more to protect themselves from cybercrime. For example, many enterprises are taking a harder look at their incident prevention controls and exploring ways to block threats and/or reduce the attack surface across their networks. Aside from these traditional defenses, however, firms are also investing a lot of time, money, and human resources on security analytics. Why? Most CISOs realize that legacy SIEM and log management tools are no match for today’s social engineering attacks and sophisticated malware payloads. To read the complete article, CLICK...

Read More

Antivirus Software Is Not Quite Dead Yet

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.”  Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.” I beg your pardon, Brian?  Isn’t Symantec the market leader?  Just what are you saying?  In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc.  Panic and wild predictions abound.  Dogs and cats living together in the streets . . . I’ve been researching the endpoint security market for a good dozen years so allow me to put Dye’s death certificate in context. To read the complete article, CLICK...

Read More