Category: In the Industry
Posted by Melissa Stevens in Cybersecurity, In the Industry
As a part of IBM’s new Security Systems Division, Q1 Labs now has the privilege of working with some of the key thought leaders in information security today. One such benefit is our new relationship with the experts running the Institute for Advanced Security (IAS), a community that was designed to bring together leading experts, including researchers, executives, government officials, and policy experts, to collaborate and share their knowledge on security topics in order to facilitate the protection of key assets and critical infrastructure using next-generation security solutions.
One of these leaders is Jack Danahy, Director of Advanced Security at IBM. Jack is a national speaker and writer on network and data security, and holds patents in a variety of security technologies. He is also the founder and CEO/CTO of several security companies including Ounce Labs, a source code security analysis company that was acquired by IBM in 2009. Jack has also contributed to legislation on cybersecurity in both the US House and Senate, served on the board of the Payment Card Industry (PCI) Vendor Alliance, was the Vice Chair of the Vehicle Electrical System Security Committee for the Society of Automotive Engineers, and is a distinguished fellow at the Ponemon Institute.
Below is an excerpt from one of his recent posts on the IAS Expert Blog.
The Rising Role and Responsibility of the CISO
As technology and internetworking become intertwined in an increasingly complex mesh of enterprise projects, personnel, and partners, the security of the enterprise is becoming elevated to a new level of strategic importance as well.
IBM’s own VP of IT Risk, Kris Lovejoy, has taken the time to describe the impacts of these changing security pressures on the perceptions and practices of the CIO in a paper titled, “Security Essentials for CIOs” that you should read and share. While targeting the concerned CIO with a very consumable framework for considering security in a new and strategic light, I think that Kris’s articulation of the changing dynamics, responsibilities, and opportunities in play could very well be the manifesto of the next generation of CISO…
Click here to read the full post, and don’t forget to bookmark the site so you can stay up to date on the latest posts from our colleagues at the Institute for Advanced Security.
Posted by Todd Harris in In the Industry, Security Intelligence
According to a recent tweet from the well known hacktivist group Anonymous, they are back in action and taking requests. Then again, they never really were out of action, but with all the SOPA, PIPA, and now ACTA debates lately, they are making their voice heard.
Anonymous has always been vocal on many social media sites, but has never actually opened up for requests. This brings the concept of being a “target of choice” to a whole new level, don’t you think? Before the public onslaught of hactivism over the past year or so, it was assumed that these decisions about “who to hack” were taking place covertly in the background via encrypted messages, IRC, forum threads, etc. While it certainly is intimidating for the organizations being called out, it gives others warning that they might not have had before.
Looking back a couple years, would you have predicted hactivist organizations exposing themselves on social sites such as Facebook, Twitter, and YouTube to gain a consensus on who their next target(s) should be?
Posted by John Burnham in Cybersecurity, In the Industry, SIEM
This is the traditional time of year for Predictions of all sorts. One of my favorites was from the late, great George Carlin, AKA “The Hippy Dippy Weatherman“: “Today’s weather forecast is for gradual brightening in the morning, increasing throughout the day, with gradual darkening through the evening into late night, when the pattern repeats itself.”
In security, it could go something like: “The forecast is for continued escalation of targeted attacks by nation states, professionals, insiders and hacktivists. Occupy Data today announced…”
Here are a few excerpts from real forecasts.
ABC News: “Big companies and government agencies likely will have to rethink their approach to tech security in the wake of the disbanding of hacktivist group LulzSec, security analysts say. Spending on information technology security already is growing faster than spending on general technology. And corporate and government tech buyers will have to dole out even more to defend against profit-minded cyber thieves and spies looking to swipe state and corporate secrets. In fact, global spending on security products and services is expected to reach $71 billion by 2014, up from $55 billion today, according to Lawrence Pingree, research director for Gartner.”
And the professional prognosticators forecast increased investment in tools, solutions, services and systems as a result:
Canalys ended 2011 by announcing the results of its latest enterprise security forecast, indicating that total investment is expected to grow 8.7% year-on-year in 2012 to reach a market value of $22.9 billion worldwide.
- Eighteen percent of respondents say they are not PCI-compliant, even though the data suggests they should be.
- Thirty-three percent of respondents are expecting their overall IT budgets to increase this year.
- Spending on personnel has decreased by 3% this year, which will result in higher expectations by organizations for better integration and automation from their technology purchases.
- In this year’s survey, IT security-specific budget allocations have climbed by 4% to a mean of 10.52% of the total IT budget.
We see all of this as evidence that technologies such as data loss prevention (DLP), device control, database activity monitoring (DAM), security information and event management (SIEM) and IT governance, risk and compliance management (GRCM) tools stand poised for strong growth as respondents have indicated they rank them as priorities.
The numbers might be various, but they are all big and getting bigger.
Share your predictions in the comments below.
Posted by Michael Applebaum in In the Industry, Security Intelligence, Webinars
The value of advanced security solutions might be apparent to infosec professionals, but they often need to justify such purchases to senior management. Budgets are always tight and the CISO, let alone the CIO, can only fund a fraction of the project proposals he receives. That’s why customers often ask us to help them estimate the return on investment (ROI) provided by SIEM and Security Intelligence.
We recently had the pleasure of working with IANS Research, who performed a study of the Return on Security (ROS) obtained by Q1 Labs customers. IANS faculty member Diana Kelley joined me in a lively webinar last week, in which she revealed those findings and shared tips on how organizations can perform their own ROS estimates.
I gleaned two critical sets of information from the white paper and webinar:
- A formal structure for analyzing the costs and benefits associated with Security Intelligence deployments
- Hard data (costs and benefits) based on the experiences of Q1 Labs customers
With these two elements, you have the foundation to conduct your own ROI / ROS analysis. View the webinar today to see how.
In the interest of sharing best practices, we’d also like to hear from you, our valued readers. How have you conducted ROI and ROS analyses in your own organization?
Posted by Melissa Stevens in Cybersecurity, Federal, In the Industry, Q1 Labs
Everyone likes recognition, especially when it comes directly from senior IT executives from across the federal government.
Yesterday it was announced that the Government Technology Research Alliance (GTRA) has named Q1 Labs the “Best Info Security Solution.” This special recognition is notable as it was the senior IT executives, deputy directors, CIOs and CTOs of major government agencies in attendance at their semi-annual council meeting that voted. These executives are tasked with improving their cyber security posture and better managing costs to do so.
This award also makes us eligible for another honor, the GovTek Award. Winners of this award will be announced on February 2, 2012, and will be selected by members of the government IT community.
Why were we chosen for this honor? GTRA explains, “Q1 Labs won the ‘Best Info Security Solution’ award for their collaboration with government in their boardroom, ‘Security Intelligence for Government Agencies,’ discussing cost-effective solutions using existing platforms in addition to integrating new applications allowing the visibility of potential vulnerabilities.”
Read more details in the GTRA announcement. Click here to learn about other ways Q1 Labs is working with government agencies to defend their infrastructure against theft, breach and vulnerabilities.
The latest on Cyber Security