Cybersecurity & Networking

McAfee chose “time” as the overarching theme of its 2019 MPower conference, held the week of October 2 in Las Vegas. The idea of the theme being that time is central to everything we do in the cybersecurity industry. Attackers look to increase dwell time while security teams try to reduce mean time to detect (MTTD) and mean time to response (MTTR). For what it’s worth, I felt that my time attending was well-spent. McAfee’s always done a good job focusing its message and approach for these types of events, and this year was no different. The major announcements focused on cloud and analytics, with a bit of open architectures and partnerships included as well – all top of mind priorities for security practitioners.

(more…)

Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. 

Want proof? Look at the homepages of the biggest cybersecurity vendors in the industry, and you’re not likely to find a cybersecurity awareness month word anywhere.

To me, this is a crying shame. Almost all US citizens interact with the internet every day and need to better understand the associated risks so they can make educated decisions online. This education could be a collective benefit for all of us.

Allow me to provide a few examples of the cybersecurity knowledge deficit with some observations, research, and suggestions:

1. Business executives need cybersecurity awareness of cyber-risks. According to research from ESG and the Information Systems Security Association (ISSA), 23% of infosec pros say that one of their biggest challenges is that business managers don’t understand or support an appropriate level of cybersecurity at their organization. This is hard to believe in 2019, but too many CEOs and corporate boards still think that their organizations aren’t attractive targets, so they see no need to invest in strong cybersecurity. This is simply head-in-the-sand behavior. In my humble opinion, responsible executives owe it to their shareholders, customers, and employees to further educate themselves on cyber-risk and include cybersecurity as part of overall risk management strategies. Hey, October 2019 is a great time to start. Eventually, strong cybersecurity will be an organizational requirement. Laggards will be digital pariahs, mark my word. 
2. IT executives need to align cybersecurity awareness with new technology initiatives. Thirty-nine percent of cybersecurity professionals say that the most stressful aspect of their job is finding out about IT initiatives with no security oversight. In other words, IT teams go build and buy new applications for things like digital transformation and don’t get the cybersecurity team involved during design, planning, or development phases of these projects. This situation is ripe for change. During October, IT teams should bolster their cybersecurity awareness so that they understand new project risks and can bake security into development rather than bolt it on later. This can help improve security and decrease costs. 
3. Cybersecurity professionals need continuous cybersecurity awareness improvement. Ninety-three percent of cybersec pros agree that they need continuous training to keep up with the latest threats, yet 66% admit that they can’t keep up with training due to the demands of their day-to-day jobs. Wow, there’s a lot of cybersecurity awareness to go around here! CISOs must be aware of this training gap and find ways to free up staff from daily drudgery so they have ample time for continuous education. As for cybersecurity professionals themselves, they should be aware that without ongoing cybersecurity knowledge improvement, they risk becoming dinosaurs. For them, improved cybersecurity awareness should be a daily goal. 

A long time ago, the tagline for my blog read: ‘cybersecurity: it’s way worse than you think.’ Unfortunately, this soundbite is truer today than it was in the past. It’s time we stopped treating cybersecurity awareness month like a federal boondoggle and started an honest concerted effort to truly educate the public and make measurable progress on cybersecurity awareness every October.  The world would be a better place if we did. 

According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries.

(more…)

I had the opportunity to attend Juniper’s analyst event at its Sunnyvale, California headquarters on September 10. Truth be told, Juniper has been fairly quiet on the security front for the last few years, so I was interested to get up to speed on the company’s direction. Juniper divested the Pulse Secure portion of its portfolio in 2014 and since that time has not always articulated a consistent vision around, or emphasis on, security. My impression after listening to CEO Rami Rahim and CTO Bikash Koley lay out Juniper’s corporate vision and how the Connected Security approach ties in, is that they do see security as a core component of the overall strategy, especially as it relates to expanding the company’s enterprise footprint. Admittedly, there weren’t a lot of specifics provided relative to security announcements, but I’m an optimist and believe there will be some meat put on the bone sooner rather than later.

(more…)

I first came up with the SOAPA concept in late 2016. Here’s the blog I wrote in November of that year describing the architecture and its rationale. 

(more…)

If it’s not clear yet, elastic cloud gateways are a major focus of ESG’s network security research. I discussed the idea in a previous blog…and video…and second video. As a refresher, ECGs are multi-channel, multi-mode, cloud-delivered security gateways built on a globally distributed, cloud-native microservices platform. ECGs automatically scale to provide end-user access and threat prevention to a range of cloud services, with tightly integrated data loss prevention (DLP) capabilities utilizing a centralized control plane and scalable data plane to arbitrate access and inspect content.

(more…)

When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.

Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware sales people have a cursory understanding of the company’s security capabilities while partners often complain that beyond its Palo Alto headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.

To its credit, VMWare recognized two things:

1. Its future hybrid cloud leadership needed a much greater security presence.
2. It couldn’t get there on its own.

For these reasons, VMware acquired Carbon Black last week. Yes, this acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more. The combination of VMware and Carbon Black can:

• Provide a security bundle for Workspace One. VMware’s “intelligence-drive workspace platform” offered security features for identity and access management but lacked any native device/virtual device security safeguards. Armed with Carbon Black, VMware can provide an integrated secure workspace, similar to what Microsoft does with ATP. Beyond endpoints, Carbon Black can also be bundled with core ESX.
• Bring VMware into the growing market for threat detection and response. According to Enterprise Strategy Group research, 76% of organizations believe that threat detection and response is more difficult today than it was 2 years ago. Reasons commonly cited for this include an increase in sophisticated/targeted attacks, an increasing cybersecurity workload, and a growing attack surface. To address this, 89% of organizations plan to increase spending in this area, with 47% increasing threat detection and response spending significantly. Threat detection and response really depends upon 5 security technologies: EDR, NTA, file sandboxing, threat intelligence, and security analytics. With Carbon Black, recent acquisition Veriflow, and its vRealize product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need a helping hand with threat detection/response. 
• Further complement its hybrid cloud strategy with security. In its quest to anchor hybrid cloud infrastructure, VMware recently purchased Intrinsic, a company focused on securing serverless workloads. While Carbon Black doesn’t currently support cloud workload security, these capabilities should become part of the offering by early 2020. When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e., virtual servers, containers, serverless, etc.). 

Aside from technical assets, Carbon Black has a global security-savvy salesforce and strong partner program execution. These capabilities further address VMware’s historical security weaknesses.

While VMware has its checkbook out, it could further bolster its security stance with a few additional acquisitions in:

• Network traffic analytics (NTA). ESG research indicates that 43% of organizations consider NTA the “first line of defense” for threat detection and response. Rather than build security capabilities into vRealize, perhaps VMware should buy a pure-play security expert like Corelight, DarkTrace, or Vectra Networks.
• Security analytics and operations. This would be a big move for VMware but it’s certainly demonstrating bold behavior. Could Exabeam, Jask, or SumoLogic be in the cards?

Regardless of future moves, VMware just took a major step toward becoming a cybersecurity leader while shaking up the security industry. My learned colleague Dave Gruber and I will be watching and reporting on further progress and developments. 

With the recent announcement by VMware that it will be acquiring Carbon Black, VMware will be adding much needed security expertise and technology to its already strong portfolio.

(more…)