WannaCrypt Global Ransomware Attack Highlights a Worsening Data Hijacking Epidemic

E. Parizo

Summary Bullets:

  • WannaCry, the largest-ever ransomware attack, is likely a harbinger of what’s to come.
  • The emergence of ransomware highlights the importance of tying security to data backup and recovery.

Suddenly, the whole world knows about ransomware.

While ransomware is no secret to those in the cybersecurity industry who have seen a steadily growing number of isolated incidents, to everyone else, ransomware made its presence broadly known late last week. The largest-ever single ransomware incident, a variant of the WannaCrypt strain known (aptly) as WannaCry, caught tens of thousands of organizations in at least 150 countries by surprise, likely causing millions if not billions in damage. Read more of this post

RSA Conference 2017 Preview: Three Themes I’m Watching

E. Parizo

E. Parizo

Summary Bullets:

  • Serverless security and security product integration frameworks are two emerging InfoSec industry market segments worth watching.
  • After contracting last year, the intrusion prevention system market should rebound thanks to new use cases and product innovation.

Next week, thousands of cybersecurity pros will converge in San Francisco for RSA Conference 2017. While there will be no shortage of interesting storylines, here are the three top themes I’ll be watching for at the industry’s largest annual confab: Read more of this post

Fortinet and Marketing Management: Third Time’s a Charm?

E. Parizo

E. Parizo

Summary Bullets:

  • New Fortinet marketing chief Stacey Wu plans to build Fortinet’s brand by leveraging its culture of innovation, imagination, and technical breakthroughs.
  • It’s unclear whether Wu can overcome the pitfalls that recently doomed her two predecessors, namely wavering support for marketing by CEO Ken Xie.

When it comes to marketing, Fortinet has a checkered history. Historically, the company has not prioritized marketing, embracing a corporate identity that places technological innovation at the fore.

In recent years, however, the company has endeavored to increase marketing spending in order to bolster sales growth. It has also sought to create a brand and go-to-market message that matches the agility of its technology, which helps justify purchasing from a vendor that was previously unfamiliar to many IT buyers. But, these efforts have been inconsistent and uncoordinated; insiders and those close to Fortinet lay the blame on CEO Xie, noting his inability to commit to a consistent marketing strategy and his eagerness to redirect marketing funding back toward product development. Read more of this post

MobileIron Quietly Debuts Sentry for Azure, Enabling Fully Cloud-Based EMM

E. Parizo

E. Parizo

Summary Bullets:                 

  • Now that Sentry, the gateway component of MobileIron’s EMM solution, is compatible with Azure, the vendor has a fully cloud-based offering for the first time.
  • For MobileIron, the move should accelerate product development, boost cloud-based EMM sales, and increase its competitiveness with rivals Microsoft and VMware AirWatch.

Just before the holidays, enterprise mobility management vendor MobileIron quietly revealed that it had completed the first stage of its long-planned effort to port the centerpiece of its EMM architecture to the cloud. Despite the lack of fanfare, the move represents a significant pivot point that not only enables MobileIron’s first fully cloud-based EMM solution, but also positions the vendor to compete more broadly and effectively. Read more of this post

Symantec’s Strategic Merry-Go-Round: Questionable Short-Term Moves Hinder Long-Term Objectives

E. Parizo

E. Parizo

Summary Bullets:

  • Symantec’s moves to buy LifeLock and sue Zscaler will offer little effective support for Symantec’s stated strategic objectives.
  • Symantec instead should seek small, tuck-in acquisitions and find new niches in which to foster innovation.

Symantec has long been a company searching for a strategy, or at least a good strategy. Over the years, it has suffered through several failed reinventions that sought to address an ongoing dearth of disparate products, a lack of organizational cohesion and focus, and an inability to foster competitive momentum through innovation. Read more of this post

Security Product Integration Frameworks: A Gamechanger for Enterprise Security

E. Parizo

E. Parizo

Summary Bullets:

• SPIFs enable pre-integration of standalone third-party security products, eventually enabling enterprises to construct a customized, more effective enterprise security solution architecture.

• SPIFs are nascent, but they will have a growing impact on security product purchasing decisions. Leading-edge enterprises should begin researching SPIF ecosystems.

Enterprises have long been frustrated with the lack of interoperability among their enterprise security point products. The average large enterprise uses dozens of unique commercial security products and services, with few if any of them designed to work together.

Security product integration frameworks (SPIF) have the potential to change the game. SPIFs facilitate the sharing of security-related metadata, help standalone security products and services to interoperate effectively, and ultimately improve the efficacy of enterprises’ unique security architectures.

So what is a SPIF and how can it possibly deliver on such lofty ambitions? At its core, a SPIF is a fancy message bus system, typically augmented with authentication and access control, message encryption, subscription management and limited message store. Its centralized interconnection and messaging architecture enables security products to distribute data to other products and services and receive data from them. Third-party vendors add a SPIF’s pre-built messaging client code into their own products, customizing it as needed, and voila: enterprises using a SPIF can integrate products supporting that SPIF, often in a matter of minutes. Read more of this post

Hello BlackBerry: Why Dropping Hardware Is Part of a Brighter, Security-Centric Future

E. Parizo

E. Parizo

Summary Bullets:

  • BlackBerry’s smartphone hardware exit is a positive development, not negative, and signals that the company’s turnaround is nearing completion.
  • BlackBerry held on to its hardware long enough to grow its software and services business, a move now paying off strategically and financially.

I must respectfully disagree with my esteemed colleague Avi Greengart’s take on BlackBerry’s recent decision to exit smartphone hardware design and manufacturing. Not only is this a positive development for BlackBerry, but it’s also a key sign that the vendor’s dramatic turnaround is nearly complete. Read more of this post

Cisco Systems Should Buy MobileIron: Here’s Why

E. Parizo

E. Parizo

Summary Bullets:

  • Cisco’s enterprise security portfolio lacks a strong play on mobile devices, especially those running iOS or Android.
  • By acquiring MobileIron, Cisco would gain strong enterprise EMM technology and the much-needed ability to enforce policy on disconnected mobile devices.

Tech industry prognosticators enjoy speculating about what companies Cisco will acquire next. In enterprise security, the vendor has a several needs, perhaps none more glaring than the need for improved mobile device security and policy enforcement.

Cisco’s security objective is to offer end-to-end security from the cloud to the endpoint, but it lacks a strong play on mobile devices – iOS and Android in particular – which has become crucial. On-network devices can benefit from the protection afforded by its network security capabilities, but when mobile devices leave the network, they are vulnerable, particularly to inbound malware. Read more of this post

Fortinet’s Special Opportunity Calls for Equally Special Leadership

Summary Bullets:

E. Parizo

E. Parizo

• Fortinet has become a $1 billion enterprise security powerhouse, with potential for much more.
• To become the next Cisco, however, Fortinet will need unique, ambitious leadership.

It’s worth taking a moment to consider how far Fortinet has come. From humble beginnings in 2000 as a UTM startup, today Fortinet is a $1 billion enterprise security powerhouse, having shipped nearly twice as many security appliances as Cisco Systems (or anyone else) in the past three years and boasting more than 270,000 customers worldwide.

Fortinet has a unique opportunity. It, along with Palo Alto Networks (PAN), is on pace to surpass rival Cisco in quarterly security appliance revenue as soon as the next 12 months, and unlike PAN, Fortinet has long been profitable. Combine that with its broad product portfolio, its penchant for innovation, and its consistent ability execute in nearly all facets of its business, and it’s clear Fortinet can not only end Cisco’s market dominance, but it is also poised to become the next Cisco. Read more of this post

Dear Intel, Here’s Why Selling Intel Security Would be a Huge Mistake

Summary Bullets:
• A rumored sale of its security business would be a major mistake for Intel.

• Intel Security has strong legacy products, promising new ones, winning leadership and strategy, and presents synergistic opportunities key to Intel’s future.

I’m not sure what surprised me more: Sunday’s Financial Times report that Intel was exploring a sale of its security division, or that industry observers and partners alike seem to be either indifferent or actually in favor of such a dramatic move.

Current Analysis believes a sale of Intel Security or its assets would be a mistake, for a variety of reasons. Here’s a brief look at the value Intel Security provides its parent:

Read more of this post