Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • A common user interface for security operations?

    Network World - Networking Nuggets and Security Snippets
    For years, enterprises have dealt with security analytics and operations using an assortment of point tools.  According to research by my employer ESG, 35% of organizations today use more than 26 such commercial, homegrown, and/or open source tools in their security operations center (SOC).To read this article in full, please click here(Insider Story)
  • 4 big changes coming to cybersecurity in 2020 and beyond

    Network World - Networking Nuggets and Security Snippets
    As 2019 winds down, security analysts like me tend to compile a lists of industry predictions.  I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology.  These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.To read this article in full, please click here(Insider Story)
  • 3 actions to take during cybersecurity awareness month

    Network World - Networking Nuggets and Security Snippets
    Are you aware that October is national cybersecurity awareness month?  If you aren’t, you’re not alone.  There’s lots of cybersecurity awareness activities in DC, some states, and Universities, but it’s all but ignored by the industry at large. To read this article in full, please click here(Insider Story)
  • Cyber-risk management is about to get easier

    Network World - Networking Nuggets and Security Snippets
    Cyber-risk management is more difficult at organizations today than it was two years ago. So say 73% of security professionals in a recent ESG research survey. (Note: I am an ESG employee.) Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber adversaries. How can organizations mitigate growing cyber risks? One common way is to get a better handle on the strength of existing cyber defenses through exercises such as red teaming and penetration testing. To read this article in full, please click here
  • SOAPA vs. SOAR: How these security terms differ

    Network World - Networking Nuggets and Security Snippets
    I came up with the security operations and analytics platform architecture (SOAPA) concept in late 2016. In November of that year, I wrote about how SIEM systems were becoming part of SOAPA.As a review, SOAPA is a bottom-up architecture featuring:
    Common distributed data service. SOAPA creates a common data pipeline for high volumes of batch and streaming data. In this way, SOAPA can accommodate massive amounts of security data for all types of analytics – from real-time threat detection to long-term retrospective investigations spanning months' or even years' worth of security data. 
    Software services and integration layer. This layer serves as a bridge between security data and analytics engines that consume the data. In simple terms, the software services and integration layer delivers security data to analytics engines when they want it and in the format they want.
    Analytics layer. Security data is scrutinized by a variety of security tools that monitor endpoint processes, network behavior, threat intelligence patterns, or all these areas at once. The SOAPA analytics layer is designed for efficient monitoring and analysis of all security data to help SOC teams accelerate threat detection, pinpoint problems, and prioritize actions.
    Security operations platform layer. When security analytics discover a problem, it can then hand off remediation tasks to the security operations platform layer. The top layer of the SOAPA stack is programmable and can be instrumented to take automated actions, such as gathering data for an investigation, blocking a network connection, or opening a trouble ticket in a case management system. Security remediation operations can also be orchestrated to take actions across multiple security controls, such as firewalls, network proxies, web or DNS gateways, etc. Finally, the security operations layer acts as a workbench for SOC analysts for complex operations that require manual intervention. 


    [ Read also: The 5 CIS controls you should implement first | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here
  • Can VMware become a leading cybersecurity vendor?

    Network World - Networking Nuggets and Security Snippets
    When you think about VMware and cybersecurity, two products have always stood out. NSX, which has evolved into a common micro-segmentation tool for east/west traffic within ESXi, and AppDefense, which monitors applications, determines “normal” behavior, and detects anomalies.Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Because despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware salespeople have a cursory understanding of the company’s security capabilities, while partners often complain that beyond its Palo Alto, California, headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.To read this article in full, please click here
  • Examining and addressing threat detection and response challenges

    Network World - Networking Nuggets and Security Snippets
    Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]
    Given this, you’d think that threat detection and response would be well resourced with highly tuned processes running as efficiently as a Swiss watch. Unfortunately, this is far from true. According to ESG research, threat detection and response is fraught with numerous issues (note: I am an ESG employee). Here is a list of the top five threat detection and response challenges, according to 372 enterprise cybersecurity and IT professionals:To read this article in full, please click here
  • Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope

    Network World - Networking Nuggets and Security Snippets
    Organizations worry more about the volume and sophistication of cyber attacks and are confused about what tools to use. It's not all bad news, though, as this year's Black Hat highlighted several security advancements, including greater emphasis on application security and automating security operations. Here are my take-aways from this year's event:
    The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-bangers.
    The scary factor. In a recent ESG research project, 76% of organizations claim that threat detection and response is more difficult today than it was two years ago. More than one-third (34%) say the volume and sophistication of attacks has increased, while 16% claim that the attack surface has grown. Both issues were front and center at Black Hat. For example, we are seeing attacks on cloud infrastructure like the theft of developer passwords on GitHub, break-ins on Amazon S3 buckets, and exploitation of internet of things (IoT) device vulnerabilities. None of the adversary tactics, techniques, and procedures (TTPs) are new, but the cybersecurity diaspora is being asked to safeguard more new stuff all the time. This imbalance is a recipe for disaster, and all CISOs should have a formal plan for bridging this gap. 
    Everything is in play. Cybersecurity technology is installed everywhere – on hosts, networks, virtual infrastructure, in the cloud, etc. A lot of this infrastructure has been in place for years, but much has reached a point of obsolescence. Old antivirus software is being replace by endpoint security suites instrumented with machine learning algorithms and EDR capabilities. Network security devices are giving way to virtual network security services that span physical, virtual, and cloud-based infrastructure with central management and distributed enforcement. Individual security analytics tools are coming together in security operations and analytics platform architectures (SOAPA). All these changes are muddying messages and confusing the industry at large. Rather than a security technology flea market, we need some clarity on new types of security technology architectures for the 2020s at next year’s shows (i.e. RSA and Black Hat).

    3 ways security is improving
    While there is a lot of work ahead, all is not doom and gloom. Here are a few positive observations from Black Hat 2019:To read this article in full, please click here
  • Looking for answers at Black Hat 2019: 5 important cybersecurity issues

    Network World - Networking Nuggets and Security Snippets
    Judging by last week’s Capital One breach and Equifax settlement, cybersecurity remains a topical, if not ugly, subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community gets together this week in Las Vegas for Black Hat and DEF CON to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. [ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]
    I’ll be there along with an assortment of my ESG colleagues. Here are some of the things we’ll be looking for:To read this article in full, please click here
  • Security analytics: It’s all about the data

    Network World - Networking Nuggets and Security Snippets
    Security data collection, processing, and analysis has exploded over the past five years. In fact, recent ESG research into security analytics found 28% of organizations claim they were collecting, processing, and analyzing significantly more security data than they did two years ago, while another 49% were collecting, processing, and analyzing somewhat more data during the same timeframe (note: I am an ESG employee).What type of data? You name it. Network metadata, endpoint activity data, threat intelligence, DNS/DHCP, business application data, etc. Additionally, let’s not forget the onslaught of security data from IaaS, PaaS, and SaaS.
    [ Read also: 2019 will be the year of cloud-based cybersecurity analytics/operations | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here