Author Archives: Jon Oltsik
Author Archives: Jon Oltsik
Raimund Genes I learned this past Saturday that my good friend and Trend Micro CTO, Raimund Genes, passed away suddenly last week. Raimund was only 54.If you were lucky enough to cross paths with Raimund, you probably share my profound sorrow at his passing. For those who never had the pleasure of a meeting, allow me to provide a few thoughts about him: I first met Raimund at an industry event where he was supposed to go through a PowerPoint presentation with me. Upon shaking my hand, he said something like, “Let’s skip the formalities of a canned presentation, go to the bar, get a drink, and just talk.” We did have a drink at the bar that day, but what I remember most was an hour of insightful and entertaining banter. He was both informal and informative simultaneously, and we immediately connected. One of the things that I love about my job is that I get to speak to some of the smartest cybersecurity people—professionals, researchers, technology vendors, legislators, etc.—on a regular basis. Out of this exceptional population, however, some people stand out. I call these folks my “beacons” in that I’m more engaged when I Continue reading
In 2015, ESG did an in-depth research project on cyber threat intelligence usage at enterprise organizations (i.e. more than 1,000 employees). The goal of this project was to determine how large firms were using threat intelligence, what challenges they faced, how they were addressing these challenges and what their strategies were moving forward.The research revealed that many threat intelligence programs were relatively immature—40 percent of threat intelligence programs had been in place fewer than two years at that time. Cybersecurity professionals were also asked to identify the top objectives for their organization’s threat intelligence program. The top results were as follows:To read this article in full or to leave a comment, please click here
In 2015, ESG did an in-depth research project on cyber threat intelligence usage at enterprise organizations (i.e. more than 1,000 employees). The goal of this project was to determine how large firms were using threat intelligence, what challenges they faced, how they were addressing these challenges and what their strategies were moving forward.The research revealed that many threat intelligence programs were relatively immature—40 percent of threat intelligence programs had been in place fewer than two years at that time. Cybersecurity professionals were also asked to identify the top objectives for their organization’s threat intelligence program. The top results were as follows:To read this article in full or to leave a comment, please click here
A few years ago, ESG (and other) research indicated that security concerns posed the biggest impediment for more pervasive use of cloud computing. What happened next? Business executives and CIOs found that cloud agility, flexibility, and potential cost savings were too good to pass up, creating a “cloud or bust” mentality. Naturally, CISOs had to do their best and go along for the ride whether they were ready or not.So, how’s cloud security going at this point? ESG research indicates it is still a work in progress (note: I am an ESG employee). As part of a recent survey, cybersecurity professionals were presented with a series of statements about cloud security and asked whether they agreed or disagreed with each one. Here are some of the results:To read this article in full or to leave a comment, please click here
A few years ago, ESG (and other) research indicated that security concerns posed the biggest impediment for more pervasive use of cloud computing. What happened next? Business executives and CIOs found that cloud agility, flexibility and potential cost savings were too good to pass up, creating a “cloud or bust” mentality. Naturally, CISOs had to do their best and go along for the ride whether they were ready or not.+ Also on Network World: The top 12 cloud security threats + So, how’s cloud security going at this point? ESG research indicates it is still a work in progress. As part of a recent survey, cybersecurity professionals were presented with a series of statements about cloud security and asked whether they agreed or disagreed with each one. Here are some of the results:To read this article in full or to leave a comment, please click here
A few years ago, ESG (and other) research indicated that security concerns posed the biggest impediment for more pervasive use of cloud computing. What happened next? Business executives and CIOs found that cloud agility, flexibility and potential cost savings were too good to pass up, creating a “cloud or bust” mentality. Naturally, CISOs had to do their best and go along for the ride whether they were ready or not.+ Also on Network World: The top 12 cloud security threats + So, how’s cloud security going at this point? ESG research indicates it is still a work in progress. As part of a recent survey, cybersecurity professionals were presented with a series of statements about cloud security and asked whether they agreed or disagreed with each one. Here are some of the results:To read this article in full or to leave a comment, please click here
I couldn’t attend the RSA Conference this year but many cybersecurity professionals and my ESG colleagues told me that incident response automation and orchestration was one of the hottest topics in the halls of the Moscone Center, through the bar at the W hotel, and even at the teahouse on the garden at Yerba Buena. Was this rhetoric just industry hype? Nope. This buzz is driven by the demand side rather than suppliers. In truth, cybersecurity professionals need immediate IR help for several reasons:1. IR is dominated by manual processes. Let’s face it, IR tasks like fetching data, tracking events, or collaborating with colleagues depend upon the organizational, communications, and technical skills of individuals within the security operations team. These manual processes ultimately get in the way of overall IR productivity. In a recent research project, infosec pros were asked: ‘Do you believe that your organization’s incident response efficiency and effectiveness are limited by the time and effort required for manual processes?’ Fifty-two percent of cybersecurity professionals responded, “yes, significantly” while another 41% said, “yes, somewhat.” Furthermore, 27% of cybersecurity pros say they spend 50% or more of their Continue reading
I couldn’t attend the RSA Conference this year, but many cybersecurity professionals and my ESG colleagues told me that incident response (IR) automation and orchestration was one of the hottest topics in the halls of the Moscone Center—through the bar at the W hotel and even at the teahouse on the garden at Yerba Buena. Was this rhetoric just industry hype? Nope. This buzz is driven by the demand side rather than suppliers. In truth, cybersecurity professionals need immediate IR help for several reasons:1. IR is dominated by manual processes. Let’s face it, IR tasks such as fetching data, tracking events or collaborating with colleagues depend upon the organizational, communications and technical skills of individuals within the security operations team. These manual processes ultimately get in the way of overall IR productivity.To read this article in full or to leave a comment, please click here
I couldn’t attend the RSA Conference this year, but many cybersecurity professionals and my ESG colleagues told me that incident response (IR) automation and orchestration was one of the hottest topics in the halls of the Moscone Center—through the bar at the W hotel and even at the teahouse on the garden at Yerba Buena. Was this rhetoric just industry hype? Nope. This buzz is driven by the demand side rather than suppliers. In truth, cybersecurity professionals need immediate IR help for several reasons:1. IR is dominated by manual processes. Let’s face it, IR tasks such as fetching data, tracking events or collaborating with colleagues depend upon the organizational, communications and technical skills of individuals within the security operations team. These manual processes ultimately get in the way of overall IR productivity.To read this article in full or to leave a comment, please click here
Last week, I posted this blog describing my interview with IBM security GM, Marc van Zadelhoff, where we talked about his perspective about the transition from security analytics and operations point tools to an integrated event-based security analytics and operations platform architecture (SOAPA). Here’s a link to the initial blog I wrote back in November that describes SOAPA – what it is and why it is becoming so popular with enterprise organizations. To read this article in full or to leave a comment, please click here
Last week, I wrote about my interview with IBM security general manager Marc van Zadelhoff, where we talked about his perspective about the transition from security analytics and operations point tools to an integrated event-based security analytics and operations platform architecture (SOAPA). In part 2 of the interview, we talked about SOAPA requirements, intelligence and the need for SOAPA to scale. You can view the interview here. Some of the highlights include:To read this article in full or to leave a comment, please click here
Last week, I wrote about my interview with IBM security general manager Marc van Zadelhoff, where we talked about his perspective about the transition from security analytics and operations point tools to an integrated event-based security analytics and operations platform architecture (SOAPA). In part 2 of the interview, we talked about SOAPA requirements, intelligence and the need for SOAPA to scale. You can view the interview here. Some of the highlights include:To read this article in full or to leave a comment, please click here
Just what is a security operations and analytics platform architecture (SOAPA) anyway? In the past, most enterprises anchored their security analytics and operations with one common tool: Security Information and Event Management (SIEM) systems. Now, SIEM still plays a major role here, but many organizations are supplementing their security operations centers (SOCs) with additional data, analytics tools and operations management systems. We now see SOCs as a nexus for things like endpoint detection and response tools (EDR), network analytics, threat intelligence platforms (TIPs) and incident response platforms (IRPs). In aggregate, security operations is changing, driven by a wave of new types of sensors, diverse data sources, analytics tools and operational requirements. And these changes are driving an evolution from monolithic security technologies to a more comprehensive event-driven software architecture along the lines of SOA 2.0, where disparate security technologies connected with middleware for things like data exchange, message queueing and business-level trigger conditions. To read this article in full or to leave a comment, please click here
Just what is a security operations and analytics platform architecture (SOAPA) anyway? In the past, most enterprises anchored their security analytics and operations with one common tool: Security Information and Event Management (SIEM) systems. Now, SIEM still plays a major role here, but many organizations are supplementing their security operations centers (SOCs) with additional data, analytics tools and operations management systems. We now see SOCs as a nexus for things like endpoint detection and response tools (EDR), network analytics, threat intelligence platforms (TIPs) and incident response platforms (IRPs). In aggregate, security operations is changing, driven by a wave of new types of sensors, diverse data sources, analytics tools and operational requirements. And these changes are driving an evolution from monolithic security technologies to a more comprehensive event-driven software architecture along the lines of SOA 2.0, where disparate security technologies connected with middleware for things like data exchange, message queueing and business-level trigger conditions. To read this article in full or to leave a comment, please click here
The cybersecurity skills shortage is nothing new – I’ve been writing about it for years as have other analysts and researchers. I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. I keep writing about the cybersecurity skills shortage for one consistent and troubling reason – it ain’t getting any better. Here’s a few data points to back up this claim (note: I am an ESG employee): As part of ESG’s annual IT spending intentions research, we asked respondents (i.e. about 600 IT and cybersecurity professionals in North America, EMEA, and the Asia Pacific region) to identify the different IT areas where their organization has a “problematic shortage” of skills. Cybersecurity has been identified as the #1 “problematic shortage” area across all of IT for the past 6 years in a row. In 2017, 45% of organizations say they have a “problematic shortage” of cybersecurity skills. This is right in line with 2016 (46%), but these last two years represented a big Continue reading
The cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers. I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. RELATED: Akamai CSO takes a creative approach to finding security pros I keep writing about the cybersecurity skills shortage for one consistent and troubling reason: It ain’t getting any better. Here’s a few data points to back up this claim: To read this article in full or to leave a comment, please click here
The cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers. I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. RELATED: Akamai CSO takes a creative approach to finding security pros I keep writing about the cybersecurity skills shortage for one consistent and troubling reason: It ain’t getting any better. Here’s a few data points to back up this claim: To read this article in full or to leave a comment, please click here
When it comes to incident detection and response, enterprise organizations are collecting, processing and analyzing more security data through an assortment of new analytics tools—endpoint detection and response (EDR) tools, network analytics tools, threat intelligence platforms (TIPs), etc.When each of threat management or security analytics tools sees something suspicious, it generates a security alert, and therein lies the problem: Enterprise organizations are getting buried by an avalanche of security alerts. According to ESG research: When asked to identify their top incident response challenges, 36 percent of the cybersecurity professionals surveyed said, “keeping up with the volume of security alerts.” Forty-two percent of cybersecurity professionals say their organization ignores a significant number of security alerts because they can’t keep up with the volume. When asked to estimate the percentage of security alerts ignored at their organization, 34 percent say between 26 percent and 50 percent, 20 percent of cybersecurity professionals say their organization ignores between 50 percent and 75 percent of security alerts, and 11 percent say their organization ignores more than 75 percent of security alerts. Mama Mia, that’s a lot of security alerts left on the cutting room floor. All told, the ESG data indicates Continue reading
When it comes to incident detection and response, enterprise organizations are collecting, processing and analyzing more security data through an assortment of new analytics tools—endpoint detection and response (EDR) tools, network analytics tools, threat intelligence platforms (TIPs), etc.When each of threat management or security analytics tools sees something suspicious, it generates a security alert, and therein lies the problem: Enterprise organizations are getting buried by an avalanche of security alerts. According to ESG research: When asked to identify their top incident response challenges, 36 percent of the cybersecurity professionals surveyed said, “keeping up with the volume of security alerts.” Forty-two percent of cybersecurity professionals say their organization ignores a significant number of security alerts because they can’t keep up with the volume. When asked to estimate the percentage of security alerts ignored at their organization, 34 percent say between 26 percent and 50 percent, 20 percent of cybersecurity professionals say their organization ignores between 50 percent and 75 percent of security alerts, and 11 percent say their organization ignores more than 75 percent of security alerts. Mama Mia, that’s a lot of security alerts left on the cutting room floor. All told, the ESG data indicates Continue reading
Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017 (note: I am an ESG employee).Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note: The two ESG/ISSA research reports are available for free download here).To read this article in full or to leave a comment, please click here