What To Consider While Selecting a Single Endpoint Security Vendor?

Whenever I speak about IT security vendor consolidation, I am encountered by confusion-ridden looks from the business fraternity. Businesses are grappling with the challenge of selecting an appropriate security vendor(s) in such an ever-changing IT environment — zero-ing on single vendor’s capabilities does not appear to be the right approach! Information technology has come a long way, and the development has been paralleled with security considerations. For each IT capability there is a security layer to top it up with. Multiple vendors support is like multiple mini IT Security workshops, running 24×7, following their own innovative trouble shooting when a…

A Beginner’s Guide to Cybersecurity

Many people worry that cybersecurity involves a dark and dangerous domain full of unpredictable terrors and threats over which they have little control. The fact is that the greatest risks in the digital space result from the same causes as security vulnerabilities in the real world — poor habits. How many people do you know who leave their doors or windows unlocked at night or hide a spare key under a pot plant near the back door? In effect, they are prioritising convenience over security — a lax practice that many people emulate online by using easy-to-remember passwords or using…

Gartner Privileged Access Management Market Overview 2017

Gartner just published their 2017 Market Overview guide for PAM, and it is a great read! The drivers for PAM are similar to last year’s, with a new emphasis on the need for “a comprehensive cybersecurity defense strategy, specifically for critical infrastructure.” Here’s Gartner’s list of drivers, and we believe they are spot on in terms of what we are hearing from our customers and how we’ve delivered capabilities to help solve these issues: The risk of breaches and insider threats The need to prevent, isolate and limit malware attacks that leverage privileged accounts An increase of operational efficiency for…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 2

Last week, I discussed the first three reactions I had to the “Cisco 2017 Midyear Cybersecurity Report.” I discussed how vendor consolidation is increasing, how spyware is being branded as malware and how detection of threats is continuously improving. DevOps as a Target In the Vulnerabilities section of the document, Rapid7 describes how DevOps is a target and vulnerability for many companies that may use things like AWS, Azure, or Docker frameworks for development. When these resources are built, they are not always deployed in a secure state and often are left behind to run indefinitely. Identity management tools that…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 1

When reading this year’s “Cisco Midyear Cyber Security Report,” a few things jump out that bear discussion. Vendor Consolidation First, one of the key findings is related to the “fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan. This leads to the report’s conclusion that consolidation of vendors limits this effect….

What are CDM and CRED?

The Continuous Diagnostics and Mitigation (CDM) Task Order for CREDMGMT provides guidance and tools to federal civilian agencies to fulfill the Manage Credentials and Authentication (CRED) Function. This functional area is designed to prevent the binding of credentials the use of credentials by anyone other than the rightful owner (person or service). The approved tools provide careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The CRED capability ensures that account credentials are assigned to, and used by, authorized people or services. This solution relies on the results of the…

Impact of Data Breaches on Reputation & Share Value (Hint: it’s HUGE)

Effective cyber risk management starts with the C-suite and belongs in the boardroom Wow, this last Friday and over the weekend we have heard about the massive cyber attack infecting thousands of organizations with ransomware in over 75 countries. In Britain, dozens of hospitals and National Health Service providers were crippled. While the ransomware was only demanding $300 worth of bitcoin the impact of the attack saw thousands of appointments canceled, phone lines down and patients turned away. Today, a brand new Ponemon study, sponsored by Centrify, was released and examines the impact of data breaches on reputation and share…

More Thoughts on Vendor Consolidation in the Security Market

In my last blog post, I discussed a new major trend in the security market, which is that security buyers are increasingly looking to consolidate vendors and want more of a platform approach to security versus stitching together point solutions. Besides hearing this directly from customers over the last few months, I documented in the blog how two different analysts, who were both doing comprehensive security customer surveys, both independently found that around “70% of enterprise security buyers are consolidating vendors.”  In this blog post I want to further elaborate on this trend and share some additional data points that…

How to Stop the Breach in a Hybrid Enterprise

Has your enterprise experienced a data breach in the past two years? If so, it’s time for a wake-up call. In fact, 66% of organizations reported falling victim to a breach an average of five or more times during that time span. The security status quo is a slippery slope. Enterprise networks have expanded beyond the well-defined boundaries that used to protect our important assets from falling into the wrong hands and a new security reality has set in. Traditional security methods can’t protect your organization from breaches, and failure to recognize this new reality leaves your business at risk…

New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach

Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise. In past years, the talk by customers regarding “vendor consolidation” typically had been more in terms of the purchasing process and not having to deal with getting contracts and negotiating with yet another vendor. This time it was different — it has become clear to customers that having disjointed point solutions leave significant air gaps with regard to securing their enterprise, and that customers are…