Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
Next-generation endpoint security action is divided into two camps: Advanced prevention and in-depth detection and response. In between these poles lie an assortment of additional security controls.
Cybersecurity professionals are getting more involved in identity and access management (IAM) decisions and day-to-day operations driving changes to IT and infosec.
Market demand somewhat muted by market confusion.
Four different customer profiles to consider when selling cybersecurity products and services
Anti-malware gateways are driving next-generation endpoint security implementation and antivirus replacements at large organizations.
CISOs should consider and coordinate incident detection and response in five areas: hosts, networks, threat intelligence, user behavior monitoring, and process automation.
Skills shortage, M&A, and trusted systems will impact the industry this year
To attract the best talent, enterprise organizations need to establish a culture of cybersecurity, invest in people, and give the cybersecurity team the latitude and tools it needs to succeed.
Cyber supply chain security, identity consumerization, cyber insurance, and ransomware will be top of mind next year.
Center of gravity will flow to middleware and cybersecurity process expertise as software integration proliferates in the enterprise cybersecurity market.
Time to demand strong security from ALL IT vendors before purchasing products and service.
Huge opportunity for enterprise security leaders to become multi-billion dollar businesses over the next few years
Organizations must move beyond misaligned goals, poor collaboration, and organizational intransigence that hamper cybersecurity efforts at enterprise organizations.
Immature market, land grab for customers, high premiums, little change in the short-term.
ESG research points to problems with automation, visibility, skills, and staffing.
Security analytics firm fits hand-in-glove with Cisco products, services, and cybersecurity strategy
Despite advances over the past five years, IT vendor risk management is still done haphazardly and relies on static paper-based audits.
Intel Security, Sophos, Symantec, Trend Micro, and Webroot have extended endpoint security products for advanced malware prevention, detection, and response.
Fundamentally flawed cybersecurity legislation will have a marginal impact of risk mitigation while further eroding privacy protection and U.S. credibility abroad.
Encryption, memory integrity, and tight software integration aligns silicon with cybersecurity requirements
No details from Dell/EMC deal so speculations ensues
New products, services, and partners unveiled in Washington D.C. position FireEye as an enterprise cybersecurity vendor
Swisscom proposing a standard abstraction layer for integration and more rapid incident detection and response.
More than half of critical infrastructure organizations admit that they have insecure IT products and services deployed on their networks.
Well intended effort only calls attention to pervasive cybersecurity ignorance throughout society
Majority of critical infrastructure organizations have experienced damaging and costly incidents over the past two years
User passion and a multitude of security use cases were on display in Las Vegas this week
In this extremely interesting book, author Marc Goodman elaborates on, "the cornucopia of technologies we are accepting into our lives may very well come back and bite us"
New IT initiatives, and increase in IT suppliers, and consolidation of IT and operational technology (OT) make cyber supply chain security increasingly cumbersome
Networks can (and should) be used to improve risk management as well as incident prevention, detection, and response
Great potential for cybersecurity but plenty of work ahead for VMware
Famous shipwreck holds many lessons for the cybersecurity community.
Data management, scale, and algorithmic strengths may give Facebook an advantage in threat intelligence sharing
Cybersecurity industry needs to establish best practices and open secure channels for incident response communications.
Enterprise organizations collect, process, and analyze a wide variety of cybersecurity data, and there is no end in sight.
My quick takes on an interesting, exhausting, and frightening week at Black Hat 2015 in Las Vegas
Cybersecurity professionals attending Black Hat can gain in-depth knowledge about good guys, bad guys, and everyone in between
Based upon current and future cybersecurity technology integration trends, CISOs are adjusting budgets, organizations, skills, and vendor choices. Even industry analysts are impacted by cybersecurity technology integration.
Industry organization dedicated to reviewing and selecting books for cybersecurity education. Case in point, new novel from author Carey Nachenberg
One person’s quality is another person’s fluff so objective measurements will be difficult. Threat intelligence quality may ultimately be gauged through crowdsourcing and threat intelligence sharing.
Enterprise cybersecurity professionals find it difficult to judge the quality and efficacy of disparate open source and commercial threat intelligence. In the short term, this means more buying and selling.
Process problems are the biggest bottleneck to strong cybersecurity so CISOs must address these issues before layering on additional technology
CISOs are investing in threat intelligence programs to improve secure controls, automate security operations, and establish centralized threat intelligence services within their organizations.
As cybersecurity intersects with big money, rhetoric, mudslinging, and fallacies will add further confusion to an already muddled market
Work ahead to operationalize and share threat intelligence
Responsive, automated, and fine-tuned incident prevention is more important than ever.
Integrated Cybersecurity Orchestration Platforms (ICOPs) have the potential to automate incident detection/response and streamline cybersecurity operations
Enterprise security professionals want a tightly-integrated, feature-rich endpoint security suite. What will this product look like?
Contrary to tradeshow presentations, the industry has not failed cybersecurity professionals as many speakers insinuated
Company showcased its rich product portfolio and strong cybersecurity commitment at CiscoLive. Great start but plenty of work ahead.