The Economic Impact of Threat Stack – A Forrester Research Study

Security Research & Strategy
2 Min Read

Cost Savings and Business Benefits Enabled by Threat Stack

When investing in cloud security platforms and services, businesses naturally want to measure ROI beyond number of deterred attacks. After all, effective cloud security also protects customer data, intellectual property, organizational resources, organizational efficiency, and team productivity — all of which impact your bottom line.

Recently, we asked Forrester Research group to do a total economic impact study of Threat Stack. Their findings? Businesses that use the Threat Stack platform and services are saving more than $900,000 over three years due to reduced risk, improved productivity, and lowered hiring costs. The Threat Stack Cloud Security Platform® offers complete security observability across your infrastructure. So not only can you identify intrusions or threats, but you can also identify and change risky behavior to improve your baseline security posture, which leads to a greater ROI over time. In fact, Forrester found that Threat Stack customers had an average ROI of 178% over three years. Read more “The Economic Impact of Threat Stack – A Forrester Research Study”

The Promise of Machine Learning vs. The Reality of Human Assisted Learning

Security Research & Strategy
4 Min Read

Machine Learning (ML) has been around in one form or another for a long time. Arthur Samuel, started working in the field in 1949 and coined the term in 1959 while working at IBM. Over the years, ML applications have been developed in practically every industry sector.

Recently, we’ve been hearing a lot about “silver bullet” ML-based cybersecurity solutions that can single handedly and automatically enable short-staffed security teams to identify and mitigate every kind of security threat imaginable. Of course, silver bullet solutions are as old as security itself, and by definition, they’re almost always too good to be true. So is the current crop of ML-driven cybersecurity solutions real or hype?

Given that a lot of hype has a few grains of truth in it, let’s use this post to look at the promise, the marketing hype, and the reality — at what ML can do and cannot do in its current state (with a peek at what it might be able to do sometime down the road). (Spoiler Alert: The operative word in this blog’s title is “promise.”) Read more “The Promise of Machine Learning vs. The Reality of Human Assisted Learning”

Highlights From RSA Conference 2018

Security Research & Strategy
5 Min Read

Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”

Hybrid Security: How to Protect a Complex Environment

Security Research & Strategy
4 Min Read

It is very clear by now that the cloud has reached an inflection point. Public cloud investment continues its rapid expansion, driven in large part by business imperatives for speed and scale. Gartner projects 18% cloud growth in 2017, with an increase of 36.8% for IaaS. So, the odds are your company is running at least some of its infrastructure in the public cloud.

Of course, no matter how many benefits it offers, it is often not possible for organizations to make a clean leap to the cloud. Many find themselves with infrastructures that include cloud, multi-cloud, hybrid, on-premise, and containerized environments. So what do you need to do to protect these complex structures?

We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to learn more about the realities of hybrid environments today. Below are some of our findings as well as recommendations on how to secure your environment, no matter what it consists of. Read more “Hybrid Security: How to Protect a Complex Environment”

6 Ways to Adopt a Cloud-Specific Security Paradigm

AWS Security, Security Research & Strategy
4 Min Read

Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren’t built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they’re quickly realizing how different an on-prem mindset is from one that’s geared to the cloud. Namely because, in an on-premise environment, security is based on the perimeter. In the cloud, however, there is no defined perimeter, and a seemingly endless number of endpoints. In the face of this, security needs to shift in a major way.

In this post, we will define six ways you can effectively shift your security paradigm so it’s suited to a cloud-defined world. Read more “6 Ways to Adopt a Cloud-Specific Security Paradigm”

How to Align Security With Your Business Objectives

Security Research & Strategy
4 Min Read

Aligning security with your organization’s  greater business needs is becoming increasingly important, but how do you actually do it? What it comes down to is being able to map security to business objectives. Done right, security can be a major business driver. Today, everyone from finance to DevOps to sales and engineering has security top of mind, at least if they know what’s good for them.

In this post, we’ll offer several ways to bridge the gap between security and the rest of the business, allowing you to successfully bring it into the organization in order to meet any number of business objectives. Read more “How to Align Security With Your Business Objectives”

Whose Fault is That? How NOT to Be a Cloud Security Statistic

AWS Security, Security Research & Strategy
4 Min Read

Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization.

Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The good news is that it’s pretty easy to find out what you need to do. Below we’ll outline the steps to make sure that you stay out of the headlines and out of the statistics. Read more “Whose Fault is That? How NOT to Be a Cloud Security Statistic”

The RNC Data Exposure: Learnings and Actions to Take

Security Research & Strategy
4 Min Read

Recently, headlines were hyping the largest ever exposure of voter information, involving some 9.5 billion data points related to 198 million U.S. voters. 

Attention-getting stuff. And since the story involved the Republican National Committee (RNC), the hype was intensified. Somewhat imprecisely, many articles characterized the incident as a data “leak”, “breach”, or “compromise” — again, adding to the intensity, but not the accuracy of what actually happened.

I’m not trying to minimize the seriousness of the issue — the potential damage was enormous as were the implications regarding security and privacy. But now that some of the dust has settled, it’s time to back away from the headlines and explore what actually happened.

So let’s see what we can learn from the RNC data exposure — and more importantly — what we can and must do to better protect our data and systems going forward. Read more “The RNC Data Exposure: Learnings and Actions to Take”

5 Pieces of Advice for Navigating the Security Culture Shift

Security Research & Strategy
4 Min Read

As security threats become a bigger part of the day-to-day concerns at all types of organizations, it has become vital to inculcate and promote a “culture of security.” Yes, security is everyone’s responsibility — but it requires a shift in culture for people to begin accepting that responsibility.

Triggering this shift can be harder than it sounds on the surface. Why? Well, for one thing, most people in the organization don’t have their success measured on security. When the marketing team gets a performance review, no one brings up security. When a direct reward or consequence isn’t on the line, it can be more difficult to get people to buy in to their responsibility to help keep the company secure.

That said, it’s not impossible by any means. It just requires focused and sustained effort to change the culture. As with any culture shift, it won’t necessarily be easy or linear, but it is achievable. Here are a few steps you can take to help your team more security-minded. Read more “5 Pieces of Advice for Navigating the Security Culture Shift”

14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor

Security Research & Strategy
5 Min Read
Update: For an interesting discussion of this post, take a listen to this Security Weekly podcast. The discussion starts at 8 minutes, 10 seconds.

The cybersecurity tech market is crowded. Very crowded.

Whether you’re in security, IT, or another related discipline, choosing vendors and products can be overwhelming and frustrating — and making bad choices can be costly up front as well as down the road. To bring some clarity to the process, we’ve put together a brief list of questions. Together, they should help you develop a basic understanding of your needs and capabilities so you can start identifying appropriate offerings and vendors in the cybersecurity marketplace.

(Note: In an upcoming post, we’ll examine some of the key technical issues you need to consider before selecting a security product or solution.)

Read more “14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor”