Posts Tagged ‘Analysts’
Posted by John Burnham in In the Industry, Security Intelligence
I recently returned from the Gartner Security Summit in London, an annual
affair. While it was moved back to the stodgy Hotel Lancaster (it was in a shiny new hotel on the Thames last year), it was highly attended and very, very active. Since last year, the news has been all about prominently disclosed attacks, internal and external, so the over-arching theme was sophisticated attacks. That awareness of risk and threat is solidly at the BoD level with Gartner clients, and the edict from on high: get our house in order, as it is only a matter of time and in fact we probably have already been breached to some extent.
Enterprise Security Intelligence is a pervasive theme with Gartner Security and Risk Management teams, and so it was at the event as well. But similar to the Washington DC event this past summer, there were far more sessions on “how to…” define your needs relative to your unique environment. And compliance has become table stakes, checklist tactics rather than an end in itself. And of course this prioritization is spot on: compliance does not equal a measurable, defensible security and risk posture.
One of the best sessions was on risks associated with cloud-sourced services. The content was pragmatic, focused on specifics, such as:
–Diverse tenancy is a new world, versus controlled environment. Your competitors could be using same cloud platform, for example.
–Public access: where are the controls?
–Economic Denial of Service: newly coined term meaning a targeted attack designed to spin up gobs of storage = gobs of cost, billed to you!
Some bits of note (can you spot my Brit vernacular?):
–Security monitoring is essential for any use cases within cloud services, be they hosted, on-prem, or MSSP-driven
–Cloud was primarily Public Cloud, versus virtual datacenter in the sessions I attended
–In one session on Security Monitoring, a definition of Security Intelligence was put forth:
- data is gathered: more is better
- reasoning is applied, in the form of analytics
- actionable information drives a decision
Pretty high level in my view, but maybe less is more.
Posted by John Burnham in Cybersecurity, In the Industry
This just published by Bernstein Research in their report entitled: “U.S. Data Networking: July Valuation Tracker”
“Network security is a secular growth market. Baseline spending is driven by regulations, making it hard for IT managers to cut security budgets in poor economic climates. The threat environment drives growth. With large increases in hacking from individuals, “for profit” hacking organizations, and state sponsored cyberattacks, we believe growth in spending on network security will outpace overall IT spending and enterprise networking equipment (excluding security) growth, grabbing a greater share of the IT budget over the next 5 years.”
We couldn’t agree more.
Posted by John Burnham in In the Industry, Threat Management
In a perfect storm for a SIEM supplier, a number of forecast-ed factors support bullish growth, according to a leading industry analyst firm.
1.) SIEM growth in both appliance and software form factors (as luck would have it we supply both) has the highest CAGR at 25.5 and 11.9 % respectively, in the Security Software world-wide forecast.
2.) The Top Ten Strategic Technologies saw a shift from 2009 to 2010 with “Security – activity Monitoring” appearing for the first time, being at Number 7. But more interestingly, SIEM plays a role in all but two (Green for IT and Flash memory) of the Top Ten. And if we say “SIEM is Green!”, then that would be 9 out of 10!
Top Ten Technologies, and SIEM’s relevance in them:
Posted by John Burnham in In the Industry, Risk Management
Q1 Labs announced QRadar Risk Manager right after RSA, on March 15, 2010. Here are some highlights, and the report from The 451 Group entitled “Q1 Labs rolls out risk-driven approach to pre-exploit remediation”.
- The end result is intended to make security analysts more efficient by directing priorities – based on a weighted set of considerations – and eventually smarter by helping them to proactively tackle risk. The approach is one that should further unsettle incumbents, and highlight who’s making the right moves among independent vendors.
- Tools are also provided to simulate attacks against specific resources to model the attack path and further refine optimal remediation procedures. The risk management tools are integrated into the QRadar console.
- The risk management capabilities further highlight the architectural distinctions between Q1 Labs and incumbents, where log management and ESIM are integrated, ans support a unified query structure.
- We anticipate the vendors will soon settle into some sort of detente at the high end. However, as ArcSight responds to the push for more cost-effective data management tier for incident response and forensics, and looks to its volume model for its Logger appliance, competition will remain fierce, especially if Q1 Labs continues to make headway.
- Although we anticipate Q1 Labs will see a higher rate of success for replacement deals (of RSA), primarily on the basis of functionality.
- Q1 Labs has managed to successfully navigate the new landscape created by the hybridization of log management and security information management – and garners a reputation for having a platform that meets the market’s new requirements for performance, functionality and scalability.
- Q1 Labs is still viewed as a feisty competitor to market leader ArcSight. at some point, the company will have to devise a strategy that reflects it has matured to become a peer and is no longer an insurgent.
- The craft of security is undergoing a rethink – prompting a new set of technical requirements that incorporate combined real-time and historical incident response and the ability to establish a multidimensional base line against which to manage change. This is where Q1 can establish itself as a horizontal franchise.
The latest on Cyber Security