Archive for June, 2012
Posted by John Burnham in In the Industry, Security Intelligence, SIEM
Gartner held its annual Security and Risk Management Summit, in Washington DC last week. This is always an excellent event to gauge the IT security market in general: attendance was up from last year according to Gartner, more sponsors, more attendees, and far more focus on targeted attacks. The headlines of the last twelve months confirm what we call the Year of the Breach.
More relevant to our patch, however: for the first time ever at this event, Security Intelligence and SIEM were called out during the opening keynote as "no longer nice to have but fundamental." SIEM and Security Intelligence have now been recognized across Gartner security for what we (and our customers) have known for years. More than three years ago, IBM developed the IBM Security Framework, and we positioned to Gartner as the foundation of our go-to-market and development strategy. It is great to see this message corroborated at the analyst firm's top security event, which I learned is their 2nd largest event behind Symposium. This fact is further evidence of the elevation of IT security challenges and prioritization in the marketplace.
Some highlights from the Summit:
- "Gartner predicts the global spend on security services to exceed $49B by 2015."
- During a SWOT on our major competitor the analyst listed this among that vendor's Threats: "IBM is becoming a security powerhouse."
- What IT event would be complete without discussions of Big Data? Security Intelligence' relevance to Big Data was prominent at the event:
Gartner definition: "Big Data is a class of information processing problem that, due to the volume, velocity, variety and complexity of the data, requires different approaches to support analytics to derive cost-effective, timely, business-relevant insight. However, Big Data in and of itself, is not our goal. Delivering risk-prioritized actionable insight is. To support the growing need for security analytics, changes in information security, people, technologies, integration methods and processes will be required, including security data warehousing and analytics capabilities, and an emerging role for security data analysts within leading edge enterprise information security organizations."
- Gartner also believes that a key driver of Security Intelligence is the "the shift to context-aware security": "To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the time a security decision is made." Gartner elaborates that context should be obtained from a range of sources, mirroring our announcement earlier this year about integrating various sources from the IBM security portfolio such as network security (IBM Network IPS), endpoint security (IBM EM/BigFix), IAM (IBM Identity Manager), mobile application security (IBM Mobile AppScan), and content/data security (IBM Guardium), in addition to threat intelligence (IBM X-Force).
- Gartner also mentions the need to incorporate flow data: "Vendors ... such as IBM/Q1 Labs ... collect large amounts of network packets and/or flows to support the analysis for anomalous activities."
- And finally, collecting all that context doesn't help unless you can also create actionable intelligence via analytics: "Some, such as IBM's Q1 Labs with its QRadar, provide a form of security analytics on top of its SIEM repository, which is a good example of how we believe the vendors will evolve to deliver Security Intelligence."
We couldn't have said it any better.
Posted by Tom Turner in Cybersecurity, Threat Management
There is a headline below the fold of today’s Wall Street Journal about a data company that processes financial transactions on behalf of many institutions. What caught my eye was not that the firm was flagged by the FDIC as needing improved security practices (good to see that happening proactively), but rather how the firm’s CEO has immediately responded. Three new executives have been appointed to oversee progress in the company’s security practices: Chief Audit Executive, Chief Risk Offer and a Chief Information Security Officer or CISO. This in itself is a different response than we are used to seeing; in days gone by the usual response was to bring in an external firm for a consulting engagement and then maybe the IT group would add some security expertise, but essentially the security response stayed down in the weeds.
Even more interesting about this particular firm’s response is that the three new executive positions report either to the CEO, or directly to the board of directors. They are not reporting to the CIO or somewhere else in the IT stack, they are truly line of business decision makers. These actions actually align to some of the findings in the IBM CISO Study that was recently released. The top 25% of responders to the survey were identified as “Influencers” and the notable fact about this group was how often they aligned directly with the company CEO or board.
In these types of organizations, security is seen as a business (versus technology) imperative. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations.
It is good to see the best practices from existing security organizations being swiftly put into action by the senior executives of a company. A great proof point that IT security clearly is a boardroom issue.
The latest on Cyber Security