Author Archives: Jon Oltsik
Author Archives: Jon Oltsik
I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:To read this article in full or to leave a comment, please click here
I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:To read this article in full or to leave a comment, please click here
I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, Splunk's senior vice president of security markets, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:To read this article in full or to leave a comment, please click here
As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here’s my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that Ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100% year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the Internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back but I always thought they’d be used as a smokescreen for other attacks. Looks like Ransomware and Internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here are my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100 percent year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back, but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
As I read about the WannaCry ransomware attack, my brain is racing with thoughts about the causes and effects of this global incident. Here are my two cents:1. Ransomware continues to be a growth business, and a bit of work can provide a serious return. The FBI estimated that ransomware payments topped $1 billion in 2016, and I wouldn’t be surprised if we saw 100 percent year-over-year growth. 2. For those of us who’ve been in cybersecurity for a while, WannaCry brings back memories of the internet worms we saw back in the 2000s (i.e. Code Red, Conficker, MSBlast, Nimda, etc.). Once one person on a network was infected, WannaCry simply went out and infected other vulnerable systems on the network. I knew that worm techniques would come back, but I always thought they’d be used as a smokescreen for other attacks. Looks like ransomware and internet worms can be as compatible as chocolate and peanut butter.To read this article in full or to leave a comment, please click here
Earlier this week, I posted a blog about changes cybersecurity technology procurement changes at enterprise organizations. According to ESG research, enterprises are consolidating the number of cybersecurity vendors they do business with and purchasing security products designed for integration (note: I am an ESG employee). Eventually, CISOs will buy more products from fewer vendors, leading to the rise of a few enterprise-class cybersecurity technology vendors that dominate the space. These vendors will offer tightly integrated cybersecurity technology architectures that span across applications, host systems, networks, and cloud-based assets, offering capabilities for threat analysis/investigations as well as prevention, detection, and response.To read this article in full or to leave a comment, please click here
Enterprises are changing their cybersecurity technology procurement habits and consolidating the number of cybersecurity vendors they do business with and purchasing security products designed for integration, according to ESG research. Eventually, CISOs will buy more products from fewer vendors, leading to the rise of a few enterprise-class cybersecurity technology vendors that dominate the space. These vendors will offer tightly integrated cybersecurity technology architectures that span across applications, host systems, networks and cloud-based assets, offering capabilities for threat analysis/investigations, as well as prevention, detection and response.To read this article in full or to leave a comment, please click here
Enterprises are changing their cybersecurity technology procurement habits and consolidating the number of cybersecurity vendors they do business with and purchasing security products designed for integration, according to ESG research. Eventually, CISOs will buy more products from fewer vendors, leading to the rise of a few enterprise-class cybersecurity technology vendors that dominate the space. These vendors will offer tightly integrated cybersecurity technology architectures that span across applications, host systems, networks and cloud-based assets, offering capabilities for threat analysis/investigations, as well as prevention, detection and response.To read this article in full or to leave a comment, please click here
When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch + Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here
When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch + Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here
A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigm—everyone needed, or at least wanted a NGFW at the perimeter or within the internal network.Fast forward to 2017, and the bloom is coming off the NGFW rose for several reasons: Requirements have changed. NGFWs followed in the footsteps of earlier firewalls—physical appliances installed inline to protect private networks from the public Internet. Back then, mobile and remote office workers VPNed into the corporate network and traffic was backhauled for Internet ingress/egress. This model is changing rapidly, however. As cloud computing, SaaS, mobility and broadband networks evolved, mobile and remote worker connection are often dual homed, offering direct connections to the public internet. Once this happens, NGFWs lose their usefulness, offering no visibility or control of network traffic. Software is eating the world. Remember Marc Andreessen’s famous essay about the rise of software? Ironically, his publication doesn’t dedicate a single word to cybersecurity, but make no mistake, software is eating Continue reading
A few years ago, next-generation firewalls (NGFWs) came out of nowhere to become a network security staple. These devices combined traditional L3/L4 packet filtering with deep packet inspection, IPS, and other network security services along with knowledge about users and applications. This broad functionality packaging changed the network security paradigm—everyone needed, or at least wanted a NGFW at the perimeter or within the internal network.Fast forward to 2017, and the bloom is coming off the NGFW rose for several reasons: Requirements have changed. NGFWs followed in the footsteps of earlier firewalls—physical appliances installed inline to protect private networks from the public Internet. Back then, mobile and remote office workers VPNed into the corporate network and traffic was backhauled for Internet ingress/egress. This model is changing rapidly, however. As cloud computing, SaaS, mobility and broadband networks evolved, mobile and remote worker connection are often dual homed, offering direct connections to the public internet. Once this happens, NGFWs lose their usefulness, offering no visibility or control of network traffic. Software is eating the world. Remember Marc Andreessen’s famous essay about the rise of software? Ironically, his publication doesn’t dedicate a single word to cybersecurity, but make no mistake, software is eating Continue reading
Last week, I posted a blog about the move toward cybersecurity vendor and technology consolidation along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces these conclusions. As part of a recent ESG research project, 176 cybersecurity and It professionals were presented with several statements and asked whether they agreed or disagreed with each one (note: I am an ESG employee). Here are the results: 82% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization is actively building a security architecture that integrates multiple individual product.’ This is likely part of a SOAPA (i.e. security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: ‘Cybersecurity product integration has become an important consideration of our security procurement criteria.’ In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: ‘The security products my organization buys are regularly qualified on their integration capabilities. This aligns with the previous point. 73% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization Continue reading
Last week, I posted a blog about the move toward cybersecurity vendor and technology consolidation along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces these conclusions. As part of a recent ESG research project, 176 cybersecurity and It professionals were presented with several statements and asked whether they agreed or disagreed with each one (note: I am an ESG employee). Here are the results: 82% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization is actively building a security architecture that integrates multiple individual product.’ This is likely part of a SOAPA (i.e. security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: ‘Cybersecurity product integration has become an important consideration of our security procurement criteria.’ In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: ‘The security products my organization buys are regularly qualified on their integration capabilities. This aligns with the previous point. 73% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization Continue reading
Last week, I wrote about the move toward cybersecurity vendor and technology consolidation, along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces those conclusions. As part of a recent ESG research project, 176 cybersecurity and IT professionals were presented with several statements and asked whether they agreed or disagreed with each one. Here are the results: 82% of survey respondents “strongly agree” or “agree” with the statement: "My organization is actively building a security architecture that integrates multiple individual product." This is likely part of a SOAPA (security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: "Cybersecurity product integration has become an important consideration of our security procurement criteria." In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: "The security products my organization buys are regularly qualified on their integration capabilities." This aligns with the previous point. 73% of survey respondents “strongly agree” or “agree” with the statement: "My organization tends to select best-of-breed products." Once again, the data reflects that Continue reading
Last week, I wrote about the move toward cybersecurity vendor and technology consolidation, along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces those conclusions. As part of a recent ESG research project, 176 cybersecurity and IT professionals were presented with several statements and asked whether they agreed or disagreed with each one. Here are the results: 82% of survey respondents “strongly agree” or “agree” with the statement: "My organization is actively building a security architecture that integrates multiple individual product." This is likely part of a SOAPA (security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: "Cybersecurity product integration has become an important consideration of our security procurement criteria." In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: "The security products my organization buys are regularly qualified on their integration capabilities." This aligns with the previous point. 73% of survey respondents “strongly agree” or “agree” with the statement: "My organization tends to select best-of-breed products." Once again, the data reflects that Continue reading
Look around the cybersecurity infrastructure at any enterprise organization, and here’s what you’ll see—dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn’t planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here
Look around the cybersecurity infrastructure at any enterprise organization, and here’s what you’ll see—dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn’t planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here
The global cybersecurity skills shortage continues to be a critical issue. For example, ESG research found 45% of organizations report a “problematic shortage” of cybersecurity skills today, more than any other area within IT.Want more? Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members: 29% of cybersecurity professionals said the global cybersecurity skills shortage has had a significant impact on their organization. Another 40% said the global cybersecurity skills shortage has impacted their organization “somewhat.” When asked to identify the impact of the cybersecurity skills shortage: 54% said it increased the cybersecurity staff’s workload 35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary 35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn’t had time to learn or use its security technologies to their full potential While the cybersecurity skills shortage endures, the industry itself remains white hot. According to a recent Bloomberg business article, the cybersecurity industry is expected to grow about 7% a year through 2019 to Continue reading