I spent the last few days at AWS re:Inforce 2019, here in Boston. It was my first AWS event and I came away with a few strong impressions:
Cybersecurity & Networking
-
-
Extreme will be celebrating the 4th of July holiday with its latest acquisition, Aerohive. In what seems to be a trend for Extreme, it was able to pick up the company for a good price (especially when compared to other recent WiFi acquisitions). The big difference, however, is that in this case it did not just acquire the assets, but rather the whole company. Translation – this one should be a bit smoother, more predictable and hopefully lacking surprises! -
The big news in Las Vegas this week was HPE’s decision to go all in on “as a service.” Emboldened by its success with GreenLake, Antonio Neri announced the entire HPE portfolio would be available “as a service” by 2022. To be clear, HPE will continue to sell products via traditional CapEx methods, as well, offering its customers choice. Its premise is that it believes that cloud is not a destination, but rather it is an experience and so this announcement challenges the notion that cloud first equals public cloud only, and deliver the same cloud experience with Greenlake. The new “as a service” option will include subscription, pay-per-use and consumption models and fall under the GreenLake brand. -
Before GDPR became official in May 2018, I heard a similar story from many CISOs. In the past, data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.
GDPR changed everything. Data privacy is no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team. CISOs were asked to utilize their operational expertise to help operationalize data privacy programs.
Not surprisingly, CISOs dragged the cybersecurity team along for the data privacy ride. According to a recent research report from ESG and ISSA, 40% of cybersecurity professionals surveyed say that the cybersecurity team has taken a significantly more active role around data privacy over the past 12 months while another 44% claim that the cybersecurity team is somewhat more active around data privacy during this timeframe.
Now it’s important to remember that cybersecurity pros aren’t exactly waiting around for things to do. In fact, the research indicates that 74% of organizations have been impacted by the global cybersecurity skills shortage, resulting in an increasing workload for the infosec team. Add data privacy responsibilities to the list.
Piling data privacy responsibilities onto an already overwhelmed cybersecurity staff comes with some risk. To mitigate this risk, cybersecurity professionals should receive appropriate data privacy training, roles and responsibilities should be well defined, all data privacy processes should be documented, and the cybersecurity team should have the proper data analytics tools to monitor program successes.
Unfortunately, this isn’t happening. The research indicates:
- 23% of survey respondents don’t believe they have received the right level of training for their tasks related to data privacy.
- 21% of survey respondents don’t believe that the cybersecurity team has been given clear direction around their responsibilities for data privacy.
- 17% of survey respondents believe that the cybersecurity team is generally uncomfortable with this new data privacy responsibility.
Too often, privacy and security are thrown in the same bucket, but this is a mistake. Data privacy is all about data classification and lifecycle management of sensitive data (i.e., who can access it, where it should be stored, how it should be destroyed, etc.). Alternatively, security teams are responsible for building, maintaining, and monitoring walls around sensitive data.
Yes, GDPR, the impending California Consumer Privacy Act (CCPR) will bring security and data privacy closer together, but this merger should be done carefully, not haphazardly. The ESG/ISSA data demonstrates that there’s a lot of work ahead to bring data privacy and security together in a way that mitigates risk and doesn’t disrupt ongoing processes.
-
Last week, I attended Cisco Live US in San Diego to hear the latest and greatest from Cisco executives and technology leaders. Following Cisco’s campus refresh a couple of months ago, the company continued to execute against its Intent-based networking imperative with a number of announcements aimed at making your network solutions smarter, simpler, and more secure.
-
In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.
Winning in this market requires more than just a deep understanding of cyberattacks and how to stop them. It requires a deep understanding of what challenges organizations are facing as they strive to protect themselves while their attack-surface grows, amid a growing base of adversaries who are innovating at a pace that rivals many of the world’s most successful tech companies.
-
Given the increasing complexity and scale of IT environments, it is becoming clear that technologies like artificial intelligence (AI) and machine learning (ML) will be required for operations teams to effectively and efficiently manage these environments. This is especially true for the network in highly distributed environments, since it plays an integral role in connecting data centers, clouds, and edge environments. Cisco wants to make its intent-based networking (IBN) solutions smarter, simpler, and more secure by adding AI/ML and multi-domain integration. At this year’s Cisco Live in San Diego, Cisco announced its latest innovations for IBN, AI Network Analytics, along with tight domain integration and additional AI/ML support in DevNet.
-
Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways: -
Sophos announced that it acquired Rook Security and entered the managed detection and response (MDR) market. Channel consideration was of paramount concern in the go-to-market strategy. Sophos’ entrance into MDR will help address a growing requirement in its customer base. Sophos must execute integration, customer retention, and partner success in lock step to achieve its “cybersecurity evolved” goal of creating “an intelligent, integrated system.”
-
Insight Partners announced on May 30, 2019 that it will acquire Recorded Future for $780M. In a broad market of threat intelligence competitors, Recorded Future shines brightly because of its “all-source” approach. ESG fully expects Recorded Future to expand geographically and continue broadening integrations and partnerships. It must also protect its existing relationships as it grows to the next level.
-
One of the marketing campaigns that resonated the most with me over the last few years is the messaging behind Trend Micro’s XGen campaign because it aptly captures the challenge cybersecurity teams face: the complexity of securing multiple generations of technology. That is, it’s not just about next-gen. It’s also about protecting the last gen, and whatever comes after next-gen.After all, while we still have mainframes, tape libraries, and Oracle running on UNIX, appdev teams are leveraging public cloud platforms and a rich set of microservices to rapidly build and deliver applications. Such heterogeneity represents a requirement to secure a diverse set of applications stacks deployed across hybrid, multi-clouds. Palo Alto Networks’ stated intention to acquire Twistlock and PureSec, the former for container security, and the latter for serverless security, is a strong move to add cloud-native application security controls to companies’ already extensive product portfolio.
Why Twistlock and PureSec
Twistlock, a pioneer, along with Aqua Security, in container security, initially helped organizations secure their journey to microservices architectures with a focus on identifying and remediating container image vulnerabilities. As organizations moved along the build-ship-run continuum and started to deploy containerized apps to production, Twistlock provided an anomaly-based approach to threat detection. More recently, Twistlock has delivered additional runtime controls including file integrity monitoring and RASP (runtime application self-protection), all new and highly valuable additions to Palo Alto’s set of cloud security products.
With serverless functions being employed in the context of microservices architected applications, Palo Alto Networks needed to move yet further up the stack. PureSec fills this gap with what PureSec describes as a serverless security firewall, one that assesses the runtime behavior of serverless functions including how functions interact with file systems, run shell commands, communicate with external entities, and more. This anomaly-based approach is well aligned with Twistlock’s similar approach to runtime container security, and the serverless firewall positioning is certainly sympatico with Palo Alto Networks’ roots.
Rationalizing Palo Alto Networks’ Cloud Security Portfolio
So, where does Twistlock and PureSec fit in the PAN portfolio? I’m looking forward to learning more about how the new products will be packaged at Palo Alto’s Ignite event next week, but both seem to fit neatly under the newly announced Prisma cloud security product brand.
After acquiring Evident.IO and Redlock, Palo Alto needed to rationalize those cloud security posture management (CSPM) products with the company’s Aperture cloud access security broker (CASB), GlobalProtect Zero Trust network segmentation product, Traps host-based anti-exploit control, and, of course, the vm-based firewall series. Prisma does that in a clean new packaging model with functional descriptors.
Why is that a big deal? When vendors acquire multiple companies and retain the company and/or product brands, it creates a tremendous amount of confusion for buyers, channel partners, and sellers alike; the lack of descriptive product names too often requires the equivalent of a decoder ring to map brands to functional capabilities. The last thing cybersecurity leaders need is additional complexity, so kudos to Palo Alto for getting crisp on branding and packaging.
The Makings of an Enterprise-class Cybersecurity Platform
We’re all well aware of the acute shortage of cybersecurity skills. Recent research conducted by ESG highlights the issue with 53% of organizations citing a problematic shortage of cybersecurity skills. Two-thirds of the participants in the same study shared that IT has become more complex over the last two years. These realities, along with ever-motivated adversaries, are the drivers behind the trend toward cybersecurity platforms that provide threat detection, prevention, and response across major attack vectors via a centralized, cloud-delivered control plane.
By adding container and serverless security controls to their roster of cybersecurity products and services, Palo Alto Networks is well positioned to meet the cybersecurity platform market requirement. But as is true with any acquisition, it’s all about integration. Beyond integrating the teams and the go-to-market model, it will be critical that the technology be integrated into a clearly packaged set of offerings that ride on a common platform. Prisma provides the packaging framework, now the tech needs a platform of shared services to provide improved operational efficiencies desperately needed to mitigate the ongoing lack of skills and increased complexity.
-
As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.
Extreme will be celebrating the 4th of July holiday with its latest acquisition, Aerohive. In what seems to be a trend for Extreme, it was able to pick up the company for a good price (especially when compared to other recent WiFi acquisitions). The big difference, however, is that in this case it did not just acquire the assets, but rather the whole company. Translation – this one should be a bit smoother, more predictable and hopefully lacking surprises!
The big news in Las Vegas this week was HPE’s decision to go all in on “as a service.” Emboldened by its success with GreenLake, Antonio Neri announced the entire HPE portfolio would be available “as a service” by 2022. To be clear, HPE will continue to sell products via traditional CapEx methods, as well, offering its customers choice. Its premise is that it believes that cloud is not a destination, but rather it is an experience and so this announcement challenges the notion that cloud first equals public cloud only, and deliver the same cloud experience with Greenlake. The new “as a service” option will include subscription, pay-per-use and consumption models and fall under the GreenLake brand.
Before GDPR became official in May 2018, I heard a similar story from many CISOs. In the past, data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.
In the cybersecurity world, we cheer when companies are as successful as CrowdStrike in their recent IPO. This kind of success helps fuel the energy level across the entire cyber industry, rising the tide for all who are focused on keeping the world safe from cyberattacks.
Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways:
One of the marketing campaigns that resonated the most with me over the last few years is the messaging behind Trend Micro’s XGen campaign because it aptly captures the challenge cybersecurity teams face: the complexity of securing multiple generations of technology. That is, it’s not just about next-gen. It’s also about protecting the last gen, and whatever comes after next-gen.
As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.