The state of computer security is in continual change. The only constant in this game is the very dynamic nature of defense and offense. If you are a defender you will always have a hard job. You
will always need to be on the lookout for ways to succeed in the face of a dynamic, never ending threat.

This special report is a summary of the Cyber Security category of the CTOvision.com blog. This means it is a summary of pieces we know and care about, and we hope these stories generate thoughts and comments and suggestions from you on future content. Please let us know your
thoughts:

Summary:

On 15 July we published two items related to cybersecurity. The first was a pointer to the Department of Defense’s new cybersecurity strategy titled Deputy Secretary of Defense Lynn: Cyber Strategy’s Thrust is Defensive

This piece provided an overview of DoD’s new cyber strategy, a strategy that we think many enterprises can learn from. We also printed a review of a piece of cybersecurity writing that succinctly describes a key failing of overly simplistic security measures titled ”The Maginot Line of Information Systems Security“ It reviews the 1999 advice of cyber security strategist Rick Forno who underscores that “Good firewalls and other purely technical solutions do their work effectively, but to a clever and determined attacker they are just obstacles to be either broken or side-slipped, whichever is more effective.”

We also reported on a Brookings institution piece tilted “Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs” This review provided a framework that our nation could use to help reduce cyber crime. The bad news is that this type of action will only occur with lots of coordination and leadership and to date we have not seen the broad action required to move this concept forward. Enterprises must continue to mount a vigorous defense without this
type of top cover.

We did note with pleasure the success Microsoft had in battling major criminal organizations, including collecting information leading to the arrest and shutdown of major botnets like Waledac and Rustock. For more see “Microsoft Works To Tame The Wild Wild Web“ Please thank Microsoft at every turn for this great action.

Do you need to learn more about the language of cyber defense? Many in leadership positions find themselves overwhelmed when they are assigned to play roles in cyber defense. The fastest way to learn the new language is to start with a primer on cyber defense taxonomies. We review the greatest of those at “Enhancing Collective Defense with Taxonomies for Operational Cyber Defense.”

Some of the greatest enterprise defenders gathered in the DC area on September 12, 2011 at the HP Protect conference. Attending this event enabled us to better assess the state of enterprise IT and also provided us with content relevant to our future reporting. For example, Dillon Behr provided a recap on “Big Data Security“ Enterprises everywhere are using increasing amounts of data to make better/faster decisions. Doing so has security ramifications.

Alex Olesker captured content on the “Evolving Enterprise Threat Environment.” This included information from an online interview with HP’s CTO of Enterprise Security, Andrzej Kawalec, as well as the CTOvision.com editor Bob Gourley. This discussion highlighted threads like Spear
Phishing, Malicious Code and Insiders. The discussion also reviewed the threat of insiders and the important trend of cloud computing.

Adam Elkus wrote about the traditional approach to cybersecurity in ”Thinking About The Traditional Approach”  And Alex Olesker captured more information on “Big Data and the
Enterprise CIO“, including a video of a discussion with Bob Gourley at HP Protect. Alex would later underscore that “Yesterday’s Security Doesn’t Work For Today’s Threats“ where he reviewed the video of Andrzej Kawalec and Bob Gourley in more detail. Kawalec and Gourley continued their discussions on security in another piece titled “Evolving Approaches to Cyber Threats.”

Social media is playing multiple roles in cyber security. It is a vector for threats, it is a means for adversaries to learn more about you, and it is also a means for defenders to exchange information on what is happening. As an example of its strength in helping defenders and other IT professionals learn, John Dodge of the Enterprise CIO Forum and Bob Gourley of CTOvision conducted a series of radio broadcasts and blog posts which were fueled by summaries of hot
security topics noticed in Twitter. The first of these was summarized at Blog Talk Radio
and “New Enterprise CIO Forum Blog Talk Radio”

Another cyber security opinion piece was captured in a piece that asked the question “If You Could Pick One Thing For Congress To Do Regarding Cybersecurity, What Would It Be?“ This piece quotes Abraham Lincoln who stated “If we could first know where we are, and whither we are tending, we could better judge what to do, and how to do it.” We reference that as a way of asking for better metrics on cyber security. We believe Congress can help in that regard by requiring more detailed breach reporting from firms.

Bob Gourley and Tom Reilly, Vice President and General Manager of Enterprise Security for HP, provided context on two cybersecurity studies which provided valuable statistics for enterprise professionals. Their video and more on the statistics is at “Survey Says: Security Risks Never Higher, Or Most Costly.”

Bob and Tom also dove deep into the “Myths and Realities of Cloud Security”  In this recorded discussion the two discuss the approach of Security Intelligence and Risk Management. Risk management is a construct of increasing importance since all recognize that 100% security is
impossible and therefore tradeoffs and decisions must be made focused on the risk to mission. Security intelligence is a key enabler of smart risk management since it informs on the status of your own mission, your resources, your enterprise and the state of the threat.

Another key event this quarter was the FedCyber.com Government-Industry Cybersecurity Summit. This was a closed event which was attended by a hand selected group of cyber practitioners from government and industry which focused on discussion of new models
for security. To register for the next event stay tuned to FedCyber.com. For a short recap of the event see: “Quicklook Report: The FedCyber.com Summit of 28 Sep 2011”

The conclusion of this review of security reporting: Our advice is that security professionals continue to do what you have been doing and continue to work on your agility while at it. You already know that there is no such thing as a perfect defense. And you already know you must establish defense in depth. And you already know you must avail yourself of very smart concepts of operation and must ensure your strategy and your work force are informed. We hope one of your ways of staying informed is by tracking the CTOvision.com blog. But we write about strategy. You need tactical intelligence feeds continuously updated on the threat. And you need a team of enterprise security architects and designers acting in your interests to continually assess the state of your enterprise.

Let us know please your thoughts on the above. We are especially interested in your ideas for what we should be covering next.

You may also like -

Bob Gourley’s 2012 Outlook: “Expect Disruptions”Thinking About the Traditional ApproachNote to CIOs: Your organization will never be 100% secureTech Review for November 2011Myths and realities of cloud securityThe Evolving Enterprise Threat EnvironmentCrucialPointLLCNew Enterprise CIO Forum Blog Talk RadioCrucialPointLLCSurvey says: Security risks never higher, or more costlyCrucialPointLLCEvolving Approaches to Cyber ThreatsBob GourleyBig Data and the Enterprise CIOCrucialPointLLC

While PCs will likely remain with us for a long time, the PC era has come to a close. Bob Gourley discussed this transition and the rise of mobile in an interview with IDG’s Bill Laberis at the HP Protect 2011 conference on Monday, September 12, 2011.

Though there are currently 1.2 billion PCs in the world, there are 4 billion active cell phone accounts, a growing proportion of which are smartphones. This, along with the explosive rise of tablets, has brought about the mobile era, impacting enterprise architecture, operations, and security. With data being pushed out to mobile devices, including possibly devices not issued by the company, protecting that data outside of the enterprise becomes a challenge. To do so, you must use multiple layers of protection, encrypt the data en route to the device, manage the device’s configuration, and ensure that the device has no malicious code. Currently, there is a need for solutions that can deliver those capabilities in an end-to-end manner.

Compliance with regulations such as HIPAA for medicine pose additional challenges when data moves outside the enterprise and on to a mobile device. While you can encrypt the data from the enterprise to the device, configure devices to be in compliance with the policy, and implement software to fight malicious code on some of the devices out there, some of the solutions we need do not yet exist. As a result, we’re in a very high risk environment with regards to mobile devices and CIOs and CISOs need to issue their policies accordingly.

The consumerization of IT, which brings millions of new devices into the business environment, further complicated this problem, especially given tightening IT budgets in government and industry. To secure this data without swelling strained budgets, Bob suggests coupling securityand functionality. Enterprises have no choice but to send their information out to their people in order to accomplish their mission, but they also need to keep it safe. Security and functionality can not be an either/or trade off, so IT budgets must be executed smartly for both crucial needs to be met.

Related Articles:

• Note to CIOs: Your Organization Will Never Be 100% Secure (ctovision.com)
• Myths and Realities of Cloud Cybersecurity (ctovision.com)
• Survey says: Security risks never higher, or more costly (ctovision.com)
• Evolving Approaches to Cyber Threats (ctovision.com)
• Yesterday’s Security Doesn’t Work for Today’s Threats (ctovision.com)
• Big Data and the Enterprise CIO (ctolabs.com)

You may also like -

Bob Gourley’s 2012 Outlook: “Expect Disruptions”Join Cloudera and Carahsoft for Big Data Success in GovernmentThinking About the Traditional ApproachTech Review for November 2011FedCyber.com Cybersecurity Summit on Wednesday, September 28FDCCI Preparation with Virtual Instruments and CarahsoftCrucialPointLLCSplunk is Going PublicCrucialPointLLCNew Enterprise CIO Forum Blog Talk RadioCrucialPointLLCGoogle TV – You should buy it, just not yet…CrucialPointLLCCTOvision Newsletters and Tech ReportsBob Gourley

We’ve already established that perfect security is impossibly in cyberspace, especially with the move to the cloud, the consumerization of IT, and the rise of mobile. Still, even with current transformations, IT can still get more secure as it evolves. Recently, HP announced an enterprise security strategy to address these new challenges, which was described in an interview by IDG’s Bill Laberis at the HP Protect 2011 conference on Monday, September 12, 2011, with CTOvision’s Bob Gourley and Tom Reilly, Vice President and General Manger of Enterprise Security at HP.

HP’s strategy is called Security Intelligence and Risk Management. Risk Management is the understanding that 100% security is impossible, so decisions and tradeoffs must be made, while at the same time organizations have to be proactive about defense, determining what the greatest vulnerabilities and worst attacks would be on their enterprise to preempt them and perform remediation efficiently and swiftly when necessary. In order to manage risk, you need Security Intelligence, the knowledge of who and what is on your network, as well as whether, where, and how you’ve been breached. To do so, HP uses best-of-breed technologies such as Tipping Point for network security, Fortify and SPI Dynamics for application security, and ArcSight for universal log management and intelligence. HP brings those offerings together, integrating them so that the whole is better than the sum of its parts.

Bob Gourley, former CTO of the Defense Intelligence Agency, offered a CTO view of HP’s approach. CTOs, CISOs, and CIOs are eager to find a provider that can bring intelligence, risk management, application security and network security together to lower costs, speed up return on investment, and lower risk to the enterprise.  Enterprise security almost always pairs these increases in security with increases in functionality, the other role of the CIO.

But what if a CIO likes what HP has to offer, but has already invested in alternative security infrastructure? Implementing HP’s Enterprise Security solutions doesn’t have to be a “rip and replace” upgrade.  Rather, the goal is integration, tying together software like Tipping Point, Fortify, SPI Dynamics, and ArcSight with your security investments and making them all work better together. Bringing great, stand alone solutions together into a powerful Enterprise Security ecosystem is the real innovation that HP is now offering CIOs.

Related Articles:

• Myths and Realities of Cloud Cybersecurity (ctovision.com)
• Survey says: Security risks never higher, or more costly (ctovision.com)
• Evolving Approaches to Cyber Threats (ctovision.com)
• Yesterday’s Security Doesn’t Work for Today’s Threats (ctovision.com)
• Big Data and the Enterprise CIO (ctolabs.com)

You may also like -

Survey says: Security risks never higher, or more costlyMyths and realities of cloud securityYesterday's Security Doesn't Work for Today's ThreatsAlex's 2012 Tech PredictionsThe PC is Changing Before Our EyesRegister for 16 Dec webinar on what the CIO and CTO need to know about develo ...CrucialPointLLCYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCThe Evolving Enterprise Threat EnvironmentCrucialPointLLCAlex’s 2012 Tech PredictionsCrucialPointLLCThe “Big Five” IT trends of the next half decade: Mobile, social, cloud, cons ...CrucialPointLLC

Whenever the topic of cloud computing comes up, cloud security isn’t far behind. Survey after survey has shown it to be a top CIO concern, but how much of that concern is legitimate?   CTOvision’s Bob Gourley and Tom Reilly, Vice President and General Manger of Enterprise Security at HP separated myth from reality on cloud security in an interview with IDG’s Bill Laberis at the HP Protect 2011 conference on Monday, September 12, 2011.

While concerns over cybersecurity are well founded especially if an organization makes a hasty transition to cloud computing, it’s a myth that the cloud must be less secure than conventional computing. If you architect and design for the cloud, your enterprise can be more secure than ever, even when your data is going out to mobile devices.

Tom noted that current trends like cloud and mobile are major IT transformations and such transformations always bring new risks, just like the transitions from mainframe to client servers, then from client servers to IP addresses, and finally web applications.  Each shift has come with increasing risk, but due to the tremendous business benefits the IT industry has adapted and faced the new challenges. With cloud computing, we’re doing even better by designing security into the new platforms rather than waiting for threats and reactively adding in security measures. This helps the IT industry overcome its concerns by designing cloud to be inherently safer than current platforms.

To achieve this, CIOs and CISOs must change the way they think. Bob Gourley advocated treating security as a discipline so that designers can think it through fully when switching platforms and creating cloud and mobile solutions. Tom Reilly reiterated designing security into the cloud, so that organizations adopt the cloud because of, not despite, security.  Some examples of this are making the cloud transparent so that you have visibility into a multi-tenant environment to see how your operation is being conducted.  Applications for the cloud should have their vulnerabilities designed out before they even reach production, and there needs to be research into possible attacks on a cloud environment. The key, Reilly notes, is that, as a multi-tenant environment shared by several divisions or corporations, the cloud can have more invested into security than any single division or corporation has in its current platform.

Related Articles:

• Survey says: Security risks never higher, or more costly (ctovision.com)
• Evolving Approaches to Cyber Threats (ctovision.com)
• Yesterday’s Security Doesn’t Work for Today’s Threats (ctovision.com)
• Big Data and the Enterprise CIO (ctolabs.com)

You may also like -

A look at VMware's vFabric Cloud Application PlatformIs the Healthcare Industry on Life Support Without the Cloud?When Chuck Norris Gets Cloud-MobileLive from the Gov 2.0 Expo - Security in the CloudBob Gourley’s 2012 Outlook: “Expect Disruptions”Cloud Security BooksDr Cloud's Flying Software CircusA look at VMware’s vFabric Cloud Application PlatformBob GourleyNIST identifies cloud computing standards gapsCrucialPointLLCCloud Security, Costs Concern Federal IT ProsCrucialPointLLCNSF releases Cloud Computing ReportCrucialPointLLC

In this week’s Blog Talk Radio, Bob Gourley and John Dodge talk about the new avenues of attack in the cyber world. In addition, they hit on the #cloudsecurity tweets of the week on Twitter. Highlights of the re-tweets are an interview with CIA CTO Gus Hunt and some thoughts on moving from a private cloud to a public cloud. The two also hit on topics like HP’s integrated suite of security tools and the importance of testing applications, especially web applications. The mobile risk management company Fixmo was also an important topic, as well as VMware.

Find Bob Gourley (@BobGourley) and John Dodge (@thedodgeretort) on twitter.

You may also like -

Latest DodgeRetort - GAO: Federal CIO's need to focus more on information man ...Special Summary: Enterprise security storiesBlog Talk Radio with @thedodgeretort and @bobgourleyTech Review for November 2011FedCyber.com Cybersecurity Summit on Wednesday, September 28Learn Lessons On The FDCCI with Bob Gourley and Carahsoft (Webinar)CrucialPointLLCLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLCLearn how to get ready for the FDCCI with Bob Gourley and Carahsoft (Webinar)CrucialPointLLCJoin Cloudera and Carahsoft for Big Data Success in GovernmentBob GourleySurvey says: Security risks never higher, or more costlyCrucialPointLLC

In an interview at the HP Protect 2011 conference on Monday, September 12, 2011. Bob Gourley and Tom Reilly, Vice President and General Manger of Enterprise Security at HP, discussed two studies on cyber crime from the Ponemon Institute and Coleman Parks. The median cost to an organization due to cyber attack was $5.9 million a year, 56% more than last year, and  the time it takes to resolve the attack was 18 days with an average price tag of $416,000, a 70% increase. Studies reveal that sentiment towards security has been changing. Only 29% of executives said that they had confidence in their organization’s cybersecurity. What do these startling statistics mean for CTOs, CIOs, and CISOs?

While the numbers are interesting, Tom Reilly believes that its the year to year trends that really stand out.  A 56% jump in the cost of cyber attacks and a 70% increase in the price of remediation indicate that cyber attacks are more common and more sophisticated. This rise also correlates with the introduction of more cloud and mobile computing in the workplace, which causes an increase in possible attack vectors and vulnerabilities, at least until security catches up to these new developments.

Bob Gourley saw reports on the growing cost of cyber crime as an opportunity to improve. In IT, security professionals are always fighting to justify their budget. Since cyber crime prevention is cheaper than remediation, data like this helps make the case for investing in security to save money. Tom added that, with all of the high-profile cyber attacks in the news this year, not only is security seen as an important corporate issue, but robust security measures can be justified by the impact on brand image of a serious breach.

Bob was less optimistic about the figures on confidence, stating that the 29% who believed in their cyber defenses just don’t know that they’ve already been breached. Those that have experienced large cyber attacks are less confident and understand that they must always be vigilant and constantly improve their security. Tom’s take away was that nobody really knows how secure they are because most corporations can’t measure the effectiveness of their security programs. No company is 100% secure so you have no choice but to assume that you’re already breached.

Since perfect security is impossible especially if an organization wants to take advantage of the cloud and mobility, HP adopted a risk-management approach. They suggest that CTOs, CIOs, and CISOs identify their most valuable data and protect it as best as possible, knowing that other information may be vulnerable. They must also identify their greatest vulnerabilities. Once an organization assumes it has been breached, it needs to gather the security intelligence to understand where and how, then respond correctly to isolate and quarantine the environment for effective remediation.

Related articles

• Evolving Approaches to Cyber Threats (ctovision.com)
• Yesterday’s Security Doesn’t Work for Today’s Threats (ctovision.com)
• Big Data and the Enterprise CIO (ctolabs.com)

You may also like -

Myths and realities of cloud securitySpecial Summary: Enterprise security storiesNote to CIOs: Your organization will never be 100% secureBob Gourley Discusses Big Data Security With IDGBig Data and the Enterprise CIOGourley Discusses Big Data Security With IDGCrucialPointLLCEvolving Approaches to Cyber ThreatsBob GourleyThe Evolving Enterprise Threat EnvironmentCrucialPointLLCNew Enterprise CIO Forum Blog Talk RadioCrucialPointLLCYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLC

A just-released GAO report says Federal CIOs do not have the authority they need to do their jobs – and serve the public. Should federal CIOs be given more power? What stands in their way? Enterprise CIO Forum community manager John Dodge and Bob Gourley, CTOvision.com editor-in-chief who used to work for the federal government, explore the problem of un-empowered CIOs in Federal IT.

You may also like -

Announcing FedCyber.com: A resource for firms with cybersecurity solutions fo ...Debrief from The White House Forum on IT Management ReformCTO Perspectives on Cyber Security BillBig Data and the Enterprise CIONew Enterprise CIO Forum Blog Talk RadioCrucialPointLLCLatest DodgeRetort – GAO: Federal CIO’s need to focus more on information man ...CrucialPointLLCLearn Lessons On The FDCCI with Bob Gourley and Carahsoft (Webinar)CrucialPointLLCFederal agencies struggle to define their cybersecurity workforce, finds GAOCrucialPointLLCGAO: Federal data at cyber riskCrucialPointLLC

Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security continued to discuss emerging security issues at the HP Protect 2011 conference on Monday, September 12, 2011, exploring problems with traditional approaches to enterprise security.

Andrzej began by defining the customary enterprise security approach. We’ve been taking a very reactive stance to cybersecurity, focusing on responding to incidents, and cybersecurity has been more of an art than a science. Our understanding of how different systems, defenses, and attack vectors interact is far less developed than our knowledge of networks or data centers. He also noted that traditionally, security was below the level of the board and even the CIO, posing a significant challenge to CISOs and CIOs today.

I elaborated on where those traditional approaches and attitudes fail. fundamentally, these approaches do not deliver defense in depth, which has become the goal of modern cybersecurity. When defense is reactive, it focuses on the last battle rather than the future threats and, as a result, misses the major transformations currently underway in the enterprise, such as cloud computing and users shifting from PCs to mobile devices for work or as the endpoints for software-as-a-service. With current approaches, enterprises are not prepared for a “post-PC era.”

Noting all of those problems, Andrzej and I both laid out lists of priorities for CIOs. They must take a transformational posture, focusing on moving from a reactive security policy to more effective and forward-looking defense in depth. To do so, they need a more analytical,  broad, Big Data approach to their information, for example correlating various security events to find trends and performing forensics after a breach. Another element of this is getting all of the security professionals in the enterprise together to form a team with a deeper grasp of threats. To do so, enterprises must also begin to view security  its own distinct discipline.

Ultimately, an analytics approach of providing a fast, accurate, and aggregated view of data within the enterprise is crucial for current CIOs. It allows them to coordinate their operational staff and to better communicate with their board so that they can transform the enterprise and shed dated, reactive responses to threats for active and deep defense.

Many enterprises are finding that the best way to transition from reactive to proactive postures is by measuring what exists, monitoring ongoing activity, and planning for continuing enhancement using those insights.  This type of continuous improvement is aided by integrated technology, including IT testing, security testing, SIEM and forensics capabilities.  For more on enterprise capabilities like these and HP Enterprise Security we recommend diving into the great context at: http://www.arcsight.com/protect2011/

Related articles

• Yesterday’s Security Doesn’t Work for Today’s Threats (ctovision.com)
• Big Data and the Enterprise CIO (ctolabs.com)

You may also like -

Yesterday's Security Doesn't Work for Today's ThreatsSpecial Summary: Enterprise security storiesSurvey says: Security risks never higher, or more costlyThe Evolving Enterprise Threat EnvironmentThinking About the Traditional ApproachYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCFedCyber.com Cybersecurity Summit on Wednesday, September 28CTOvision.comFederal Cyber Security: Missions, Initiatives, Opportunities and RisksCTOvision.comNote to CIOs: Your organization will never be 100% secureCrucialPointLLCSINET Showcase 27 October 2010CTOvision.com

Another discussion from the HP Protect 2011 conference on Monday, September 12, 2011 featured Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security, discussing the evolving enterprise threat environment and how it can be mitigated.

Bob and Andrzej agreed on three major emerging challenges in enterprise cybersecurity. The first is simply the nature of the threat, which is growing in sophistication, speed, and targeting over time. Phishing, for example, gives way to Spear phishing where the impostor emails are designed to look like they came from colleagues, offer a malicious link tailored to the target, and may have company letterheads and logos. Threats to enterprise are growing more serious because, as Bob noted, the money is with the enterprises and the threats follow.

The second emerging challenge is the consumerization of IT. Employees no longer do all their work on a (hopefully) secured company workstation. Instead, they are flipping through presentations on their personal tablets and checking emails on their smartphones. While on one hand this is great as it allows users to stick with the devices they prefer and are comfortable with, and encourages them to work wherever and whenever is convenient, it also means that hardening single data endpoints is no longer enough, as an enterprise can’t know what device its employees will be working on. Already, a recent survey of IT managers reveals that employees use personal devices for work in almost 90% of companies, and that most do not have the tools to manage them.

Lastly, the cloud is changing how IT is delivered. Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service are reinventing how we consume and interact with IT. Again, cloud computing has brought many benefits, but also its share of challenges as CTOs, CIO, and CISOs adjust and make their security work for a new paradigm.

Adapting to this threat environment requires a risk management approach. We must assume we will eventually be breached and be ready to respond with in-depth forensics and remediation immediately. As Kawalec noted, enterprises must plan to fail and expect to be under attack not just from malware or malicious code in general, but also internal threats, the quintessential example being Bradley Manning and all the anonymous contributors to WikiLeaks. This complicates security not only because social engineering and trusted users can get around any current technical solution, but also because their motivations tend to be different from traditional criminal hackers.

If enterprises assume that their networks are already compromised, they need to protect them with a remediation approach. An example would be Triumfant’s Configuration and Change Management Tool, which effectively scans networks for anomalies before users even notice that something is wrong, and then reduces infection turnaround time from days to minutes as it implements solutions at the click of a button then fills on gaps from healthy computers if important file systems have been deleted.

Still, even with products emerging to help enterprises “plan to fail” at perfect internet security, dealing with a shifting IT paradigm and threat environment takes a different kind of CIO. Since perfect security is impossible, CIOs need to decide what level of risk they are willing to accept. Today’s CIOs and CISOs also need to understand architecture, vision, and design, to see the system on both macro and micro levels to reduce security silos and provide robust solutions for a changing world.

Staying ahead of the threat has always been hard but there are new integrated capabilities that aid defense, like ArcSight’s suite of integrated capabilities (ArcSight is in the leader’s quadrant of Gartner’s SIEM Magic Quadrant Report). Ensuring SIEM capabilities like this are integrated into your enterprise is a key component in ensuring your enterprise is able to meet the threat.

Related articles

• Big Data and the Enterprise CIO (ctovision.com)
• Using Triumfant for Secure Configuration and Change Management (bobgourley.com)
• In Search of a Russian Winter of Information Systems Security (fedcyber.com)

You may also like -

Evolving Approaches to Cyber ThreatsThe Evolving Enterprise Threat EnvironmentSpecial Summary: Enterprise security storiesSurvey says: Security risks never higher, or more costlyNote to CIOs: Your organization will never be 100% secureYesterday’s Security Doesn’t Work for Today’s ThreatsCrucialPointLLCBig Data and the Enterprise CIOCrucialPointLLCMyths and realities of cloud securityCrucialPointLLCThinking About the Traditional ApproachCTOvision.comGourley Discusses Big Data Security With IDGCrucialPointLLC

On Monday, September 12, 2011, Crucial Point’s Bob Gourley met with cyber security industry leaders at the National Harbor Gaylord Convention Center near Washington D.C. during the HP Protect 2011 conference. This event brings together the most significant enterprise cybersecurity capabilities, including highly regarded capabilities like ArcSight and Netwitness and HP Fortify. The event is also an opportunity to hear from cyber security experts with proven past performance in providing security services.

Enterprise security is a discipline requiring deep familiarity with advanced data management constructs, including “Big Data” approaches. Bill Laberis, Senior Editorial Director of IDG Custom Solutions Group interviewed Bob on this topic.

Bill began the interview with a question that has been on a lot of people’s minds lately. What is Big Data? Bob’s response started with simple context: Big Data is the data you cannot adequately analyze with your current information architecture. There are more technical approaches to this discussion, but simply put we are all looking for ways to more rapidly analyze larger and larger quantities of information. This is especially true in security. Security professionals need the tools to run on top of their architecture to help them analyze the massive increase in security related data.

Bob noted that security professionals need to worry not only about protecting data from loss by physical means such a floods or hurricanes or fires by physically protecting and backing up the servers, but also by protecting from intrusions and manipulations of data. CTOs and CISOs need to work together in government and enterprise to help each other get the job done better.

When asked what tools can CIOs leverage against the problem Bob responded. CIOs need to be educated about the problem and ho to deal with it.  There are several great resources including Apache.org and Cloudera. Users and architects need to arm themselves with a body of knowledge and then run the analytical tools on top that can help them out. The greatest security solutions, capabilities like ArchSight, are built with Big Data capabilities as a foundation, which is one of the reasons they scale to serve security needs of all enterprises.

Bill then asked Bob what the vendor community was doing to help with this situation. Bob pointed out that many companies are looking to the examples of some of the large social media platforms that have figured out how to deal with very large amounts of real-time data. Facebook is one such example, with over 700 million users and growing, Facebook deals with a massive amount of instantaneously rendered information and does it well.  Hadoop is a part of their solution.  Twitter and LinkedIn are also great examples of dynamically rendered information being managed effectively. What enterprises need to do is look at how these companies have done it and ask them selves ‘How can these solutions help me?’

For more on topics of enterprise security and end-to-end enterprise IT solutions visit the Enterprise CIO Forum at: www.enterprisecioforum.com

You may also like -

Bob Gourley Discusses Big Data Security With IDGSurvey says: Security risks never higher, or more costlySINET Showcase 27 October 2010Evolving Approaches to Cyber ThreatsGourley Discusses Big Data Security With IDGCrucialPointLLCNew Enterprise CIO Forum Blog Talk RadioCrucialPointLLCMyths and realities of cloud securityCrucialPointLLCNote to CIOs: Your organization will never be 100% secureCrucialPointLLCCTOvision Newsletters and Tech ReportsBob Gourley