Security in 2013: The “Productization” of Big Data


(UPDATE: This week, both IBM and EMC's RSA Security Division announced new Big Data initiatives in security. More to come on this front...) In my last post, I noted that I expect intelligence and the coordination and integration of defense technologies to be key drivers of the IT security market in 2013.  This is not [...]



By | January 29th, 2013|Security|1 Comment

Security in 2013: Intelligence, Coordination and Integration (and Will We Get There?)


I’ve happily managed largely to avoid getting entangled in the New Year’s ritual of security predictions, since these can, frankly, be fairly boring. But for those who expect such, here you go: Attackers will continue to succeed. Determined adversaries will become even more so. Moving one set of playing pieces does not alter the objectives [...]



By | January 24th, 2013|Security|0 Comments

Beyond SIEM: IBM-Q1Labs, McAfee-NitroSecurity and Changing Perceptions of Data-Driven Security


This morning, a pair of announcements were made in the same space: IBM and McAfee are both making acquisitions in security information and event management (SIEM); IBM of Q1Labs, McAfee of NitroSecurity. On the surface, there appear to be few surprises in these deals. Both “acquirees” have been widely rumored to be close to an [...]



By | October 4th, 2011|Security|0 Comments

The Rise of Data-Driven Security, Part 4: The Case for the Fourth Paradigm


When I first cut my teeth in IT security some years ago, I was a systems administrator for a division of the University Corporation for Atmospheric Research, the parent of the National Center for Atmospheric Research here in Boulder. UCAR/NCAR is what Gordon Bell calls a “data place” – an organization whose mission in part [...]



By | January 27th, 2011|Security|1 Comment

The Rise of Data-Driven Security, Part 2: Data Sources and Emerging Data Markets


In my last post, the first in this series, I talked about how recent vendor trends highlight the rise of data-driven tactics for defense. This is just one of three major aspects of data-driven security becoming more prominent in products and services. To recap, those three aspects are: Data-driven tactics which differ from legacy security [...]



By | January 14th, 2011|Security|0 Comments

Security in the Era of Big Data


A lot of ink (digital and otherwise) has been spilled over Wikileaks this year, but there is one central aspect of the recent "cablegate" case that I wonder if we really get in infosec: Simply put, information has gotten huge - and this doesn't just mean the content we must protect. The sheer volume of [...]



By | December 16th, 2010|Security|1 Comment

Security, Visibility, Privacy: Pick Any Two?


Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for [...]



By | November 22nd, 2010|Security|0 Comments

A New Security Paradigm: HCIA


(Ed. Note: I've updated this post to incorporate some great feedback I've gotten on it already. I may well do so again to keep it fresh, as I expect to refer to this concept a lot...) In a recent post, I talked about the security value of IT management disciplines such as configuration and change [...]



By | November 10th, 2010|Security|0 Comments
Load More Posts