Jon Oltsik
Author Archives: Jon Oltsik
- Home → Author's archive:
Jon Oltsik
0
Crypto: Nominated to the Cybersecurity Canon
If you are a cybersecurity professionals or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. Just what is a Canon? There are lots of definitions but that one that applies here is, “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is:“To identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”To read this article in full or to leave a comment, please click here
0
Crypto: Nominated to the Cybersecurity Canon
If you are a cybersecurity professional or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. What is a canon? There are lots of definitions, but the one that applies here is “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is: “To identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”To read this article in full or to leave a comment, please click here
0
Cybersecurity highlights from Cisco Live
Cisco is wrapping up its annual Cisco Live customer event. This year’s proceedings took over Las Vegas, occupying the Bellagio, Luxor, Mandalay Bay and MGM Grand hotel. At least for this week, Cisco was bigger in Vegas than Wayne Newton, Steve Wynn and even Carrot Top. While digital transformation served as the main theme at Cisco Live, cybersecurity had a strong supporting role throughout the event. For example, of all of the technology and business initiatives at Cisco, CEO Chuck Robbins highlighted cybersecurity in his keynote presentation by bringing the GM of Cisco’s cybersecurity business unit, David Goeckeler, on stage to describe his division’s progress. To read this article in full or to leave a comment, please click here
0
Operationalizing Threat Intelligence
In 2015, I conducted some in-depth research around enterprise organizations’ consumption, use, and sharing of threat intelligence. Time and time again, I heard cybersecurity professionals proclaim that their organizations had to do a better job “operationalizing” threat intelligence. Hmm, sounds like a worthwhile security management goal if I’ve ever heard one but what exactly does this mean? Some ESG research may be helpful here (note: I am an ESG analyst). ESG surveyed 304 IT and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them to identify their organization’s top threat intelligence challenges. The data reveals that:To read this article in full or to leave a comment, please click here
0
Operationalizing Threat Intelligence
In 2015, I conducted some in-depth research around enterprise organizations’ consumption, use, and sharing of threat intelligence. Time and time again, I heard cybersecurity professionals proclaim that their organizations had to do a better job “operationalizing” threat intelligence. Hmm, sounds like a worthwhile security management goal if I’ve ever heard one but what exactly does this mean? Some ESG research may be helpful here (note: I am an ESG analyst). ESG surveyed 304 IT and cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them to identify their organization’s top threat intelligence challenges. The data reveals that:To read this article in full or to leave a comment, please click here
0
A FireEye Chat with Kevin Mandia
In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO. My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others. Here are a few highlights:On FireEye’s direction: In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye. Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well. This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation. To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis. The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here
0
A FireEye Chat with Kevin Mandia
In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO. My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others. Here are a few highlights:On FireEye’s direction: In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye. Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well. This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation. To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis. The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here
0
A FireEye chat with Kevin Mandia
In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO. My colleague Doug Cahill had a chance to catch up with Mandia yesterday to get his perspectives on FireEye, enterprise security and the threat landscape amongst others. Here are a few highlights:On FireEye’s direction: In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye. Normally, this vision would be equated with security products alone, but Mandia believes products can anchor services as well. This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation. To accomplish this, FireEye products must be “best in class” for threat detection on a stand-alone basis. The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here
0
Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)
Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP). As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits. I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste. In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here
0
Federal Cybersecurity Boondoggle: The Software Assurance Marketplace (SWAMP)
Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP). As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits. I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste. In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.To read this article in full or to leave a comment, please click here
0
Quick Take: Symantec Buys Blue Coat
When former CEO Mike Brown left Symantec in April of this year, I wrote a blog about what I would do if I were recruited as Mike’s replacement. While one of my suggestions was for Symantec to resume M&A activities, I was really thinking about a strategy for filling in product gaps – perhaps Symantec could pick up LogRhythm to add a leading SIEM to its portfolio, or grab Carbon Black for endpoint security analytics and forensics.Hmm, I never even contemplated a big-time merger, so I was as surprised as anyone when Symantec announced its plan to acquire Blue Coat. I’ve had a few hours to digest this news and will certainly learn more in the days to come. Nevertheless, as an industry analyst, I can’t help but voice my early opinion on this deal.To read this article in full or to leave a comment, please click here
0
Quick Take: Symantec Buys Blue Coat
When former CEO Mike Brown left Symantec in April of this year, I wrote a blog about what I would do if I were recruited as Mike’s replacement. While one of my suggestions was for Symantec to resume M&A activities, I was really thinking about a strategy for filling in product gaps – perhaps Symantec could pick up LogRhythm to add a leading SIEM to its portfolio, or grab Carbon Black for endpoint security analytics and forensics.Hmm, I never even contemplated a big-time merger, so I was as surprised as anyone when Symantec announced its plan to acquire Blue Coat. I’ve had a few hours to digest this news and will certainly learn more in the days to come. Nevertheless, as an industry analyst, I can’t help but voice my early opinion on this deal.To read this article in full or to leave a comment, please click here
0
Endpoint detection and response: What’s important?
My colleagues Doug Cahill, Kyle Prigmore and I recently completed a research project on next-generation endpoint security. We determined that there are actually two distinct product categories within next-generation endpoint security: advanced prevention and advanced detection and response (EDR). While most firms seem to be gravitating toward advanced prevention, massive enterprise organizations tend to move in the opposite direction by evaluating, testing and deploying EDR products. Why? These organizations have large cybersecurity teams with lots of experience, so they are willing to dedicate resources toward more complex projects.Furthermore, many of these enterprise organizations are already investing in security analytics by collecting, processing and analyzing data from numerous disparate sources (i.e., network forensics, events/logs, threat intelligence, etc.). Endpoint forensic data is a natural extension of these cybersecurity analytics efforts. To read this article in full or to leave a comment, please click here
0
Endpoint detection and response: What’s important?
My colleagues Doug Cahill, Kyle Prigmore and I recently completed a research project on next-generation endpoint security. We determined that there are actually two distinct product categories within next-generation endpoint security: advanced prevention and advanced detection and response (EDR). While most firms seem to be gravitating toward advanced prevention, massive enterprise organizations tend to move in the opposite direction by evaluating, testing and deploying EDR products. Why? These organizations have large cybersecurity teams with lots of experience, so they are willing to dedicate resources toward more complex projects.Furthermore, many of these enterprise organizations are already investing in security analytics by collecting, processing and analyzing data from numerous disparate sources (i.e., network forensics, events/logs, threat intelligence, etc.). Endpoint forensic data is a natural extension of these cybersecurity analytics efforts. To read this article in full or to leave a comment, please click here
0
Enterprises Are Investing in Network Security Analytics
If I’ve heard it once, I’ve heard it one thousand times. Traditional security controls are no longer effective at blocking cyber-threats so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response.Unfortunately, this can be more difficult than it seems. Why? Effective Incident detection and response depends upon security analytics technology and this is where the confusion lies. It turns out that there are lots of security analytics tools out there that approach this problem from different angles. Given this reality, where the heck do you start?Based upon lots of qualitative and quantitative research, I’m finding that many large organizations with experienced security teams tend to jump into security analytics by focusing their effort on the network for several reasons:To read this article in full or to leave a comment, please click here
0
Enterprises Are Investing in Network Security Analytics
If I’ve heard it once, I’ve heard it one thousand times. Traditional security controls are no longer effective at blocking cyber-threats so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response.Unfortunately, this can be more difficult than it seems. Why? Effective Incident detection and response depends upon security analytics technology and this is where the confusion lies. It turns out that there are lots of security analytics tools out there that approach this problem from different angles. Given this reality, where the heck do you start?Based upon lots of qualitative and quantitative research, I’m finding that many large organizations with experienced security teams tend to jump into security analytics by focusing their effort on the network for several reasons:To read this article in full or to leave a comment, please click here
0
Software-defined Perimeter (SDP) Essentials
I’ve written about SDPs a few times as I think this model is a strong fit today’s IT cocktail made up of mobile applications, public cloud infrastructure, and pervasive security threats. Just what is an SDP anyway? The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis. Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings while Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly-visible. While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly. SDP is clearly associated with numerous innovations and initiatives of the past including next-generation firewalls, network access control (NAC), and even 802.1X so there are plenty of SDP-like solutions from vendors like Cisco, HP (Aruba), and Pulse Secure (formerly part of Juniper). While definitions vary slightly, SDP is also closely aligned with concepts like attribute-based authentication so SaaS providers like Microsoft (Azure AD), Okta, and Continue reading
0
Software-Defined Perimeter Essentials
I’ve written about Software-Defined Perimeter (SDP) a few times, as I think this model is a strong fit for today’s IT cocktail made up of mobile applications, public cloud infrastructure and pervasive security threats. What is an SDP? The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis. Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings. In addition, Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly visible. While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly. SDP is clearly associated with numerous innovations and initiatives of the past, including next-generation firewalls, network access control (NAC) and even 802.1X, so there are plenty of SDP-like solutions from vendors such as Cisco, HP (Aruba) and Pulse Secure (formerly part of Juniper). To read this article in full or to leave a comment, please click here
0
Are There Workloads that Don’t Belong in the Public Cloud?
According to ESG research, 75% of organizations are currently using a public cloud service while another 19% have plans or interest in doing so (note: I am an ESG employee). Furthermore, 56% of all public cloud-based workloads are considered IT production workloads while the remaining 44% are classified as non-production workloads (i.e. test, development, staging, etc.).This trend has lots of traditional IT vendors somewhat worried, as well they should be. Nevertheless, some IT veterans believe that there are limitations to this movement. Yes, pedestrian workloads may move to the public cloud over the next few years but business-critical applications, key network-based business processes, and sensitive data should (and will) remain firmly planted in enterprise data centers now and forever.To read this article in full or to leave a comment, please click here
0
Are there workloads in the cloud that don’t belong there?
According to ESG research, 75 percent of organizations currently use a public cloud service, while another 19 percent have plans or interest in doing so. Furthermore, 56 percent of all public cloud-based workloads are considered IT production workloads, while the remaining 44 percent are classified as non-production workloads (i.e., test, development, staging, etc.).This trend has lots of traditional IT vendors somewhat worried, and they should be. Nevertheless, some IT veterans believe there are limitations to this movement. Yes, pedestrian workloads may move to the public cloud over the next few years, but business-critical applications, key network-based business processes and sensitive data should (and will) remain firmly planted in enterprise data centers now and forever.To read this article in full or to leave a comment, please click here