Security Operations Spending and ROI

ESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax. To read the complete article, CLICK...

Read More

Security Analytics and Operations at RSA

So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e., security operations and analytics platform architecture). Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts. With SOAPA in mind, here’s what I’m expecting to see at RSA: To read the complete article, CLICK...

Read More

Goodbye SIEM, Hello SOAPA

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk. Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. To read the complete article, CLICK...

Read More

SIEM Market Dynamics in Play

When I started focusing on the security market 14 years ago, the SIEM market was a burgeoning market populated by vendors such as CA, e-Security, Intellitactics, and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived, and changed every few years. SIEM started as a central repository for event correlation for perimeter security devices. It then morphed into a reporting engine for governance and compliance. In a subsequent phase, SIEM became more of a query and log management tool for security analysts. To read the complete article, CLICK...

Read More

Enterprises are investing in network security analytics

If I’ve heard it once, I’ve heard it a thousand times: traditional security controls are no longer effective at blocking cyber-threats, so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response. Unfortunately, this can be more difficult than it seems. Why? Effective Incident detection and response depends upon security analytics technology, and this is where the confusion lies. It turns out that there are lots of security analytics tools out there that approach this problem from different angles. Given this reality, where the heck do you start? To read the complete article, CLICK...

Read More