Jon Oltsik
Author Archives: Jon Oltsik
- Home → Author's archive:
Jon Oltsik
0
Commuting Chelsea Manning’s sentence was just and proper
Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the U.S. government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq. The President’s decision to commute Manning’s sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement. Just today, President Trump on Twitter referred to Manning as an “ungrateful traitor” who should have never been released from prison.To read this article in full or to leave a comment, please click here
0
Commuting Chelsea Manning’s sentence was just and proper
Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the U.S. government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq. The President’s decision to commute Manning’s sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement. Just today, President Trump on Twitter referred to Manning as an “ungrateful traitor” who should have never been released from prison.To read this article in full or to leave a comment, please click here
0
Many Organizations Still Opt for “Good Enough” Cybersecurity
Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents. The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here
0
Many Organizations Still Opt for “Good Enough” Cybersecurity
Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents. The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here
0
Many organizations still opt for ‘good enough’ cybersecurity
Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents. The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents, so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here
0
Endpoint Security in 2017
Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017 and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches, and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Rd. to throw VC dollars at anything that hinted at endpoint security innovation.Okay, I get the need for more than signature-based AV but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume a lot of M&A activity and outright business failures this year. To read this article in full or to leave a comment, please click here
0
Endpoint security in 2017
Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017, and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Road to throw VC dollars at anything that hinted at endpoint security innovation.OK, I get the need for more than signature-based AV, but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume we'll see a lot of M&A activity and outright business failures this year. To read this article in full or to leave a comment, please click here
0
Thoughts on incident response automation and orchestration
Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me: 1. IR is still often anchored by basic tools, manual processes, and key personnel. While trouble ticketing and ITSM tools are pervasive and fairly mature, too many enterprise organizations still “ham and egg” it through incident response. In other words, they rely on paper forms, spreadsheets, email handoffs, and some socially-challenged security analyst who’s really good a finding compromised systems and malicious network traffic. To read this article in full or to leave a comment, please click here
0
Thoughts on incident response automation and orchestration
Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me:1. IR is still often anchored by basic tools, manual processes, and key personnel. While trouble ticketing and ITSM tools are pervasive and fairly mature, too many enterprise organizations still “ham and egg” it through incident response. In other words, they rely on paper forms, spreadsheets, email handoffs and some socially challenged security analyst who’s really good a finding compromised systems and malicious network traffic. To read this article in full or to leave a comment, please click here
0
Cybersecurity Pros to Trump: Critical Infrastructure Is Very Vulnerable to a Cyber-Attack
Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:"Whether it is our government, organizations, associations or business we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here
0
Cybersecurity Pros to Trump: Critical Infrastructure Is Very Vulnerable to a Cyber-Attack
Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:"Whether it is our government, organizations, associations or business we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here
0
Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack
Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following: "Whether it is our government, organizations, associations or business, we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here
0
Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack
Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following: "Whether it is our government, organizations, associations or business, we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here
0
2017: The Year of Cybersecurity Scale
It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe that 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they’ve had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here
0
2017: The Year of Cybersecurity Scale
It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe that 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they’ve had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here
0
2017: The year of cybersecurity scale
It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now, I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they’ve had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here
0
2017: The year of cybersecurity scale
It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now, I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they’ve had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here
0
Security Data Growth Drives SOAPA (Security Operations and Analytics Platform Architecture)
Happy new year cybersecurity community! Hope you are well rested, it’s bound to be an eventful year ahead.Way back when at the end of November 2016, I posted a blog about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their SOCs. This will continue but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (i.e. security operations and analytics platform architecture). SOAPA uses middleware (i.e. message queueing, transaction processing, etc.), APIs, and industry standards like CybOX, STIX, and TAXII to connect disparate cybersecurity analytics and operations tools and data sources like EDR, network security analytics, UBA/machine learning analytics systems, vulnerability scanners, security asset management, anti-malware sandboxes/cloud services, incident response platforms, and threat intelligence into a cohesive software architecture. In this way, disparate analytics tools can be used collectively to gain more context out of the data while accelerating processes and cybersecurity operations.To read this article in full or to leave a comment, please click here
0
Security Data Growth Drives SOAPA (Security Operations and Analytics Platform Architecture)
Happy new year cybersecurity community! Hope you are well rested, it’s bound to be an eventful year ahead.Way back when at the end of November 2016, I posted a blog about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their SOCs. This will continue but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (i.e. security operations and analytics platform architecture). SOAPA uses middleware (i.e. message queueing, transaction processing, etc.), APIs, and industry standards like CybOX, STIX, and TAXII to connect disparate cybersecurity analytics and operations tools and data sources like EDR, network security analytics, UBA/machine learning analytics systems, vulnerability scanners, security asset management, anti-malware sandboxes/cloud services, incident response platforms, and threat intelligence into a cohesive software architecture. In this way, disparate analytics tools can be used collectively to gain more context out of the data while accelerating processes and cybersecurity operations.To read this article in full or to leave a comment, please click here
0
Security data growth drives SOAPA
Happy new year, cybersecurity community! I hope you are well rested; it’s bound to be an eventful year.Way back when at the end of November 2016, I wrote a blog post about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their security operations centers (SOCs). This will continue, but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (security operations and analytics platform architecture). To read this article in full or to leave a comment, please click here