Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets

  • Managed security services will take center stage at Black Hat

    Network World - Networking Nuggets and Security Snippets
    Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA security conference circa 2012 or so. This is an accurate comparison from an attendance perspective, but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs); threat intelligence; and defensive playbooks. Rather than hosting lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.To read this article in full, please click here

  • Network traffic analysis tools must include these 6 capabilities

    Network World - Networking Nuggets and Security Snippets
    When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say NTA is a “first line of defense” for detecting and responding to threats. (Note: I am an ESG employee.)  As cybersecurity professionals often state, “the network doesn’t lie.” Since cyber attacks use network communications for malware distribution, command and control, and data exfiltration, trained professionals should be able to spot malicious activity with the right tools, time, and oversight.
    [ Also read: Must-have features in a modern network security architecture | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here

  • How organizations are bridging the cyber-risk management gap

    Network World - Networking Nuggets and Security Snippets
    Cyber-risk management is more difficult today than it was two years ago. So say 74% of cybersecurity professionals in a recent ESG research survey. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries. (Note: I am an ESG employee.) OK, so there’s a cyber-risk management gap at most organizations. What are they going to do about it? The research indicates that:
    34% will increase the frequency of cyber-risk communications between the CISO and executive management. Now, more communication is a good thing, but CISOs must make sure they have the right data and metrics, and this has always been a problem. I see a lot of innovation around some type of CISO cyber-risk management dashboard from vendors such as Kenna Security, RiskLens (supporting the Factor Analysis of Information Risk (FAIR) standard), and Tenable Networks. Over time, cyber-risk analytics will become a critical component of a security operations and analytics platform architecture (SOAPA), so look for vendors such as Exabeam, IBM, LogRhythm, MicroFocus (ArcSight), Splunk, and SumoLogic to make investments in this area. 
    32% will initiate a project for sensitive data discovery, classification, and security controls. Gaining greater control of sensitive data is always a good idea, yet many organizations never seem to get around to this. Why? It’s really, really hard work. This is another area ripe for more VC investment. Rather than paying Accenture, E&Y, or PWC millions, we need tools that can help automate data discovery and classification – especially as organizations ramp up on data privacy.
    31% plan to hire more cybersecurity staff. That's a sound idea, but it is difficult to execute. According to recent research from ESG and the Information Systems Security Association (ISSA), 73% of organizations have been impacted by the cybersecurity skills shortage, and these firms are already competing for talent. My advice to CISOs is to assume they won’t have the right skills or an adequate staff size in every area – including bridging the cyber-risk management gap.
    31% want to increase security awareness training for employees. Also a great idea, but too many firms treat security awareness training as a “check-box” exercise. To really make an impact, CEOs must become cybersecurity cheerleaders and establish a cybersecurity culture throughout the organizations. 
    29% will conduct more penetration testing and red teaming exercises. ESG data demonstrates that penetration testing and red teaming are extremely beneficial, but few organizations have the internal skills to do those things well and it can be costly to hire third-party services. I’m bullish on an emerging category I call synthetic cyber-risk assessment (SCRA) from vendors such as AttackIQ, Randori, SafeBreach, and Verodin. 

    It’s important to remember that cyber-risk management is job #1 for every CISO. Yes, business executives are willing to spend more money on cybersecurity, but they increasingly want to target this spending on protecting their most critical digital assets and need help measuring ROI on these investments. Therefore, it’s no exaggeration to say that bridging the cyber-risk management gap may be the most important task for CISOs in 2019 and beyond. To read this article in full, please click here

  • Must-have features in a modern network security architecture

    Network World - Networking Nuggets and Security Snippets
    Early in my high-tech career, Sun Microsystems was thought of as a computing visionary. Sun coined an intriguing company’s tag line early on: "The network is the computer." What did that mean? It meant IT infrastructure was linked together in a loosely-coupled architecture, tied together via networking technologies such as Ethernet cables and the TCP/IP protocol. Thus, it was critical to engineer the network correctly to maximize network availability, performance, and business benefits.Yes, things have changed since the early 1990s. Some networks live in the cloud, some are virtual, and some rely on application-to-application connections, but networks still connect IT systems together in one way or another.To read this article in full, please click here

  • AWS re:Inforce 2019: Amazon shows its dedication to cloud security

    Network World - Networking Nuggets and Security Snippets
    I spent the last few days at AWS re:Inforce 2019 in Boston, the first AWS security conference presented by Amazon Web Services (AWS). It was also the first AWS event that I've been to, and I came away with a few strong impressions:
    Amazon is putting a lot of skin in the game. Amazon is not really a security technology vendor, yet it organized and sponsored a top-notch cybersecurity conference that attracted about 7,000 attendees. There are several big cybersecurity technology and services vendors who haven’t gone nearly this far, so in my humble opinion, the AWS folks deserve credit here. Why go to all this trouble for cybersecurity? Because Amazon wants its fingerprint on the cloud security narrative and technology direction. Given its market leader position, what’s good for Amazon cybersecurity should be good for cloud security in general.
    Amazon wants customers and prospects to know that AWS security has them covered. Yes, there is still a shared responsibility model for cloud security, but Amazon wants CISOs to know that they can confidently move their most sensitive workloads to AWS. To underpin this message, AWS CISO Steve Schmidt highlighted security services such as Amazon GuardDuty (threat detection/continuous monitoring), AWS Security Hub (an alert monitoring dashboard across AWS accounts), Amazon Inspector (automated security assessment), and Amazon Macie (a machine language-based tool to discover, classify, and protect sensitive data). Schmidt hammered his points about sensitive data protection by further emphasizing that the Amazon cryptographic stack spans up and down the OSI stack, protecting sensitive data as it crisscrosses AWS data centers. Finally, Amazon paraded out customers such as CapitalOne and Liberty Mutual to demonstrate that large enterprises have already bought into AWS security coverage.
    Partners are welcome. The show floor was packed with name-brand security vendors eager to demonstrate product support and integration with AWS. Aside from tradeshow traffic, Amazon also made several announcements for partners to build upon. For example, Amazon announced a VPC traffic-mirroring feature, enabling customers to mirror EC2 instance traffic within Amazon Virtual Private Cloud (VPC) and then forward that traffic to security and monitoring appliances. Partners such as Corelight, Fidelis, and Riverbed jumped on this, supporting this new service with their network traffic analytics tools. As for the AWS marketplace, Amazon’s goal is to get every security software vendor that matters to participate. To make this happen, Amazon employs a team to recruit vendors, provide development support, and work them into go-to-market programs. 

    Clearly, Amazon wants to lead and disrupt the security market, and the company is willing to resource this effort on a continual basis. As proof, Schmidt announced re:Inforce 2020 in Houston a year from now. Meanwhile, Amazon will use its re:Invent to reinforce AWS security technologies and positioning in December.To read this article in full, please click here

  • Cybersecurity pros' haphazard participation in data privacy raises concern

    Network World - Networking Nuggets and Security Snippets
    Before the General Data Protection Regulation (GDPR) became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.GDPR changed everything. Data privacy was no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team.  CISOs were asked to utilize their operational expertise to help operationalize data privacy programs. To read this article in full, please click here

  • Security shines at Cisco Live

    Network World - Networking Nuggets and Security Snippets
    Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my take-aways:
    Network changes drive security. Cisco believes that network infrastructure is rapidly changing, driven by SD-WAN, direct internet access (DIA), and user mobility. These changes will drive emerging technologies such as Wi-Fi 6 and 5G, and Cisco says organizations will look to bolster network security as they transition their network infrastructure. Thus, Cisco is baking security into networking products like Meraki and Viptella and introducing a cloud-based secure internet gateway (SIG) to safeguard users regardless of their location. These changes should help Cisco sell networking and security products while bridging the collaboration gap between cybersecurity and network operations teams. 
    Cisco’s security portfolio is much broader than people think. Common wisdom is that Cisco makes all its security money selling firewalls and IDS/IPS. Yes, it is a market leader in those areas, but the company’s portfolio is far broader than perimeter network security. For example, Cisco is gaining share with AMP for endpoints, Tetration for micro-segmentation, and Duo for multi-factor authentication (MFA). Like other large security vendors, Cisco is focused on product integration and interoperability. To accomplish this goal, Cisco provides a unified front-end with Cisco threat response (CTR) that amalgamates products for threat hunting and security investigations. Cisco products are also back-ended by Talos, providing threat intelligence feeds that complement individual product alerts. The company offers different types of enterprise licensing models, so its customers can easily consume all its wares.
    Zero-trust is a major part of Cisco’s strategy. Everyone’s talking about zero-trust these days, but trusted network connections are really nothing new. Furthermore, zero-trust is where networking meets security – an intersection that gives Cisco a homecourt advantage. Cisco is responding to market demand for zero-trust in three areas: the workforce (secure user/device connections to applications), workload (secure connections between applications across hybrid infrastructure), and workplace (secure all network connections). Cisco covers these three use cases with Duo, Tetration, and its SD-Access products today and plans to provide an integrated end-to-end solution over time.
    Cisco gets cloud-delivered security. Yes, Cisco still sells a lot of network security devices, but its security offerings are increasingly cloudy. The best example of this is Umbrella, Cisco’s DNS security offering that helps companies block connections to rogue domains. Cisco has expanded Umbrella to include SIG, a cloud-based proxy that can protect corporate, branch office, and roaming users. On another note, Cisco takes advantage of the cloud to offer a consolidated management plane called Cisco Defense Orchestrator (CDO). CDO can be used for common configuration and policy management across Cisco ASA firewalls and will soon include support for Firepower and Meraki products.  Over time, CDO will cover more and more of Cisco’s portfolio, helping customers streamline and accelerate security operations across all their Cisco security products and SaaS. 
    Cisco is serious about customer experience (CX). Rather than just selling products, Cisco wants to work hand in hand with customers throughout the product lifecycle and help them consume Cisco technology to its fullest. This means a lot more bundling of security products with staff augmentation and managed services. Of course, CX is a big cultural change for the company, and the initiative is still in its early stages. Nevertheless, CX should be especially welcome by CISOs haunted each day by the global cybersecurity skills shortage. 

    Still some work to do
    Cisco is quietly executing on its cybersecurity strategy and is poised to be a $5 billion-plus player by 2022. To achieve that level of success, however, Cisco should do the following:To read this article in full, please click here

  • The most stressful aspects of being a cybersecurity professional

    Network World - Networking Nuggets and Security Snippets
    Talk with any cybersecurity professional, and you're sure to hear them talk about the challenges they're up against. What stresses them out the most? Keeping up with the security needs of new IT initiatives.That's according to a third annual research report, The Life and Times of Cybersecurity Professionals, recently published by ESG and the Information Systems Security Association (ISSA). (Note: I am an ESG employee.)To read this article in full, please click here

  • Cybersecurity professionals are no match for cyber-adversaries

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity professionals are paranoid by nature. That’s not a bad thing; it’s a job requirement. We want our cybersecurity team to “think like the enemy” to discover and remediate vulnerabilities as rapidly as they possibly can. Aside from this cynicism, my cybersecurity friends also take great pride in what they do. Like Elliot Alderson from the TV series, “Mr. Robot,” many cybersecurity professionals want to save the world (from hackers and the like).
    [ Read also: How to outwit attackers using two Windows registry settings | Get the latest from CSO: Sign up for our newsletters ]To read this article in full, please click here

  • Is the cybersecurity skills shortage getting worse?

    Network World - Networking Nuggets and Security Snippets
    I’ve been writing about the cybersecurity skills shortage for seven years and have become the “Chicken Little” of this topic. Now, we’ve all read about the number of cybersecurity job openings out there, but what is the impact of the skills shortage on cybersecurity professionals who are gainfully employed?This is one of the focus areas of the third annual ESG/ISSA research report titled, The Life and Times of Cybersecurity Professionals. (Note: I am an ESG employee.) To evaluate this question, 267 cybersecurity professionals and ISSA members were asked whether the cybersecurity skills shortage has had an impact on the organization they work at. Nearly three-fourths (74%) of respondents say the cybersecurity skills shortage has impacted their organizations “significantly” or “somewhat.” To read this article in full, please click here