Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
IBM has a strong cybersecurity message, but there's a gap between IBM security and its corporate vision. If IBM can bridge this gap, it can carve out a unique market position.
Business managers want real-time cyber risk management metrics, but cybersecurity teams can only deliver technical data and periodic reports. That gap needs to close.
Security point tools generate too many alerts, create a strain on operational resources, and make security operations complex and time consuming, new ESG research shows.
More than half of organizations report a “problematic shortage” of cybersecurity skills, and there is no end in sight.
Demand- and supply-side changes will move security information and event management (SIEM) from on premises to the public cloud.
Open-source software and industry initiatives, such as MITRE ATT&CK framework and Apache Kafka, will contribute to security operations in 2019.
Primary reasons why cyber risk management is more difficult include increasing workloads, sophisticated threats, and more demanding business executives.
An overwhelming attack surface, voluminous vulnerabilities, sophisticated threats, and new business requirements demand a new cyber risk management model.
CISOs want products that can prevent, detect, and respond to cyber attacks, but they also consider product consolidation and integration.
Cybersecurity professionals ranked the most important attributes of a cybersecurity technology platform according to strict definitions that meet their requirements.
Organization use cloud-native security controls, but they really want central management for cloud security across heterogeneous clouds.
The company articulates its device-to-cloud security strategy with vision and series of announcements.
Trend Micro provides an overview of its new cybersecurity products, platforms, and services.
At Splunk .Conf 2018, we learned how the company continues to expand its cybersecurity footprint, work with industry partners, and commit to customer success.
Greater data volumes are driving an architectural change, forcing security analytics to the cloud.
While most organizations are willing to consider cloud-based or on-premises security solutions, nearly one-third still demand the control associated with on-premises.
Manual processes, security complexity, and a lack of support from business management plague small and midsize businesses (SMBs).
More security goals for the business, formal security processes, and increased training top the list of recommendations from chief information security officers.
A cybersecurity platform should have coverage across major threat vectors, central management, and technologies for prevention, detection, and response in any security platform.
Information security professionals working at enterprise organizations want to work with vendors that have experience with business/IT initiatives and industry knowledge.
Firms with 50 to 499 employees are spending more money, purchasing security product suites, and outsourcing security tasks to MSSPs.
Small and midsize businesses (SMBs) are being compromised due to human error, ignorance, and apathy.
Black Hat USA 2018 had record crowds, revealed a growing attack surface, and proved we have lots of work ahead.
Cisco's acquisition of Duo Security opens many new IAM and cloud security opportunities for Cisco, but additional work remains.
Looking forward to learning more about new developments in artificial intelligence, cloud security, enterprise risk management, and lots of other topics
If Google wants the world to know how secure Google Cloud Platform is and increase adoption, it must educate the market and turn up the competitive fire.
Leadership and communication skills top the list of what's needed to succeed as a chief information security officer (CISO), while technical skills aren’t nearly as important.
Massive network security changes, cloud adoption, and a pressing need for network security process automation were among the things discussed at Tufin's customer conference.
Massive funding rounds by CrowdStrike and Cylance demonstrate that endpoint security may be the tip of the cybersecurity spear.
Cisco's cybersecurity strategy focuses on product integration, an open platform, and simplifying operations for its customers. But it must do more to capture the attention of information security professionals.
With controls built into the infrastructure, the industry is headed toward central network security policy management (and reporting).
The shift of technology to meet analyst needs has altered the infosec market -- for the better.
Symantec has some internal challenges and increased competition, but it appears to be facing these challenges from a position of strength in the market.
ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls.
Organizations are running into scalability problems as they collect, process, and analyze more security data. It’s time for enterprise security data management.
Basic functionality of SOAR products is being supplemented with strong integration, canned runbooks, and case management.
Cloud security has growing needs and lots of challenges. Here are some thoughts on solutions and strategies.
Vendors are pushing platforms, but features, functionality, and definitions vary. Here’s a list of “must have” cybersecurity platform attributes.
Last week's RSA Security Conference had good discussions and industry focus, but there was too much hype -- and there's lots of work ahead.
Cloud computing is a runaway IT train, but cloud security is still messy and immature. RSA should become the place to go for cloud security vision, training, best practices, and technology leadership.
A geeky and confusing name doesn’t communicate business, privacy, and security benefits. Instead of software-defined perimeter, I suggest ubiquitous security access services (USAS).
Apart from game-changing security technologies, market movement indicates that machine learning is a product feature.
When cybersecurity executives head to the RSA Conference, they will be looking for information about threat intelligence, SOAPA, business risk, and changing security perimeters.
Modern unified management makes sense, and the industry is reacting by providing solutions. The question is whether enterprise organizations will use them.
Thousands of EU citizens may ask data controllers to erase their records by the end of May. Will organizations be ready for this coming GDPR storm?
Security executives are taking a hands-on approach in areas such as threat intelligence, privacy, and business initiatives.
Organizations want better threat prevention/detection, but only if new endpoint security tools can help automate and simplify operations, too.
Password elimination, software-defined perimeter, and the need for security to “own” identity should be highlighted at the RSA Conference.
With the purchase of Phantom, SIEM leader Splunk wants to capitalize on market momentum and add to its security operations and analytics platform architecture (SOAPA).
Many firms still need to deploy security controls and implement solid incident response plans to meet the GDPR deadline in May