"Every emergency today is the result of a bad decision yesterday." - Jeff Pollard on our webcast

Our guest, Jeff Pollard, Principal Analyst, Security and Risk at Forrester, joined me to discuss the modern challenges network security professionals are experiencing today. Many network security architectures still look like they did five or ten years ago, even though technology has evolved considerably. Organizations find themselves backhauling data to legacy secure web gateways, and paying the price for increased bandwidth backhaul and additional hardware as their organizations grow and become more distributed. Even worse is many security decision makers feel like there are only two options: staying the course and continuing to pay for decisions made based on legacy systems, or believing their only option is to rebuild their network from the ground up to move to a cloud solution.

READ MORE [fa icon="chevron-right"]

Part II – Identity

As the business world continues to embrace cloud and mobile technologies, and any semblance of a secure network perimeter is being obliterated, it is imperative for cyber security pros to focus their efforts on the technologies and techniques that will have the greatest impact in the shortest amount of time for the greatest number of users. This is why focusing on identity management is increasingly seen as a sound cyber security practice. In a perimeter-less world, if you can know what people are doing on the network and can limit that activity and their access based on roles or other privileges, you will be far more able to thwart a cyberattack before it gets out of hand or even gets started.  According to one highly placed security industry CTO, "If you could achieve that guarantee at all times, your problems would more-or-less be solved. And identity is foundational in that regard." 

READ MORE [fa icon="chevron-right"]

 Part I – Visibility

As has been made abundantly clear by the 2016 presidential election, hacking has entered new territory. This land grab shouldn't come as a surprise to anyone responsible for cyber security but, if it does, what they need to realize is cyber security today is about a lot more than protecting a few credit card numbers. Thankfully, the seriousness of countering these bad actors is finally getting the Board Room notice it deserves. So now that a beachhead in the battle for basic awareness is finally being established, the focus can shift to mounting an effective counter-offensive? We use this term deliberately. Up until the past few years, most cyber security measures have been defensive in nature: firewalls, IDS/IPS, anti-virus, monitoring, alterting, etc. According to analyst Zeus Kerravala writing NetworkWorld, the average company deploys security products from 32 different vendors.

READ MORE [fa icon="chevron-right"]

Traditional cybersecurity approaches revolve around building a defensive posture. Cybercriminals come up with new, inventive ways to break into networks, and cybersecurity professionals scramble to stop them.
But what if you flipped this approach on its head? What if rather than a defensive approach, you went on the offensive? Is that even possible?

READ MORE [fa icon="chevron-right"]

For IT security professionals today, one thing that is of minimal concern is an attack that goes undetected. That certainly is a concern, but it's trivial compared with the much bigger threat: an attack that is detected by software but is ignored by IT staff. The problem of systems that over-alert is huge and amounts to a much bigger threat than almost anything else.

READ MORE [fa icon="chevron-right"]

A new article in Data Center Knowledge, Are Security Data Breaches Hastening a Shift to the Cloud?, poses the interesting hypothesis that the continuous parade of data breaches, rather than discouraging cloud computing adoption, is actually prompting more organizations to embrace the cloud. This is an interesting take on security in the cloud, because organizations more often have expressed concern about a lack of cloud security, citing it as a reason for not embracing the cloud.

READ MORE [fa icon="chevron-right"]

A new survey by the consulting firm NTT Com Security illustrates how some organizations seem poorly prepared to protect their data in spite of many highly publicized data breaches in the last few years. The survey included 1,000 business executives from both US and European firms and found that a majority of them not only feel ill-prepared to protect their data, they fully expect to be victims of an attack. Other findings should prove equally stunning to even the most jaded security industry veteran. Keep in mind, it’s pretty safe to assume that these executives are aware of the data breaches at Target, Anthem, Sony, JP Morgan Stanley, etc. And it’s not that they think it won’t happen to them, it’s almost as if they accept the inevitability of a data breach. Here are some other revelations from the survey:

READ MORE [fa icon="chevron-right"]

A new article in Network World, by John Oltsik, Heterogeneous Multi-Dimensional Cloud Security, speaks to the challenges confronting CISOs as they face the phenomenal speed of cloud adoption by organizations in every industry. The article cites ESG research who determined that 75% of organizations are using various cloud-based services ranging from SaaS (software-as-a-service) to PaaS (platform-as-a-service) and many in between. The author believes that cloud security issues will be in the forefront at the upcoming RSA event and that CISOs have concerns about the wholescale move of so many processes to the cloud.

READ MORE [fa icon="chevron-right"]

Imagine your tooling down the freeway in your fancy new car when suddenly it’s being commandeered by hackers, who demand ransom or they will steer you into oncoming traffic. If you try to pull over, you can’t, the steering wheel is no longer under your control. You slam on the breaks, but get no response. This may sound like a script for some futuristic doomsday movie, but it’s more real than anyone would like to imagine. This scenario was actually played out by researchers Charlie Miller and Chris Valasek, who in 2014, hacked a vehicle and took over its operation.

READ MORE [fa icon="chevron-right"]

A recent story on siliconangle.com, Cloud Computing Becoming a Core Competency for 2016, covers a survey of IT professionals on the growth of cloud computing. The analyst who helped architect the survey said that “cloud computing is becoming a core IT and business competency.” He explained that cloud computing is not only influencing how companies develop their products, it is having an impact on IT industry functioning in general.

READ MORE [fa icon="chevron-right"]