Cybersecurity & Networking

According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries.

(more…)

I had the opportunity to attend Juniper’s analyst event at its Sunnyvale, California headquarters on September 10. Truth be told, Juniper has been fairly quiet on the security front for the last few years, so I was interested to get up to speed on the company’s direction. Juniper divested the Pulse Secure portion of its portfolio in 2014 and since that time has not always articulated a consistent vision around, or emphasis on, security. My impression after listening to CEO Rami Rahim and CTO Bikash Koley lay out Juniper’s corporate vision and how the Connected Security approach ties in, is that they do see security as a core component of the overall strategy, especially as it relates to expanding the company’s enterprise footprint. Admittedly, there weren’t a lot of specifics provided relative to security announcements, but I’m an optimist and believe there will be some meat put on the bone sooner rather than later.

(more…)

I first came up with the SOAPA concept in late 2016. Here’s the blog I wrote in November of that year describing the architecture and its rationale. 

(more…)

If it’s not clear yet, elastic cloud gateways are a major focus of ESG’s network security research. I discussed the idea in a previous blog…and video…and second video. As a refresher, ECGs are multi-channel, multi-mode, cloud-delivered security gateways built on a globally distributed, cloud-native microservices platform. ECGs automatically scale to provide end-user access and threat prevention to a range of cloud services, with tightly integrated data loss prevention (DLP) capabilities utilizing a centralized control plane and scalable data plane to arbitrate access and inspect content.

(more…)

When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.

Now, VMware has other security capabilities, but few cybersecurity pros know a thing about them. Why? Despite its strong technology, VMware has never established itself as a cybersecurity vendor. Many VMware sales people have a cursory understanding of the company’s security capabilities while partners often complain that beyond its Palo Alto headquarters, VMware isn’t proficient at driving security go-to-market programs with channel partners or its global sales organization.

To its credit, VMWare recognized two things:

1. Its future hybrid cloud leadership needed a much greater security presence.
2. It couldn’t get there on its own.

For these reasons, VMware acquired Carbon Black last week. Yes, this acquisition can help VMware address its historical cybersecurity shortcomings, but Carbon Black has the potential to contribute much more. The combination of VMware and Carbon Black can:

• Provide a security bundle for Workspace One. VMware’s “intelligence-drive workspace platform” offered security features for identity and access management but lacked any native device/virtual device security safeguards. Armed with Carbon Black, VMware can provide an integrated secure workspace, similar to what Microsoft does with ATP. Beyond endpoints, Carbon Black can also be bundled with core ESX.
• Bring VMware into the growing market for threat detection and response. According to Enterprise Strategy Group research, 76% of organizations believe that threat detection and response is more difficult today than it was 2 years ago. Reasons commonly cited for this include an increase in sophisticated/targeted attacks, an increasing cybersecurity workload, and a growing attack surface. To address this, 89% of organizations plan to increase spending in this area, with 47% increasing threat detection and response spending significantly. Threat detection and response really depends upon 5 security technologies: EDR, NTA, file sandboxing, threat intelligence, and security analytics. With Carbon Black, recent acquisition Veriflow, and its vRealize product, VMware now covers the whole threat detection and response enchilada. Oh, and VMware also gets Carbon Black’s managed services for the growing population of customers who need a helping hand with threat detection/response. 
• Further complement its hybrid cloud strategy with security. In its quest to anchor hybrid cloud infrastructure, VMware recently purchased Intrinsic, a company focused on securing serverless workloads. While Carbon Black doesn’t currently support cloud workload security, these capabilities should become part of the offering by early 2020. When this development is completed, VMware will offer customers security controls for physical endpoints and servers, virtual endpoints and servers, and cloud-based workloads of all types (i.e., virtual servers, containers, serverless, etc.). 

Aside from technical assets, Carbon Black has a global security-savvy salesforce and strong partner program execution. These capabilities further address VMware’s historical security weaknesses.

While VMware has its checkbook out, it could further bolster its security stance with a few additional acquisitions in:

• Network traffic analytics (NTA). ESG research indicates that 43% of organizations consider NTA the “first line of defense” for threat detection and response. Rather than build security capabilities into vRealize, perhaps VMware should buy a pure-play security expert like Corelight, DarkTrace, or Vectra Networks.
• Security analytics and operations. This would be a big move for VMware but it’s certainly demonstrating bold behavior. Could Exabeam, Jask, or SumoLogic be in the cards?

Regardless of future moves, VMware just took a major step toward becoming a cybersecurity leader while shaking up the security industry. My learned colleague Dave Gruber and I will be watching and reporting on further progress and developments. 

With the recent announcement by VMware that it will be acquiring Carbon Black, VMware will be adding much needed security expertise and technology to its already strong portfolio.

(more…)

Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.

Given this, you’d think that threat detection and response would be well resourced with highly-tuned processes running as efficiently as a Swiss watch. Unfortunately, this is far from true. According to ESG research, threat detection and response is fraught with numerous issues. Here is a list of the top 5 threat detection and response challenges, according to 372 enterprise cybersecurity and IT professionals:

(more…)

My colleague Jon Oltsik had a running blog series entitled “If I Were the Next CEO of Symantec” that he updated every few years when new leadership was introduced. With the recent announcement of Broadcom’s intention to purchase Symantec’s enterprise business unit for $10.7 billion, I thought I would beat him to the punch and create a new blog series, “If I Were the CEO of Broadcom.”

Of course, I’m not a silicon analyst, so my recommendations will be limited to the security side of Broadcom’s business. However, if I were the CEO of Broadcom and my goal was to optimize Symantec’s portfolio and properly leverage my investment, here are a few of the things I would focus on:

• Retire or divest legacy and non-core products: There are areas of the Symantec portfolio that may have made perfect sense at one time but no longer do. Much of this is due to the long (and inconsistent) acquisition history of the company. These product lines represent a small part of the business and, in many cases, limited growth opportunities. Symantec may be better off moving on from them.
  • Network Performance (Blue Coat) and Endpoint Management (Altiris) fall outside of the cybersecurity realm and don’t add a lot of incremental value to the company.
  • Control Compliance Suite (CCS) doesn’t have the breadth of more full-scale risk management platforms like RSA Archer, and has lost ground to smaller players like Tripwire.
  • VIP, Symantec’s two-factor authentication solution, has seen enhancements over the last few years in an attempt to break into the B2C space, but with CA’s Identity suite already under the Broadcom umbrella and limited B2B traction, I’d expect some changes here.
• Continue to invest in the Integrated Cyber Defense approach: ICD is Symantec’s platform architecture and represents an important opportunity moving forward. ESG research has shown that 62% of organizations would consider using a single security vendor for the majority of their security solutions, with efficacy, automation of processes, and operational efficiency being top reasons why. Symantec’s ICD vision puts it in contention to compete for these organizations’ business. Yet further development is required to expand its platform support through the rest of its portfolio, including the cloud, and increase its analytics capabilities. If this happens, Symantec will have a very compelling story to share with its customer base.
• Build deeper integrations between SWG, CASB, and DLP: Symantec has been a market leader in SWG for years but was behind the curve with the shift to cloud. That’s finally been addressed, but the vendor needs to leverage its advantages in CASB and DLP in order to not miss another seismic market shift. ESG has talked about the emergence of elastic cloud gateways, which fully integrate SWG, CASB, and DLP functionality (among other capabilities) in a cloud native, highly scalable platform that provides a globally distributed yet locally accessible experience to users. Symantec has the tools to be a key player in this space, but more work needs to be done both to integrate the products and push the huge ProxySG installed base into the cloud with Symantec rather than a competitor.
• Maintain a presence in email security: It seems like from a solution perspective this is fast becoming one of the forgotten areas of cybersecurity, even though it continues to be the preferred threat vector for attackers. Some of this can be attributed to O365 adoption and the built-in controls Microsoft offers. Yet like with all cloud services, there’s room for native controls and third-party solutions. Symantec has a robust offering here, accounting for filtering, advanced threat detection and response, isolation, and user awareness training. Symantec’s lost a good deal of ground to Proofpoint in this space, but these products provide important telemetry to the rest of the portfolio and will represent a key aspect of any platform strategy.
• Allow services to flourish: Symantec has done most of the hard work of building a strong services organization that boasts consulting and incident response, managed services, and threat intelligence. It’s expanded into the MDR realm recently as well, as that space continues to drive massive amounts of interest. Services is a lower margin business, so some changes may be coming to better fit the Broadcom operating model. But Symantec has been smart about its’ investments here, and the services portfolio gives it differentiation from many competitors. Also, ESG research has found that outside of having a full SIEM product, organizations think that having threat intelligence feeds/analytics and managed services are some of the most important analytics capabilities for enterprise-class vendors.
• Focus on the enterprise, without neglecting the upper mid-market: This will not be Broadcom’s strategy, but I’ll call it out anyway. There’s clearly an opportunity to cross-sell Symantec into the Broadcom strategic enterprise base (via CA). There’s also still expansion possible within existing Symantec accounts, both as the ICD vision comes to fruition and through ensuring the SEP installed base is fully utilizing all related products (i.e., EDR and SEP Mobile). However, some of the fastest growing cyber security companies are focusing further down market—not in the SMB, but to midsize and small enterprises. While we know it’s less expensive to sell to an existing customer than win a new one, Symantec has had limited success in this space for years and it represents another avenue to growth. To grow within the enterprise, you either need a new technology that has few or no competitors, or great technology to displace existing vendors. If Broadcom fully delivers on Symantec’s ICD vision, it can succeed in the enterprise—but in parallel, it should be looking to expand its potential customer base.

Symantec has good technology and a well-known brand but has seen sluggish growth for years. The Blue Coat acquisition had promise, but ultimately failed to deliver the success financially. Symantec is desperate for an injection of operational excellence, which Broadcom can clearly provide. However, for the business to truly succeed there needs to be additional investment—not necessarily through acquisition, but through the realization of the ICDx vision and further product enhancements to deliver the full value of the portfolio. Once the deal closes, Broadcom should quickly and clearly provide specifics on the future of the portfolio to protect Symantec’s installed base. Security is a competitive space, and customers won’t sit back and wait while uncertainty swirls.

About this time every year, the cybersecurity industry heads to “summer camp” in Las Vegas, heading to BSides, Black Hat, and/or DefCon. I attended Black Hat last week along with many members of the ESG cybersecurity team. Here are a few of my takeaways:

1. The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-baggers. (more…)