1 White Paper The Big Data Security Analytics Era Is Here By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by RSA Security and is distributed under license from ESG by The Enterprise Strategy Group, Inc. All Rights Reserved
2 2 Contents Executive Summary... 3 The Obstacles to Improving Organizational Security Maturity... 3 Legacy Security Monitoring and Analytics Tools Are Also Holding Back Progress... 6 Enter the Big Data Security Analytics Era... 8 Big Data Security Analytics Technology Transformation... 9 CISOs Must Become Big Data Security Advocates The Bigger Truth All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at
3 3 Executive Summary A few years ago, ESG created a security management maturity model that outlined a progression through four phases of a security management program s evolution. The goal was to leverage ESG research to uncover success strategies and best practices, then use this information to help CISOs build a security management plan and prioritize the right activities in order to improve security and lower risk, while continuing to build the organization s security maturity. CISOs are certainly intent on evolving the maturity of their security management, but many organizations are facing unanticipated problems that are impeding their progress. CISOs face an insidious threat landscape and an avalanche of new technology initiatives that make security management increasingly difficult. Furthermore, enterprise organizations are finding it difficult to recruit and train new security professionals leaving them under- staffed and over- burdened. Taken together, new security risks and old security challenges often overwhelm legacy security controls and analytics tools. Large organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect them from targeted attacks and advanced malware. Henceforth, security management must be based upon continuous monitoring and data analysis for up- to- the- minute situational awareness and rapid data- driven security decisions. This means that large organizations have entered the era of big data security analytics. This white paper concludes that: Security and market trends are creating new security management hurdles. Over the past few years, CISOs have come face- to- face with three difficult and converging trends. First, they face an increasingly hazardous threat landscape full of stealthy malware, social engineering, and targeted attacks from well- funded and expert adversaries. Second, they have been called upon to secure new technology initiatives such as cloud computing, mobile devices, and server virtualization. Finally, they face a security skills shortage, making it difficult to recruit and hire new security talent. These obstacles are placing new demands on existing security staff, processes, and technologies. The existing security infrastructure is no longer adequate. At many enterprise organizations, security protection and analysis depends upon an army of independent signature- based point tools, network perimeter gateways, manual processes, and specialized skills. While this loose affiliation of security technologies may have been sufficient in years past, they are no match for the scale and scope of today s threats and overall security management requirements. IT is entering the era of big data security analytics. Risk management and prevention are critical but no longer enough. Moving forward, CISOs need real- time security intelligence and situational awareness to give them visibility into their security status at all layers of the technology stack and across the enterprise. Armed with this type of intelligence, security executives can then prioritize actions, adjust security controls, accelerate incident detection, and improve workflows around incident response. Taken together, these advances can improve security while lowering security operations costs. The Obstacles to Improving Organizational Security Maturity After studying the state of enterprise information security in 2011, ESG published a security management maturity model to provide some strategic guidance for CISOs (see Figure 1). At that time, ESG believed that most organizations were still in phase 2, thus focused on compliance and defense- in- depth, but were intent on proceeding to phase 3, risk- based security, as soon as possible.
4 4 Figure 1. The ESG Information Security Management Maturity Model Source: Enterprise Strategy Group, When this model was first published in 2011, ESG assumed that risk- based security would be well established by most organizations by early 2013, but this transition has proven to be more difficult than first anticipated. The delay is not due to a lack of effort by security teams. In fact, in the past couple of years, many CEOs and other non- security executives have become more involved in information security oversight and are regularly approving projects and increasing information security budgets. Unfortunately, the transition from phase 2 to 3 for most organizations has become more difficult than projected because of: The volume and sophistication of new threats. While day- to- day cyber threats continue to increase at an exponential rate, CISOs are most concerned over the rise of targeted and advanced malware enabled attacks such as Advanced Persistent Threats (APTs). This apprehension is well deserved. According to ESG research, 59% of enterprises are certain or fairly certain that they have been the target of an APT, while 30% of enterprises believe they are vulnerable to future APTs. 1 Detecting, analyzing, and remediating advanced threats adds additional requirements to the risk- based phase while forcing CISOs to simultaneously assess and dramatically improve their incident detection and response capabilities. Rapid IT changes. Risk- based security depends upon intimate knowledge of every IT asset deployed on the network. This type of understanding is especially difficult when IT is constantly engaged in rolling out new initiatives such as server/endpoint virtualization, cloud computing, mobile device support, and supporting BYOD programs. To make matters worse, many new IT initiatives are based upon immature technologies that are prone to security vulnerabilities, and may not play well with existing security policies, controls, or monitoring tools. For example, mobile devices like smartphones and tablet computers present a number of security management challenges around policy enforcement, sensitive data discovery/management, and malware/threat management (see Figure 2). 2 The continuous adoption of new technology initiatives adds uncertainty and complexity to security management. 1 Source: ESG Research Report, U.S. Advanced Persistent Threat Analysis, November Source: ESG Research Report, Security Management and Operations: Changes on the Horizon, July 2012.
5 5 Figure 2. Mobile Device Security Challenges With regard to mobile device security, which of the following presents the most significant security challenges for your organizapon? (Percent of respondents, N=315, mulpple responses accepted) Enforcing security policies for mobile devices 48% Lost/stolen mobile devices containing sensieve data 46% Sensieve data confideneality and integrity proteceon when accessed from or stored on mobile devices 46% Malware/threat management on mobile devices 41% Supporeng new device types 41% Creaeng security policies for mobile devices 40% Discovering mobile devices as they gain access to the network 30% 0% 10% 20% 30% 40% 50% 60% Source: Enterprise Strategy Group, A growing security skills shortage. In 2012, over half of all organizations planned to add headcount to their information security group and nearly one- quarter of all organizations (23%) indicated that they had a significant shortage of security skills. CISOs will likely find it extremely difficult to simply hire their way out of this problem ESG research indicates that 83% of enterprise organizations find it extremely difficult or somewhat difficult to recruit and hire security professionals. 3 Combined with routine day- to- day activities, the security market trends described above have led to numerous challenges in areas such as incident detection/response (see Figure 3). 4 For example, the overall security skills shortage has an impact on the security organization s incident detection/response capabilities because many enterprises lack the right staffing levels and skills. Malware volume and sophistication is forcing security analysts to sort through mountains of equally weighted, false positive alerts. In addition to staffing and skills issues, security analysts generally rely on too many manual processes in order to identify, scope, and remediate problems. 3 Source: Ibid. 4 Source: ESG Research Report, The Emerging Intersection Between Big Data and Security Analytics, November 2012.
6 6 Figure 3. Challenges with Incident Detection Which of the following challenges does your organizapon face when it comes to incident detecpon? (Percent of respondents, N=257, mulpple responses accepted) Lack of adequate staffing in security operaeons/ incident response team(s) Too many false posieve responses 35% 39% Incident deteceon depends upon too many manual processes Incident deteceon depends upon too many independent tools that aren t integrated together Sophisecated security events have become too hard to detect for us My organizaeon lacks the right level of security analysis skills needed Lack of adequate data colleceon/monitoring in one or more criecal area Lack of proper level of tuning of our SIEM and other security tools 29% 29% 28% 28% 28% 23% 0% 10% 20% 30% 40% 50% Source: Enterprise Strategy Group, What s most alarming here is that the challenges outlined in Figure 3 have a cumulative impact. Security departments are short- staffed and lack the right skills amongst the analysts they do have. Meanwhile, security analysts spend an inordinate amount of time sorting through false positives and working through manual processes, which wastes what little time they have. In aggregate, this situation is operationally inefficient, costly, and leaves many enterprise firms with an unacceptable level of risk. The CEO and CFO won t be pleased to learn that they spend more but are left with more risk. Legacy Security Monitoring and Analytics Tools Are Also Holding Back Progress In addition to skills challenges, false positives, and manual processes, it is also worth noting that 29% of enterprise organizations surveyed by ESG indicate that incident detection depends upon too many independent tools that aren t integrated together. 5 This security challenge is certainly understandable. Over the past ten years, enterprise IT security has grown incrementally more difficult because of new and unanticipated threats and vulnerabilities. As these changes occurred in the past, organizations typically upgraded their security products, purchased new signature- based threat management tools, created new rules for perimeter gateways, and increased their security analytics activities. Over time, this has led to a security infrastructure anchored by numerous disconnected point tools for incident detection/response. Tactically driven enterprise IT security has always suffered from operational inefficiencies, but even with this it provided reasonably adequate protection against threats such as general purpose malware, spam, and amateur hackers. Unfortunately, existing security systems, which are often perimeter and signature based, are no match for today s insidious threat landscape. This is especially true with regard to security analysis tools because: 5 Source: Ibid.
7 7 Security analytics tools can t keep up with today s data collection and processing needs. According to ESG research, 47% of enterprise organizations collect, process, and analyze more than 6 terabytes of security data on a monthly basis. Additionally, the majority of enterprises collect, process, store, and analyze more security data than they did two years ago (see Figure 4). 6 And this data remains online for longer periods of time. These trends will continue security- driven enterprises will regularly collect, process, and analyze petabytes of online security data for analysis, investigations, and modeling. Legacy Security Information and Event Management (SIEM) platforms are often based upon off- the- shelf SQL databases or proprietary data stores that simply can t scale for this type of data volume. As this happens, security analytics needs are hamstrung by basic technology limitations. This creates a Faustian compromise where security technology deficiencies ironically slow down incident detection/response, limit investigations, and increase IT risk. Figure 4. Growth in Amount of Data Collected for Information Security Activities How has the amount of data your organizapon collects to support its informapon security acpvipes changed in the last 2 years? (Percent of respondents, N=257) We collect about the same amount of data to support our informaeon security aceviees today as we did 2 years ago, 14% We collect substaneally more data to support our informaeon security aceviees today than we did 2 years ago, 43% We collect somewhat more data to support our informaeon security aceviees today than we did 2 years ago, 43% Source: Enterprise Strategy Group, Organizations need an enterprise- wide security purview. Security analytics point tools tend to provide monitoring and investigative capabilities against explicit types of threats (i.e., network threats, malware threats, application- layer threats, etc.) or specific IT infrastructure locations (i.e., data center, campus network, remote offices, host etc.). This forces CISOs to piece together an aggregated view of enterprise security through numerous tools, reports, and individual security personnel. This methodology is cumbersome, labor- intensive, and can t really provide an accurate picture of risk or an incident detection/response across networks, servers, operating systems, applications, databases, storage, and endpoint devices scattered throughout the enterprise. Existing security analysis tools depend excessively on customization and human intelligence. Enterprise security analysis is complex and requires specialized skills and strong experience. As stated previously however, these skills are in short supply even the most security- conscious enterprises are finding it 6 Source: Ibid.
8 8 difficult to continuously train their security staff or hire new recruits. Regrettably, it seems that many security analytic systems were designed to be used only by advanced security analysts who have the time and skills to constantly fine- tune and customize these tools, and who know exactly what to look for. Over- burdened security professionals desperately need security tools that provide more intelligence rather than more work. Analytics aren t integrated for automated incident response. For the most part, today s security analytics tools remain independent from security remediation systems. This often means that without automation, what is found isn t fixed quickly or reliably. Therefore, when an analyst detects a problem, she still must manually coordinate remediation activities and workflow with other security or IT operations personnel. Once again, this adds operational overhead and extends the timeframe needed for incident response which could mean the difference between a minor security event and a major breach. And this problem only gets worse when breach responses need to include non- IT organizations such as legal, HR, and business owners. Enter the Big Data Security Analytics Era At the beginning of WWI, Allied troops executed tactics used during the American Civil War overwhelm your enemy by advancing a large army rapidly. Unfortunately, this proved to be a costly mistake. Why? With the invention of the machine gun, these tactics resulted in massive loss of life rather than battlefield success. Technology advances like the machine gun force combatants to adopt new warfare strategies and tactics. This same lesson applies to the cybersecurity battlefield. As cyber criminals and state- sponsored adversaries advance their capabilities with targeted attacks, social engineering, stealthy malware, and application- layer exploits, enterprises have no choice but to adopt new strategies and defenses. ESG believes that these new requirements will result in an enterprise security technology transition over the next few years. Yes, organizations will continue to employ preventive tactics such as deploying servers in hardened configurations behind firewalls, removing unnecessary services and generic administrator accounts, scanning for known malware using signatures, and patching software vulnerabilities, but used alone these defensive techniques are not enough. To supplement these security practices, organizations will embrace new security analytics tools for continuous monitoring, investigations, risk management, and incident detection/response. Given the volume of security data collection, processing, storage, and analysis involved, security analytics is rapidly becoming a classic big data problem. In fact, ESG research indicates that 44% of enterprises consider security data collection and analysis big data today, while another 44% believe that security data collection and analysis will become big data within the next 24 months (see Figure 5). 7 7 Source: Ibid.
9 9 Figure 5. Security Data Collection and Analysis Considered Big Data Do you believe that security data collecpon and analysis would be considered big data at your organizapon? (Percent of respondents, N=257) No, security data colleceon and analysis is not considered big data within my organizaeon, 11% No, but based on my organizaeon s security strategy we will likely consider security data colleceon and analysis big data within the next 24 months, 14% Don t know, 2% Yes, security data colleceon and analysis would be considered big data within my organizaeon today, 44% No, but based on my organizaeon s security strategy we will likely consider security data colleceon and analysis big data within the next 12 months, 30% Source: Enterprise Strategy Group, To be clear, big data security analytics isn t a simple merger of events, logs, and network traffic in big data technologies such as Cassandra and Hadoop (although these underlying technologies may play a role in the technology infrastructure of a solution). To ESG, big data security is really about collecting and processing numerous internal and external security data sources, and analyzing this data immediately to gain real- time situational awareness across the enterprise. Once security data is analyzed, the next step is using this new intelligence as a baseline for adjusting security strategies, tactics, and systems, much faster than ever before. Big Data Security Analytics Technology Transformation Ultimately, the objective of big data security analytics is to provide a comprehensive and up- to- the- second view of IT activities so that security analysts and executives can make timely, data- driven decisions. From a technology perspective, this will require new security systems providing: Massive scale. Security analytics and forensics engines will need to efficiently collect, process, query, and apply analytic rules to terabytes or petabytes of data including logs, network packets, threat intelligence, asset information, sensitive data tracking, known vulnerabilities, application activities, and user behavior. This is why core big data technologies such as Hadoop, an open source software project for distributed processing of extremely large data sets across commodity servers, is a good fit for burgeoning security analytics requirements. Additionally, big data security analytics will likely be deployed in a distributed architecture, thus the underlying technology must be able to centralize analysis of massive volumes of distributed data while maintaining data integrity and providing for high- performance needs.
10 10 Enhanced intelligence. The best big data security analytics tools will act as intelligent advisors, leveraging models of normal behavior, adapting to new threat/vulnerability intelligence, and pinpointing anomalies at any layer of the technology stack that requires immediate investigation. To accomplish this, big data security analytics will offer a combination of templates, heuristics, statistical and behavior models, correlation rules, threat intelligence feeds, etc. Tight integration. To keep up with the constantly changing threat landscape, big data security analytics must interoperate with IT assets and leverage automated security intelligence. Beyond this, however, big data security analytics should be tightly integrated with security policy controls for tactical adjustments and automation. When security analytics point to unusual network traffic emanating from mobile devices, security analysts should be provided with specific change instructions to quarantine traffic flows and minimize risk. Ideally, security analytics systems can be used to automate remediation activities, a form of active defense, for routine changes or in emergency situations. Armed with a comprehensive real- time view of security situational awareness, big data security analytic systems will become the nexus for both risk management and incident detection/response. This includes specialized security activities such as regulatory compliance, security investigations, control tracking/reporting, and security performance metrics. CISOs Must Become Big Data Security Advocates Big data security analytics is no longer a visionary idea leading enterprises recognize that their immediate security requirements demand this type of solution. To proceed with big data security analytics planning and implementation, ESG suggests that CISOs: Address limitations with existing security infrastructure. Compare security analytics output with existing capabilities, processes, and requirements. Does your organization have blind spots? Is the organization conducting continuous monitoring or basing its security assessments on periodic (occasional) scans? Is the organization understaffed or lacking security analytics skills? How long does it take to detect, investigate, and respond to security incidents? Rather than deal with security analytics weaknesses piecemeal, develop a big data security analytics project plan that addresses critical areas through a phased approach. Remember to build processes and technologies that can serve as a foundation for all phases of the project. This should help deliver incremental value throughout. Shift investments from prevention to detection/remediation. Yes, it is still important to lock down IT assets to minimize risk, but CISOs must realize that despite these best practices, networks will be attacked, penetrated, and compromised. Savvy CISOs will capture incident detection/response metrics (i.e., time to discover a security incident, time to investigate and remediate a security incident, number of tools used, number of staff hours needed, etc.) before and after a big data security analytics implementation to measure ROI on security operations and risk management goals. Identify staffing deficiencies and knowledge gaps. As ESG research indicates, most organizations have security organizational problems around skills and headcount. In most cases, CISOs will not be able to hire and train their way out of this problem, so they need alternative strategies. ESG recommends that CISOs clearly identify areas of weakness at the genesis of their big data security analytics planning process. This will help them define their needs for security technology intelligence, external data feeds, and professional/managed security services to fill the gaps. Finally, big data security analytics is antithetical to today s typical security infrastructure, which is based upon point tools and limited scale. Impending enterprise security technology changes will likely resemble the business application transition in the 1990s when departmental applications were replaced with enterprise- class ERP software architectures. To avoid the potential pitfalls associated with this type of evolution, enterprises should seek out technology vendors with deep security experience, a portfolio of leading security analytics products, a strong big data security
11 11 analytics strategy, strong enterprise experience, complementary threat intelligence services, relationships with proven MSSPs, and security- focused professional services to help CISOs with planning, deployment, and ongoing big data security analytics management. Particularly with its recent product introduction of RSA Security Analytics, RSA Security is one of only a few security vendors who meet this profile. As such, enterprise CISOs would be well served to assess how RSA Security Analytics and related solutions and services align with their big data security analytics vision, strategy, and tactical plans and requirements.
12 12 The Bigger Truth Enhancing security management maturity is not a straight- line process and thus CISOs should expect peaks and valleys as they proceed on this journey. Based upon a few current market trends and ESG research data, it appears as though many organizations are stuck in a security management valley at present. In truth, security management maturity has reached a tipping point. To move forward, CISOs should conduct an honest assessment of their security technology infrastructure. Can it provide the necessary monitoring, investigative, and data analysis to support real- time security decisions? Can it collect, process, and analyze the volume of data needed to track security activities at all layers of the technology stack? Does it require unreasonable care and feeding? Regrettably, CISOs may find that they are spending a lot of money for poor incident detection, investigation, response, and workflow results. Given the sophistication of malware threats and cyber criminals, there are no silver bullets or easy answers here. What s needed more than anything is better visibility through improved data analysis more data, better security intelligence, real- time collection and correlation, etc. With real- time situational awareness, CISOs and their security analysts can adjust their tactics, prioritize activities, and accelerate processes. Ultimately, this should help enterprises improve security and lower costs. This alone should make big data security analytics exceptionally attractive to enterprise CISOs.
13 20 Asylum Street Milford, MA Tel: Fax: global.com
White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already
ESG Brief Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Timely patch management is a security best practice,
White Paper Information-driven Security and RSA Security Analytics and RSA ECAT By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by RSA, The Security Division
Research Perspectives Paper Network Security Operations and Cloud Computing By Jon Oltsik, Senior Principal Analyst April 2015 This ESG Research Perspectives Paper was commissioned by Tufin and is distributed
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
White Paper Reducing the Critical Time from Incident Detection to Containment By Jon Oltsik, Senior Principal Analyst May 2014 This ESG White Paper was commissioned by Bradford Networks and is distributed
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
ESG Brief The ESG Cybersecurity Maturity Model Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: As part of its research, ESG regularly uses a scoring system to divide survey populations
ESG Brief Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst Abstract: The intersection of big data and security analytics
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed
ESG Solution Showcase An Analytics-based Approach to Cybersecurity Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Since the Google Aurora incident announced in 2010, large organizations
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
Solution Brief Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business Enablement Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore, Research
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The
White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license
White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
Enterprise Strategy Group Getting to the bigger truth. ESG Brief Cybersecurity Skills Shortage: A State of Emergency Date: February 2016 Author: Jon Oltsik, Principal Analyst, Doug Cahill, Senior Analyst,
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.
White Paper Closing the Big Data Management and Security Gap By Nik Rouda, Senior Analyst October 2014 This ESG White Paper was commissioned by Zettaset and is distributed under license from ESG. 2 Contents
White Paper Getting on the Road to SDN Attacking DMZ Security Issues with Advanced Networking Solutions By Bob Laliberte, Senior Analyst March 2014 This ESG White Paper was commissioned by NEC and is distributed
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
ESG Brief Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: In spite of marginal progress, privileged accounts
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
White Paper The Network Application Security Architecture Requirement By Jon Oltsik March, 2011 This ESG White Paper was commissioned by Juniper Networks and is distributed under license from ESG. 2011,
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
Enterprise Strategy Group Getting to the bigger truth. SOLUTION SHOWCASE The SentinelOne Endpoint Protection Platform Date: September 2015 Author: Jon Oltsik, Senior Principal Analyst; and Doug Cahill,
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
White Paper Big Data Advisory Service By Julie Lockner& Tom Kornegay September, 2011 This ESG White Paper was commissioned by EMC Corporation and is distributed under license from ESG. 2011, Enterprise
White Paper Endpoint Security Demands Defense-indepth and Advanced Analytics By Jon Oltsik, Senior Principal Analyst November 2013 This ESG White Paper was commissioned by Bit9 and is distributed under
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
White Paper Good Enough Email Security Is No Longer Good Enough By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by Trend Micro and is distributed under license
Research Brief 2012 Networking Spending Trends Date: March 2012 Author: Jon Oltsik, Senior Principal Analyst; Bob Laliberte, Senior Analyst; and Bill Lundell, Senior Research Analyst Abstract: According
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
ESG Brief Strong Cyber Protection: Keeping Bad Stuff Out and Good Stuff In Date: November 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Malicious activity and threats are growing in volume,
White Paper EMC Isilon: A Scalable Storage Platform for Big Data By Nik Rouda, Senior Analyst and Terri McClure, Senior Analyst April 2014 This ESG White Paper was commissioned by EMC Isilon and is distributed
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE TAKE A HOLISTIC APPROACH TO CYBER SECURITY. Sophisticated corporate cyber attacks have become commonplace. They circumvent even the best-defended
Research Report Abstract: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices By Jon Oltsik, Senior Principal Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm,
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China email@example.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
White Paper The Rise of Network Functions Virtualization Implications for I/O Strategies in Service Provider Environments By Bob Laliberte, Senior Analyst August 2014 This ESG White Paper was commissioned
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
Research Report Abstract: Trends in Private Cloud Infrastructure By Mark Bowker, Senior Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager April 2014 Introduction
Solving the CIO s Challenge For More Efficient and Resilient Business Technology Supply Chain Management Created by the Institute for Robotic Process Automation in association with Enterprise Integration
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
White Paper Application Virtualization: An Opportunity for IT to do More with Much Less By Mark Bowker, Senior Analyst November 2012 This ESG White Paper was commissioned by DH2i and is distributed under
Research Brief Video Surveillance: Now on IT s Watch Date: December 2013 Author: Jon Oltsik, Senior Principal Analyst, Bill Lundell, Senior Research Analyst, and John McKnight, VP Research This ESG Research
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
REPORT Perimeter Security Defenses State of Perimeter Security Defenses, Time to Think Different? Table of Contents Introduction 3 Key Findings 4 Implications 6 REPORT State of Perimeter Security Defenses
White Paper EMC s Enterprise Hadoop Solution Isilon Scale-out NAS and Greenplum HD By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst February 2012 This ESG White Paper was commissioned
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287