In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach.
Cybersecurity & Networking
-
-
When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule. -
I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike. -
As 2019 rolls into the history books, it is time to evaluate how networking has evolved this year and think about what organizations can expect in 2020. This year witnessed the initial deployments of 5G networks, the rollout of WiFi 6, continued mergers and acquisitions, the introduction of new chipsets that enable greater throughput (400Gbps), and greater emphasis on end-to-end networking. It also witnessed underlay and overlay integration and IBN. Additionally, network automation continued to progress, as SD-WAN deployments made more progress on their way to becoming ubiquitous.
This brief looks at the key trends and events that will shape networking technologies, suppliers, and customers in 2020.
For more information or to discuss these findings with an analyst, please contact us.
-
As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
-
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives? -
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”
-
Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.
-
With continued, persistent phishing attacks affecting organizations of all sizes across all industries, a resurgence of investment in email security solutions is occurring. As organizations shift their email strategies to cloud-delivered providers, most falsely believe that these providers offer comprehensive email security controls. Traditional secure email gateways are no longer sufficient to protect organizations against modern email attack techniques. Third-party email security controls will be required to effectively secure organizations utilizing cloud-delivered email services against modern, sophisticated, email-borne attacks.
-
McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time attending was well-spent. McAfee’s always done a good job focusing its message and approach for these types of events, and this year was no different. The major announcements focused on cloud and analytics, with a bit of open architectures and partnerships included as well – all top of mind priorities for security practitioners. -
Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. Want proof? Look at the homepages of the biggest cybersecurity vendors in the industry, and you’re not likely to find a cybersecurity awareness month word anywhere.
To me, this is a crying shame. Almost all US citizens interact with the internet every day and need to better understand the associated risks so they can make educated decisions online. This education could be a collective benefit for all of us.
Allow me to provide a few examples of the cybersecurity knowledge deficit with some observations, research, and suggestions:
- Business executives need cybersecurity awareness of cyber-risks. According to research from ESG and the Information Systems Security Association (ISSA), 23% of infosec pros say that one of their biggest challenges is that business managers don’t understand or support an appropriate level of cybersecurity at their organization. This is hard to believe in 2019, but too many CEOs and corporate boards still think that their organizations aren’t attractive targets, so they see no need to invest in strong cybersecurity. This is simply head-in-the-sand behavior. In my humble opinion, responsible executives owe it to their shareholders, customers, and employees to further educate themselves on cyber-risk and include cybersecurity as part of overall risk management strategies. Hey, October 2019 is a great time to start. Eventually, strong cybersecurity will be an organizational requirement. Laggards will be digital pariahs, mark my word.
- IT executives need to align cybersecurity awareness with new technology initiatives. Thirty-nine percent of cybersecurity professionals say that the most stressful aspect of their job is finding out about IT initiatives with no security oversight. In other words, IT teams go build and buy new applications for things like digital transformation and don’t get the cybersecurity team involved during design, planning, or development phases of these projects. This situation is ripe for change. During October, IT teams should bolster their cybersecurity awareness so that they understand new project risks and can bake security into development rather than bolt it on later. This can help improve security and decrease costs.
- Cybersecurity professionals need continuous cybersecurity awareness improvement. Ninety-three percent of cybersec pros agree that they need continuous training to keep up with the latest threats, yet 66% admit that they can’t keep up with training due to the demands of their day-to-day jobs. Wow, there’s a lot of cybersecurity awareness to go around here! CISOs must be aware of this training gap and find ways to free up staff from daily drudgery so they have ample time for continuous education. As for cybersecurity professionals themselves, they should be aware that without ongoing cybersecurity knowledge improvement, they risk becoming dinosaurs. For them, improved cybersecurity awareness should be a daily goal.
A long time ago, the tagline for my blog read: ‘cybersecurity: it’s way worse than you think.’ Unfortunately, this soundbite is truer today than it was in the past. It’s time we stopped treating cybersecurity awareness month like a federal boondoggle and started an honest concerted effort to truly educate the public and make measurable progress on cybersecurity awareness every October. The world would be a better place if we did.
-
I recently had the opportunity to spend some time in the Verizon 5G lab in Waltham MA. Verizon was hosting an analyst day to demonstrate how Verizon is going to use 5G to enable enterprises to deliver new capabilities and services or deliver differentiated experiences to customers.The day got started with a presentation from Toby Redshaw, SVP of 5G and Innovation. Toby started the discussion by highlighting a familiar theme, that the speed of technology transitions is accelerating. He referenced the fourth industrial revolution occurring, which he noted as the “Real-time Enterprise,” but importantly noted that instead of this industrial revolution taking 50 to 60 years, this one would happen much faster, perhaps in the next five to six years. He noted the need for enterprises to operate in real time, which we have seen evidence of as organizations distribute compute to the edge. This also provides a solid entry point for a high bandwidth, ultra-low latency solution like 5G. (more…)
When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.
I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.
As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives?
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”
McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time 
Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. 
I recently had the opportunity to spend some time in the Verizon 5G lab in Waltham MA. Verizon was hosting an analyst day to demonstrate how Verizon is going to use 5G to enable enterprises to deliver new capabilities and services or deliver differentiated experiences to customers.