Category: In the Industry
Posted by Heather Howland in In the Industry, Security Intelligence
According to a recent tweet from the well known hacktivist group Anonymous, they are back in action and taking requests. Then again, they never really were out of action, but with all the SOPA, PIPA, and now ACTA debates lately, they are making their voice heard.
Anonymous has always been vocal on many social media sites, but has never actually opened up for requests. This brings the concept of being a “target of choice” to a whole new level, don’t you think? Before the public onslaught of hactivism over the past year or so, it was assumed that these decisions about “who to hack” were taking place covertly in the background via encrypted messages, IRC, forum threads, etc. While it certainly is intimidating for the organizations being called out, it gives others warning that they might not have had before.
Looking back a couple years, would you have predicted hactivist organizations exposing themselves on social sites such as Facebook, Twitter, and YouTube to gain a consensus on who their next target(s) should be?
Posted by John Burnham in Cybersecurity, In the Industry, SIEM
This is the traditional time of year for Predictions of all sorts. One of my favorites was from the late, great George Carlin, AKA “The Hippy Dippy Weatherman“: “Today’s weather forecast is for gradual brightening in the morning, increasing throughout the day, with gradual darkening through the evening into late night, when the pattern repeats itself.”
In security, it could go something like: “The forecast is for continued escalation of targeted attacks by nation states, professionals, insiders and hacktivists. Occupy Data today announced…”
Here are a few excerpts from real forecasts.
ABC News: “Big companies and government agencies likely will have to rethink their approach to tech security in the wake of the disbanding of hacktivist group LulzSec, security analysts say. Spending on information technology security already is growing faster than spending on general technology. And corporate and government tech buyers will have to dole out even more to defend against profit-minded cyber thieves and spies looking to swipe state and corporate secrets. In fact, global spending on security products and services is expected to reach $71 billion by 2014, up from $55 billion today, according to Lawrence Pingree, research director for Gartner.”
And the professional prognosticators forecast increased investment in tools, solutions, services and systems as a result:
Canalys ended 2011 by announcing the results of its latest enterprise security forecast, indicating that total investment is expected to grow 8.7% year-on-year in 2012 to reach a market value of $22.9 billion worldwide.
- Eighteen percent of respondents say they are not PCI-compliant, even though the data suggests they should be.
- Thirty-three percent of respondents are expecting their overall IT budgets to increase this year.
- Spending on personnel has decreased by 3% this year, which will result in higher expectations by organizations for better integration and automation from their technology purchases.
- In this year’s survey, IT security-specific budget allocations have climbed by 4% to a mean of 10.52% of the total IT budget.
We see all of this as evidence that technologies such as data loss prevention (DLP), device control, database activity monitoring (DAM), security information and event management (SIEM) and IT governance, risk and compliance management (GRCM) tools stand poised for strong growth as respondents have indicated they rank them as priorities.
The numbers might be various, but they are all big and getting bigger.
Share your predictions in the comments below.
Posted by Michael Applebaum in In the Industry, Security Intelligence, Webinars
The value of advanced security solutions might be apparent to infosec professionals, but they often need to justify such purchases to senior management. Budgets are always tight and the CISO, let alone the CIO, can only fund a fraction of the project proposals he receives. That’s why customers often ask us to help them estimate the return on investment (ROI) provided by SIEM and Security Intelligence.
We recently had the pleasure of working with IANS Research, who performed a study of the Return on Security (ROS) obtained by Q1 Labs customers. IANS faculty member Diana Kelley joined me in a lively webinar last week, in which she revealed those findings and shared tips on how organizations can perform their own ROS estimates.
I gleaned two critical sets of information from the white paper and webinar:
- A formal structure for analyzing the costs and benefits associated with Security Intelligence deployments
- Hard data (costs and benefits) based on the experiences of Q1 Labs customers
With these two elements, you have the foundation to conduct your own ROI / ROS analysis. View the webinar today to see how.
In the interest of sharing best practices, we’d also like to hear from you, our valued readers. How have you conducted ROI and ROS analyses in your own organization?
Posted by Melissa Stevens in Cybersecurity, Federal, In the Industry, Q1 Labs
Everyone likes recognition, especially when it comes directly from senior IT executives from across the federal government.
Yesterday it was announced that the Government Technology Research Alliance (GTRA) has named Q1 Labs the “Best Info Security Solution.” This special recognition is notable as it was the senior IT executives, deputy directors, CIOs and CTOs of major government agencies in attendance at their semi-annual council meeting that voted. These executives are tasked with improving their cyber security posture and better managing costs to do so.
This award also makes us eligible for another honor, the GovTek Award. Winners of this award will be announced on February 2, 2012, and will be selected by members of the government IT community.
Why were we chosen for this honor? GTRA explains, “Q1 Labs won the ‘Best Info Security Solution’ award for their collaboration with government in their boardroom, ‘Security Intelligence for Government Agencies,’ discussing cost-effective solutions using existing platforms in addition to integrating new applications allowing the visibility of potential vulnerabilities.”
Read more details in the GTRA announcement. Click here to learn about other ways Q1 Labs is working with government agencies to defend their infrastructure against theft, breach and vulnerabilities.
Posted by Melissa Stevens in Cloud Security, Cybersecurity, In the Industry
What control do you have over data once it leaves your network? Do you have any idea where it’s been, or what’s been done to it?
In his latest contribution at Security Week, Chris Poulin ponders the concept of smarter data; data that is self aware. In an effort to combat security issues with “free-range data”- issues like lack of access control, identification and tamper-proofing- Poulin suggests that looking at data as an object made up of code, properties and of course, the data itself, would eliminate these security challenges.
He says, “Putting on my developer’s hat, I envision data as an object composed of some sort of universal code, the data, and accompanying properties. To protect the information and code, it could only be run on a system controlled by the data’s owner, perhaps using a method similar to public/private key pairs, and aside from innocuous information about the certificate, everything else is encrypted.
The benefits are manifold: you could revoke access to any individual at any time, self-destruct the data (well, the decryption keys anyway), and implement true data-in-motion DLP, just to name a few. Additionally, you could provide tiered access to the data or properties based on role or user, which would be useful in helping cloud providers make intelligent decision on how to store and handle the data, for example.”
Click here to read the full article, “Self Aware Data? Smarter for Sure,” and share your thoughts on Poulin’s ideas about smarter data. Is he dreaming big or just dreaming?
The latest on Cyber Security