Security Trend – Risk Monitoring & Automation

In an earlier post, Security – 12 Trends x 12 Months, we discussed 12 security trends to watch over the next 12 months. In today’s post, we'll expand on the first trend on that list, Risk Monitoring & Automation.

Risk is a natural cost of doing business, just as it is an everyday part of our lives. A central component of Risk Management is identifying risks, then quantifying the likelihood and impact of those risks. We can call this Risk Evaluation. Without this key component, an enterprise cannot measure its risk exposure and evaluate if that exposure is consistent with its risk appetite. In a practical sense, this affects budgets and how enterprises spend money on a new security product or service.

Read more

Security – 12 Trends x 12 Months

For the past year now, we've been closely tracking the rapidly evolving changes in the enterprise security landscape. From our research into the space, we've established 12 trends that we think will be particularly impactful over the next 12 months. Broadly speaking, we expect attacks to continue with impressive scope and impact, and we believe companies will continue to live the adage “detect & respond,” knowing that 100% prevention will never be an achievable goal. With that in mind, here are our 12 trends to watch:

Read more

Analyzing the R&D and M&A Activity of Legacy Tech Vendors

It’s old news by now that enterprise IT stacks are experiencing unprecedented rates of disruption due to a variety of trends including cloud, virtualization, mobile, and big data. This has put pressure on legacy technology companies to keep their offerings relevant to their Fortune 1000 customer base. However, an increase in competition from enterprise startups’ offerings paired with a propensity for these large enterprises to actually purchase software from startups has led these tech giants to rethink their business models (like SAP and its cloud push), and acquire startups to bolster their product offerings and remain relevant.

At Work-Bench Ventures we decided to evaluate 10 legacy tech giants to see how much they’re spending on R&D, how acquisitive they’ve been lately, and to see how much cash is available for future M&A activity.

Our analysis included data from the four most recent fiscal years for each of the following ten companies: IBM, HP, Oracle, EMC, VMWare, Cisco, SAP, Microsoft, CA, and Juniper.

Read more

Big Data Security Analytics Landscape - Version 1.0



In the setup to this article, we discussed how Big Data Security Analytics (BDSA) is an evolution beyond the limitations of classic Security Information & Event Management (SIEM) solutions. Namely, that Big Data approaches are differentiated by their ability to provide analytics from unstructured data sources and huge, disparate data sets (IBM and others refer to this as the 4Vs: Volume, Velocity, Variety, & Veracity).

Big Data solutions have other traits that enhance their effectiveness, better unlocking insights than legacy solutions. For example, many solutions are capable of certain types of machine learning – suggesting or executing a particular course of action based on historical actions, rather than as a result of formally coded rules. As another example, Big Data solutions will often consume not just event-based sources, but also intelligence feeds or contextual reference data (e.g., threats, vulnerabilities, asset inventories) for better overall insights.

Read more

Big Data Analytics for Security


An Evolution Beyond Security Information & Event Management

Limitations of SIEM

Depending on which company or startup we speak with, Security Information & Event Management (SIEM) is either dead or will live on forever. Quite different answers. In our minds, Big Data Analytics represents an evolution – not revolution – beyond the aggregation, alerts, and response facilitated by a classic SIEM solution. Big Data approaches differ from SIEM in two key ways: 1) unstructured data is acceptable, and 2) huge datasets are no longer a challenge. Of course, #1 and #2 resulted from new technologies we've spoken about before, which were created for purposes other than security.

Read more

Big Data [In]Security


Managing Big Data Environments

Let's face it, Big Data is here to stay. With its buzzword-friendly use rampant in media and vendor sales decks alike, the conversation is often focused on being able to quickly and efficiently unlock business insights from large, siloed data sets. But what about the security of the massive amount of information collected under the guise of Big Data?

Aggregating information into data warehouses is nothing new, and large organizations have historically collected large datasets using relational database management systems. Nowadays, these data warehouse technologies place a premium on security, with provisioning and both cell-level and table-level security built into their functionality.

Read more