The set of announcements at AWS’s annual re:Invent is always impressive, albeit a bit of a firehose for which AWS’s own Amazon Kinesis data streaming processing engine would be helpful. At last week’s AWS re:Invent, a seminal annual IT event only AWS can get away with scheduling the week after Thanksgiving, the company announced a number of important security capabilities, some small, some big, all customer-driven. Thematically, in addition to a clear focus on identity and access management features designed to help customers rein in their AWS identities and secure S3 buckets, AWS is clearly focused on enabling enterprise-class use cases. (more…)
Cybersecurity & Networking
-
-
The Enterprise Strategy Group cybersecurity analyst team got together recently to discuss our top predictions for 2020. This brief details our predictions in three categories: threats, technology, and the cybersecurity community (i.e., cybersecurity professionals and the industry at large).
For more information or to discuss these findings with an analyst, please contact us.
-
Getting Email Security Right Is More Important than Ever BeforeWith business email compromise racking up some of the largest financial theft associated with cyber-crime, and the relentless use of phishing as a means to trick users into handing over user credentials and other personal and sensitive data to bad actors, security organizations need to take a hard look at how their email security solutions are protecting against these issues.
Between the move to cloud-delivered email solutions and the general belief that email security has become commoditized, few are prioritizing email security as a top investment priority for the coming year. Yet there’s a ton of innovation happening in email security to help fight phishing, business email compromise (BEC) attacks, and leakage of the sensitive data that lives within the vast array of email mailboxes.
Email Continues as the Lifeblood of Communications
As much as I’d like to say that email plays less of a role in today’s business communications, it continues to be the lifeblood of daily communications for most workers. In addition to communication, most workers use email as their “uber-filing-system,” packing away emails received and sent, with little regard for any sensitive data that exists within them. Further, email addresses often act as core identifiers that get reused to access multiple applications, with 63% of ESG research respondents reporting that they use the same password to access multiple work devices and/or applications.
Traditional Email Security
For a long time, email security was about preventing the transport of malware, as attackers leveraged email to trick users into executing various types of malware attachments to compromise an endpoint. While secure email gateways (SEGs) are commonplace to prevent these kinds of attacks, SEGs often lack the ability to protect against more advanced, modern, email-borne attacks.
Email-borne Threats
Over the past few years, new types of harder-to-identify threats have emerged, continuing to leverage techniques that fool workers, convincing them to open malicious attachments, click on malicious links, and carry out malicious actions as instructed by impersonated senders. These activities facilitate credential theft, PII theft, and the fraudulent transfer of money into the hands of criminals.
Modern email-borne threats are facilitated by:
- Malware payloads/attachments – leading to ransomware delivery and botnet drone delivery, and used as an entry for more complex attacks that start with simple reconnaissance and lateral movement.
- Phishing attacks – leading to credential theft, PII theft, and business email compromise. Most include spoofed urls leading to fake copycat sites that capture credentials and other sensitive data (especially popular with Microsoft O365, Exchange, and OneDrive). Once stolen, credentials are often used in botnet-driven credential stuffing/replay attacks, counting on the reuse of the same username and password for multiple applications or websites.
- Impersonation attacks (sender spoofing)
- Impersonation of third-party, popular services like Dropbox, Office365, and others often catch people off guard. These attacks can involve multiple, related emails, in the form of a campaign, used to establish trust, but ultimately are used for phishing, BEC, or other fraudulent activities.
- Business email compromise
- BEC is often comprised of highly targeted, multi-step deceit, beginning with credential theft to provide context for criminals as they orchestrate believable conversations that ultimately lead to the fraudulent transfer of money and/or assets. Impersonating supply chain vendors is common here, as the transfer of large sums of money are commonplace.
- Sensitive data leakage (intentional and unintentional)
- Intentional – Typically includes the theft of intellectual property and other sensitive data. Email is often used as the transport, forwarding company emails to personal email accounts.
- Unintentional – Email clients make it easy to misaddress emails that result in sending sensitive data to the wrong person. Also commonplace is accidentally sending the wrong attachment that may include sensitive data.
- Credential theft – When credentials are stolen, impostors gain access to email accounts where they can search for and easily exfiltrate sensitive data by forwarding or auto-forwarding emails to other locations.
New Email Security Options
Fortunately, new security solutions are rapidly becoming available that monitor for behaviors that align with these modern attacks. The use of natural language processing is enabling security solutions to track expected communications and content behaviors, warning or stopping malicious activities. Email sender verification using DMARC, DKIM, and SPF are helping organizations limit impersonation attacks.
Next-gen email solutions from emerging security vendors like Valimail, Greathorn, Armorblox, and Abnormal Security together with market leaders like Mimecast, Proofpoint, Fortinet, Cisco, Symantec, and Trend Micro are leveraging these approaches to strengthen email security to protect against these plaguing email threats.
The threat landscape associated with email is rapidly changing, so security teams need to pay close attention to ensure that their email security solutions can keep up. Don’t assume that your current SEG has you covered. Help is out there but focus and attention to this evolving threat vector is required.
-
This cybersecurity market data covers:
- The cybersecurity services landscape
- Recent services engagements
- Purchase processes and considerations
-
In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach. -
When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.
-
I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.
-
As 2019 rolls into the history books, it is time to evaluate how networking has evolved this year and think about what organizations can expect in 2020. This year witnessed the initial deployments of 5G networks, the rollout of WiFi 6, continued mergers and acquisitions, the introduction of new chipsets that enable greater throughput (400Gbps), and greater emphasis on end-to-end networking. It also witnessed underlay and overlay integration and IBN. Additionally, network automation continued to progress, as SD-WAN deployments made more progress on their way to becoming ubiquitous.
This brief looks at the key trends and events that will shape networking technologies, suppliers, and customers in 2020.
For more information or to discuss these findings with an analyst, please contact us.
-
As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
-
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives? -
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”
-
Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.
Getting Email Security Right Is More Important than Ever Before
In a previous 
When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.
I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.
As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives?
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”