As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
Insight
-
-
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives? -
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.” -
Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.
-
Hitachi NEXT this year had a new feel about it. Sure, there was some great tech, which we will get to in a minute, but speaking with the attendees and the executives, there was an element of excitement in the air. Hitachi Vantara has already had great tech, but this year, with new innovations for the data center, the cloud, and data ops, there is much more to Hitachi Vantara than in years past. -
I had the opportunity to attend the live Made By Google ’19 event in New York City on October 15, 2019.
Given the pace of change and innovation in the market it is fascinating to attend these events and get a firsthand look at the technology. As a consumer, it is easy to get excited about the latest gadgets, but businesses have traditionally been accustomed to technology lifecycles that are measured and accounted for in years–often 3, 5, and even 10 year increments. Innovators like Google are moving at a pace that is difficult to digest, never mind consume for mainstream businesses.
-
Commvault GO is taking place this week in Denver and I am attending the event with a couple of ESG colleagues. The company is vastly different from the one we saw last year, to say the least: New leadership, a significant acquisition under its belt (its first actually), a new backup service, and a roadmap full of goodies for end-users. Commvault is not changing, it has already changed. The company is actively morphing into its next phase of evolution which will come with some adjustments to its go to market.
-
With continued, persistent phishing attacks affecting organizations of all sizes across all industries, a resurgence of investment in email security solutions is occurring. As organizations shift their email strategies to cloud-delivered providers, most falsely believe that these providers offer comprehensive email security controls. Traditional secure email gateways are no longer sufficient to protect organizations against modern email attack techniques. Third-party email security controls will be required to effectively secure organizations utilizing cloud-delivered email services against modern, sophisticated, email-borne attacks.
-
McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time attending was well-spent. McAfee’s always done a good job focusing its message and approach for these types of events, and this year was no different. The major announcements focused on cloud and analytics, with a bit of open architectures and partnerships included as well – all top of mind priorities for security practitioners. -
Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. Want proof? Look at the homepages of the biggest cybersecurity vendors in the industry, and you’re not likely to find a cybersecurity awareness month word anywhere.
To me, this is a crying shame. Almost all US citizens interact with the internet every day and need to better understand the associated risks so they can make educated decisions online. This education could be a collective benefit for all of us.
Allow me to provide a few examples of the cybersecurity knowledge deficit with some observations, research, and suggestions:
- Business executives need cybersecurity awareness of cyber-risks. According to research from ESG and the Information Systems Security Association (ISSA), 23% of infosec pros say that one of their biggest challenges is that business managers don’t understand or support an appropriate level of cybersecurity at their organization. This is hard to believe in 2019, but too many CEOs and corporate boards still think that their organizations aren’t attractive targets, so they see no need to invest in strong cybersecurity. This is simply head-in-the-sand behavior. In my humble opinion, responsible executives owe it to their shareholders, customers, and employees to further educate themselves on cyber-risk and include cybersecurity as part of overall risk management strategies. Hey, October 2019 is a great time to start. Eventually, strong cybersecurity will be an organizational requirement. Laggards will be digital pariahs, mark my word.
- IT executives need to align cybersecurity awareness with new technology initiatives. Thirty-nine percent of cybersecurity professionals say that the most stressful aspect of their job is finding out about IT initiatives with no security oversight. In other words, IT teams go build and buy new applications for things like digital transformation and don’t get the cybersecurity team involved during design, planning, or development phases of these projects. This situation is ripe for change. During October, IT teams should bolster their cybersecurity awareness so that they understand new project risks and can bake security into development rather than bolt it on later. This can help improve security and decrease costs.
- Cybersecurity professionals need continuous cybersecurity awareness improvement. Ninety-three percent of cybersec pros agree that they need continuous training to keep up with the latest threats, yet 66% admit that they can’t keep up with training due to the demands of their day-to-day jobs. Wow, there’s a lot of cybersecurity awareness to go around here! CISOs must be aware of this training gap and find ways to free up staff from daily drudgery so they have ample time for continuous education. As for cybersecurity professionals themselves, they should be aware that without ongoing cybersecurity knowledge improvement, they risk becoming dinosaurs. For them, improved cybersecurity awareness should be a daily goal.
A long time ago, the tagline for my blog read: ‘cybersecurity: it’s way worse than you think.’ Unfortunately, this soundbite is truer today than it was in the past. It’s time we stopped treating cybersecurity awareness month like a federal boondoggle and started an honest concerted effort to truly educate the public and make measurable progress on cybersecurity awareness every October. The world would be a better place if we did.
-
I recently had the opportunity to spend some time in the Verizon 5G lab in Waltham MA. Verizon was hosting an analyst day to demonstrate how Verizon is going to use 5G to enable enterprises to deliver new capabilities and services or deliver differentiated experiences to customers.The day got started with a presentation from Toby Redshaw, SVP of 5G and Innovation. Toby started the discussion by highlighting a familiar theme, that the speed of technology transitions is accelerating. He referenced the fourth industrial revolution occurring, which he noted as the “Real-time Enterprise,” but importantly noted that instead of this industrial revolution taking 50 to 60 years, this one would happen much faster, perhaps in the next five to six years. He noted the need for enterprises to operate in real time, which we have seen evidence of as organizations distribute compute to the edge. This also provides a solid entry point for a high bandwidth, ultra-low latency solution like 5G. (more…)
-
According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries.
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives?
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”
Hitachi NEXT this year had a new feel about it. Sure, there was some great tech, which we will get to in a minute, but speaking with the attendees and the executives, there was an element of excitement in the air. Hitachi Vantara has already had great tech, but this year, with new innovations for the data center, the cloud, and data ops, there is much more to Hitachi Vantara than in years past.
Commvault GO is taking place this week in Denver and I am attending the event with a couple of ESG colleagues. 
McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time 
Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. 
I recently had the opportunity to spend some time in the Verizon 5G lab in Waltham MA. Verizon was hosting an analyst day to demonstrate how Verizon is going to use 5G to enable enterprises to deliver new capabilities and services or deliver differentiated experiences to customers.
According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries.