This cybersecurity market data covers:
- The cybersecurity services landscape
- Recent services engagements
- Purchase processes and considerations
This cybersecurity market data covers:
In a previous blog, I discussed the multi-channel coverage of the elastic cloud gateway (ECG) architecture. In short, ECGs consolidate the functionality of multiple point products to improve centralized visibility and control over an organization’s traffic – be it network, web, or cloud application-based. A key enabler of this consolidation is the microservices architecture of ECGs and the inherent scalability that comes from a cloud-native approach.
When ESG began discussing the elastic cloud gateway (ECG) architecture in July, one of the key questions we were asked centered on SD-WAN and the importance of the convergence of networking and security. The short answer is that while strong integrations between networking and SD-WAN functionality and security capabilities are clearly necessary, partnerships will be the predominant route for the next few years. Sure, there are vendors that will provide both, be they someone like Cisco that has both networking and security capabilities, or smaller upstarts like Cato Networks. But our feeling was that those would be the exceptions, not the rule.
I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.
As 2019 rolls into the history books, it is time to evaluate how networking has evolved this year and think about what organizations can expect in 2020. This year witnessed the initial deployments of 5G networks, the rollout of WiFi 6, continued mergers and acquisitions, the introduction of new chipsets that enable greater throughput (400Gbps), and greater emphasis on end-to-end networking. It also witnessed underlay and overlay integration and IBN. Additionally, network automation continued to progress, as SD-WAN deployments made more progress on their way to becoming ubiquitous.
This brief looks at the key trends and events that will shape networking technologies, suppliers, and customers in 2020.
As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.
With only 12 months in a year and hundreds or thousands of important topics to educate people on, how are people ever going to cut through it all and hear about how important cybersecurity is? With cyber breach stories running in virtually every news media outlet weekly, is cybersecurity just becoming background noise in our busy lives?
A couple of weeks ago, a company called Pensando came out of stealth mode in NYC. It was formed from what the chairman of the company, John Chambers, is coining “a different kind of 20 somethings.” Indeed this is not a typical Silicon Valley, hoodie and sneakers wearing 20 year olds’ startup, but rather one that has founders with 20 something years of delivering innovative and disruptive technologies time and time again (think Andiamo, Insieme etc.). They are all ex-Cisco senior executives, Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, colloquially referred to as “MPLS.”
Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.
With continued, persistent phishing attacks affecting organizations of all sizes across all industries, a resurgence of investment in email security solutions is occurring. As organizations shift their email strategies to cloud-delivered providers, most falsely believe that these providers offer comprehensive email security controls. Traditional secure email gateways are no longer sufficient to protect organizations against modern email attack techniques. Third-party email security controls will be required to effectively secure organizations utilizing cloud-delivered email services against modern, sophisticated, email-borne attacks.
McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time attending was well-spent. McAfee’s always done a good job focusing its message and approach for these types of events, and this year was no different. The major announcements focused on cloud and analytics, with a bit of open architectures and partnerships included as well – all top of mind priorities for security practitioners.
Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large.
Want proof? Look at the homepages of the biggest cybersecurity vendors in the industry, and you’re not likely to find a cybersecurity awareness month word anywhere.
To me, this is a crying shame. Almost all US citizens interact with the internet every day and need to better understand the associated risks so they can make educated decisions online. This education could be a collective benefit for all of us.
Allow me to provide a few examples of the cybersecurity knowledge deficit with some observations, research, and suggestions:
A long time ago, the tagline for my blog read: ‘cybersecurity: it’s way worse than you think.’ Unfortunately, this soundbite is truer today than it was in the past. It’s time we stopped treating cybersecurity awareness month like a federal boondoggle and started an honest concerted effort to truly educate the public and make measurable progress on cybersecurity awareness every October. The world would be a better place if we did.