Security « Scott Crawford

Verizon 2013 Data Breach Investigations Report: First Impressions

posted by Scott Crawford | April 23, 2013 | 0 Comments

2013dbir_img

If there is one word that summarizes the 2013 Verizon Data Breach Investigations Report released today, it’s breadth. Breadth among the contributing organizations, and breadth of the data. 19 different organizations contributed to the 2013 report, making for the most comprehensive Verizon DBIR data set to date. The sheer variety in the ways contributors organize...

Posted in Security Tags: data breach, Data-driven security, DBIR, Trends, Verizon

Security in 2013: Intelligence, Integration…and the Integration of Intelligence

posted by Scott Crawford | March 29, 2013 | 0 Comments

sq_arrows

In my last post, I talked about the frustration that enterprises have with the lack of integration among security tactics – an egregious gap attributable in no small way to the extremely fragmented nature of the IT security industry itself. I offered a few examples of approaches that seek to close these gaps and equip...

Posted in Security Tags: Data-driven security, intelligence, SIEM

Security in 2013: Integration…and What You Will (and Won’t) See at RSA

posted by Scott Crawford | February 22, 2013 | 0 Comments

puzzle_sq

It’s that time of year again, when New Year’s prognostications give way to a similar level of noise about what to look for at the RSA Conference. There are always recurring themes to the latter. There is always much talk of the latest attack, or class of attack, that will drive where security should go....

Posted in Security Tags: integration, RSA Conference, SDN, Security

The Leverage Attack: Do We Really Get It?

posted by Scott Crawford | February 10, 2013 | 0 Comments

lever_earth_sq

“Give me a place to stand, and with a lever I will move the whole world.” –Archimedes In the wake of last week’s disclosure of an attack against Bit9, Jeremiah Grossman seems positively prescient. His New Year’s prediction about security’s immediate future was that attacks against security measures would increase. And why not? If defense...

Posted in Security Tags: Bit9, leverage, security industry attacks

Security in 2013: The “Productization” of Big Data

posted by Scott Crawford | January 29, 2013 | 0 Comments

data-explosion-iStock_000013253555XSmall

(UPDATE: This week, both IBM and EMC’s RSA Security Division announced new Big Data initiatives in security. More to come on this front…) In my last post, I noted that I expect intelligence and the coordination and integration of defense technologies to be key drivers of the IT security market in 2013. This is not...

Posted in Security Tags: big data, Data-driven security, EMC Corporation, Hadoop, HP, IBM, intelligence, NetWitness, RSA Conference, RSA Security, Security information and event management, SIEM, Splunk

Security in 2013: Intelligence, Coordination and Integration (and Will We Get There?)

posted by Scott Crawford | January 24, 2013 | 0 Comments

Binoculars in grass_cropped

I’ve happily managed largely to avoid getting entangled in the New Year’s ritual of security predictions, since these can, frankly, be fairly boring. But for those who expect such, here you go: Attackers will continue to succeed. Determined adversaries will become even more so. Moving one set of playing pieces does not alter the objectives...

Posted in Security Tags: Data-driven security, intelligence, next generation, Security integration, Trends

Validating the Rise of Data-Driven Security: EMC/RSA Acquires Silver Tail

posted by Scott Crawford | October 30, 2012 | 0 Comments

silvertail_logo_sq2

This morning, EMC’s RSA Security Division announced its intent to acquire Silver Tail Systems. The press release is here. I’ve written about Silver Tail before, going back to one of my first posts on the rise of data-driven security. In a five-part blog series introduced by that post, I described how data-driven security is evolving...

Posted in Security Tags: big data, Data-driven security, RSA Security, Silver Tail Systems

Why I’m at IBM’s Information on Demand Conference This Week

posted by Scott Crawford | October 22, 2012 | 0 Comments

IBM-Information-on-Demand_jpeg

This week, I’m at a big vendor’s big conference – a conference which, on the surface, may not appear to be primarily about security: IBM’s Information on Demand event in Las Vegas. “But you’re a security analyst. Why are you going to IOD?” you ask. (And if you didn’t, let me explain:) With over 12,000...

Posted in Security Tags: BI, big data, Data-driven security, GRC, IBM, risk management

The Rise of Data-Driven Security: Research Report Now in the EMA Library

posted by Scott Crawford | August 2, 2012 | 0 Comments

data-explosion-iStock_000013253555XSmall

For the last several months, I’ve been heads-down on a research project that culminates over a year of investigation into the rise of what I have been calling “data-driven security”: security efforts informed and defined by their reliance on insight – and increasingly enabled by emerging technologies for large-scale data management, as well as by...

Posted in Security Tags: big data, Data analysis, Data-driven security, Research

Data-Driven Security: What (and What Not) to Look For at RSA 2012

posted by Scott Crawford | February 23, 2012 | 0 Comments

One of the major themes that will stand out at RSA next week revolves around the trend I’ve been following closely over the last several months: the evolution of security centered on a data-driven approach. There will be many opportunities for you to learn and benefit from this trend that is having an impact on...

Posted in Security Tags: Data-driven security, RSA Conference