Enterprise Strategy Group X Security and Privacy

Behind the Findings Video – U.S. Advanced Persistent Threat Analysis

Jon Oltsik — Fri, 03 Feb 2012 16:52:21 +0000

ESG is pleased to kick off 2012 with a new video series titled Behind the Findings where we will discuss research highlights and conclusions as we publish our research reports. This is a new offering for ESG Research Subscription clients to view at your convenience, on-demand.

In this first edition of ESG’s Behind the Findings program, Jon Oltsik, Principal Analyst and author of the ESG Research Report, U.S. Advanced Persistent Threat Analysis, offers his analysis based upon the results of his recent survey of 244 security professionals.

Advanced Persistent Threats (APTs) are defined as targeted multi-vector attacks usually initiated by a sophisticated and well-resourced adversary. APTs are typically used as a means for discovering and stealing sensitive data. ESG is now in a position to better understand end-users’ familiarity with and opinions about APTs.

If you have any questions, Jon can be reached via e-mail at jon.oltsik@esg-global.com.

The full report and associated research Infographic can be found here.

Anticipating the RSA Conference 2012

Jon Oltsik — Thu, 02 Feb 2012 20:08:14 +0000

It’s now February although you’d never know it from the balmy winter here in Boston. Aside from Valentine’s Day, February is significant because it is when security geeks from around the world get together in San Francisco for the RSA Conference.

The show doesn’t start until 2/27 but you can feel the anticipation in the air across the whole security community. That’s a good thing since 2011 was an especially difficult year – some have even labeled it “the year of the breach.” Hmm, what happens if 2012 is even worse – which is not unlikely?

In any case, RSA is always chock-a-block with a number of common themes. Here’s what I am anticipating, as well as my editorial comment on each.

Threat/malware management. This is a very important topic as Advanced Persistent Threats (APTs) and other types of sophisticated malware demonstrate that our existing security defenses are inadequate. I’m hoping to hear some good intelligence about cyber adversaries, and discuss best practice modifications around security processes and defense-in-depth controls to address these increasingly dangerous threats. Interesting vendors in this space include Countertack, Damballa, and FireEye, as well as old guard companies like Sourcefire and Trend Micro but I’m interested in hearing from others as well.
Security intelligence. Security situational awareness is marginal at best at many enterprises. Why? Lots of firms don’t have the right skills or tools in place while others need visibility to more host systems, applications, and network behavior. As I’ve said many times, this makes security a big data problem (I’m on a panel focused on this topic) and I’m interested in learning how the industry plans to address this. I’ll seek out HP, IBM, LogRhythm, McAfee, and RSA on this topic.
Security services. With security skills in short supply, the security service providers must be seeing lots of activity. Good discussion for Symantec, Unisys, and Verizon.
Mobile security. Yeah, I know about the malware and poorly written applications and I do see a lot of interest in this space. That said, ESG has yet to see a lot of demand for mobile security technologies. I expect a lot of buzz over mobile security, even if no one is making any money.
Cloud security. A complex topic but all I anticipate seeing at RSA is simple and tactical solutions (unless I get an architectural overview from Amazon, Google, or Rackspace).
Data center network security. We’ve had firewalls, IDS/IPS, and gateway devices forever but network security is still a major area of investment for enterprises. Data center network security is particularly challenging these days as large organizations deal with massive data center scale, web-based applications, and server virtualization/cloud. Does anyone offer a highly-scalable physical/virtual data center network security architecture? Good question to bring up when I talk to Cisco, Check Point, and Juniper.
Enterprise security software architecture. In the client/server days, departmental applications were subsumed into enterprise ERP systems. This same type of integration/centralization has to happen with security technologies. Which vendors understand this and know how to build scalable software security architecture a la Oracle and SAP? My goal is to find out.

Like all other similar events, RSA has its share of cocktail parties, tradeshow gimmicks, and give-aways. Entertainment is certainly a big part of the event, but RSA is really about cybersecurity – a very serious topic. Before imbibing their fourth Mai Tai at a Hawaiian-themed party at the W Hotel, I hope that RSA participants think about recent security breaches at New York State Electric & Gas (800k customer records exposed), Zappos.com (24 million customer records exposed), and our security colleagues at Stratfor ,and then consider the real objective of this event.

You can read Jon’s other blog entries at Insecure About Security.

F5 Shakes Up the Firewall Market

Jon Oltsik — Wed, 01 Feb 2012 15:01:23 +0000

The high-end of the firewall market has really been dominated by two companies: Crossbeam Systems (with Check Point Software) and Juniper Networks. Over the past few years, these two firms won most of the high revenue/high margin enterprise and service provider deals.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

F5 is already in the right accounts. Big-IP is a staple product at large enterprises, wired/wireless carriers, and cloud service providers. F5 should be able to leverage these relationships to get a CISO introduction.
Everyone knows that F5 can build a high-end network hardware box. Like Juniper, F5 built its reputation on building high performance boxes that can scale. This status may get F5 on the evaluation short list right away.
F5 offers a consolidation play for the network. F5 sits behind the firewall but in front of a boatload of critical web applications. With a few network architecture tweaks, you can configure a Big-IP to perform firewall and ADC functions from the same box. This could simplify network architecture and operations.
F5 brings a new recipe for network/application security integration. With all the industry talk about next-generation or application-aware firewalls, F5 goes a step further. Big-IP can be configured for security and customized with iRules to offer extremely strong network/application security integration.

F5 has a lot of potential to alter the high-end firewall market but there is still work ahead. Remember that many people still perceive F5 as the load balancer company, so for F5 to succeed it must first demonstrate its network security chops. This means convincing its customers that it is committed to network security and that its product is as strong on security protection as it is on performance.

Finally, the introduction of a high-end firewall just made F5 an even more attractive acquisition target. With a current market cap of $9.5 billion, the list of potential suitors is small, but F5 would certainly add value to HP’s networking and security portfolio. IBM may be tempted to make a play since F5 makes sense from a security, data center, cloud computing, services, and WebSphere perspective. You could even make a case for Cisco to buy F5 but that’s the longest shot of all.

You can read Jon’s other blog entries at Insecure About Security.

Cybersecurity Lessons from the Battlefields of Europe

Jon Oltsik — Tue, 31 Jan 2012 18:55:20 +0000

At the beginning of WWI, battlefield tactics had not advanced much since the U.S. Civil War. The general goal was to continually advance on the enemy with waves of infantry attacks and eventually break through the lines by overwhelming enemy defenses.

It didn’t take long until both sides realized that things had changed. With the invention of the water-cooled machine gun and pill box fortification, human waves were not only ineffective, but also resulted in mass casualties. The sides adapted to this new reality with trench warfare, long-range munitions, and a battlefield stalemate for much of the war.

There are countless examples like this in the history of warfare where technology advancement forced tactical changes for both offense and defense. In theory, cybersecurity should behave in a similar way where new threats lead to new defenses and tactics. Unfortunately, however, things don’t always progress so quickly. Take Advanced Persistent Threats (APTs) for example. APTs have been in the mainstream since the Aurora attack was first exposed by Google in January 2010 but many organizations haven’t adapted defenses or tactics accordingly. Why? Several reasons:

Executives don’t get it. CISOs who lobby executives for more money tend to be faced with a rather cynical question: Why do you need to invest in new security technologies when we’ve already invested millions? This is like a WWI general asking why the troops needed shovels to dig trenches when they were already trained to charge the enemy.
Security staff wants a canned solution. In the past, each new type of threat (i.e., SPAM, spyware, DOS attacks, etc.) was addressed with a discrete threat management solution but this no longer works. APTs exploit the gaps between security defenses with 0-day vulnerabilities, credentials harvesting, DDNS, and homegrown encryption algorithms and transport protocols. Rather than a one-size-fits-all APT solution, enterprises need defenses for each stage of an attack.
If you can’t see the enemy, you can’t defeat the enemy. I’m sure Sun Tzu said something along these lines and it is certainly true in cybersecurity. The situational awareness tools in use today typically capture and analyze a fraction of the data needed. Many of these platforms also need custom coding and must be managed by highly-skilled security analysts. As a result, security intelligence remains an exclusive and elitist club.

In WWI, the military adapted quickly for two main reasons. First, they faced a life or death situation so there was a real sense of urgency. Second, armies are hierarchical organizations so when generals mandate changes in training and tactics, everyone else falls into line.

Like WWI weapons advances, we’ve reached a new era where our enemies are embracing new technologies and offensive tactics. We need to respond with appropriate changes in defense skills, and situational awareness.

Like it or not, we are engaged in a cybersecurity arms race, and our adversaries show no sign of fatigue. If your organization isn’t willing to recognize this, understand the enemy, and adapt accordingly, you may as well disconnect from the Internet before an inevitable attack.

You can read Jon’s other blog entries at Insecure About Security.

APT Protection: Sourcefire FireAMP May Be the Right Product at the Right Time

Jon Oltsik — Thu, 26 Jan 2012 17:04:38 +0000

ESG research indicates that many enterprise organizations have been targeted by and are vulnerable to Advanced Persistent Threats (APTs). Why? Many existing security tools cannot detect or remediate APTs as they evolve within corporate networks. Addressing sophisticated attacks demands a new class of next-generation threat management tools offering wide-angle visibility, adaptive control, and proactive protection. This is exactly what Sourcefire delivers with its new FireAMP product.

Enterprises Face a Relentless and Sophisticated Threat Landscape

While effective information security is never easy, last year was particularly difficult for many enterprise organizations. One of the main reasons for this challenging environment was the rise of Advanced Persistent Threats (APTs). Unlike previous threats, APTs are targeted attacks launched by well-resourced, highly-skilled cyber adversaries seeking to steal sensitive data and Intellectual Property (IP). On a macro-scale, APT and other types of sophisticated cyber attacks can lead to devastating results so CISOs are particularly worried. They are not alone: According to ESG research, 93% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) are either “very concerned” or “concerned” about the impact that APTs could have on U.S. national interests such as national security and the economy[1].

APTs are not a new phenomenon, but in the past, they were targeted at military, intelligence, and defense organizations. Things have changed however as APT-type attacks became more mainstream in 2011. How widespread are APTs? ESG research reveals that 20% of enterprise organizations surveyed are certain that they have been targeted by an APT attack while another 39% believe that it is likely they were attacked (see Figure 1). ESG also found that 30% of enterprise organizations believe they remain vulnerable to future APT attacks.

Figure 1. Belief that Organization Has Been Targeted by APTs

Based upon the ESG data presented here, it is logical to conclude that APTs are real and extremely dangerous.

The Anatomy of an APT

Unlike past attacks, APTs can remain “under the radar” for months at a time because they tend to emulate standard network activity over three phases (see Figure 2). First, APTs use social engineering techniques to mimic Internet communications, thus persuading end-users to click on a suspect URL or download malicious code. Once a host machine is infected, APTs await instructions or additional software downloads from command-and-control servers. Subsequently, APTs tend to behave like normal host-to-host traffic as they discover the network to understand how things are connected together and where the ultimate target (i.e., sensitive data) is stored. APTs then use 0-day vulnerabilities and custom malware to compromise additional hosts in order to steal or create credentials to escalate privileges and gain access to the data. When this is accomplished, APTs capture and copy the data, determine a networking escape route, and commence exfiltration. Since all of this activity appears routine, most host and network monitoring tools never indicate any anomalous or suspicious activity throughout this process.

Figure 2. Three Phases of APT Attacks

Why Are So Many Organizations Vulnerable to APTs?

Yes, APTs are stealthy but large enterprise organizations have invested millions of dollars on security staff, employee training, and technical controls. Given this, why are they so vulnerable to social engineering and malicious code attacks? Because:

User training can’t keep up with the latest threats. Employee security training tends to be infrequent if it happens at all. When it does occur, it tends to focus on basic hygiene and a few simple security rules. As a result, non-IT employees are easily fooled by social engineering tactics like spear phishing that seemingly come from trusted individuals and familiar websites.
IT administrators don’t have visibility into the endpoint computing environment. Many security researchers believe that about 50% of employees have administrator access to their company-owned PC. As a result, end-users are constantly downloading new software for work and entertainment that may be loaded with malware or fraught with software vulnerabilities. Unfortunately, security administrators don’t have the right tools offering the level of visibility necessary to manage these risks.
Traditional endpoint security tools miss custom malware execution. Antivirus software uses a signature database and heuristic rules to identify and block malicious executables. Regrettably, today’s sophisticated cyber adversaries know this and circumvent these tools by either turning them off or exploiting 0-day vulnerabilities. Since existing endpoint security controls don’t work, large organizations’ malware detection is dependent upon user vigilance and help desk calls rather than technology and automation.
Malware remediation is handled on a system-by-system basis. When the security team does detect an infected system, they often have no knowledge of what the malware does, or which other hosts have been compromised. This sort of “blind triaging” may help remediate individual systems but it fails to address the greater enterprise security.

New Threat Management Challenges Demand Advanced Malware Protection

It’s clear that existing security defenses are not protecting enterprises against new threats while user security training produces marginal results at best. ESG believes that CISOs must address these burgeoning risks with security technologies designed specifically for emerging threats. Advanced malware protection systems must provide a combination of:

Wide-angle visibility.
Adaptive control.
Proactive protection.

Wide-Angle Visibility

APT defenses must adhere to the old business adage, “you can’t manage what you can’t measure.” In this case, metrics depend upon wide-angle visibility of all systems on the network so the security team understands:

Malware detection based upon analysis. Rather than malware signatures, today’s malware detection must be based upon real-time analysis of new types of files and executables. This replaces today’s guesswork and manual processes with automation and big data analytics.
Malware location. Wide-angle visibility should provide details on every location where malicious code files reside currently and where they resided in the past. This will help CISOs scope the extent of an attack and devise a comprehensive remediation plan.
Malware forensics. Security managers need to know how systems were originally infected (i.e., attack vectors used), what the malware did (i.e., steal data or install adware), and whether it installed additional malicious code over time. This will help them reconstruct the “crime scene” and create better defenses.

Adaptive Control

Large organizations depend upon a myriad of tools for security command-and-control. As a result, sophisticated attacks like APTs exploit product gaps, making it difficult to monitor systems or remediate problems. Advanced malware protection suites address this with:

Point-and-click threat detection. Rather than deploy system administrators to examine systems, next-generation threat management must provide centralized management for analysis. This can greatly accelerate malware detection and help minimize damages.
Automated remediation. In some cases, these capabilities can extend to automated system remediation in order to streamline IT operations and lower costs.

Proactive Protection

In addition to visibility and control, advanced malware protection can help improve security across the enterprise as it:

Identifies high-risk systems. Advanced malware protection tools fingerprint systems to understand what applications and versions are running on each machine. Armed with this data, large organizations can identify high risk systems because of system behavior or hosts with applications known to be linked with malware introduction. Once recognized, CISOs can modify system configurations to lower the risk of a future attack.
Extends existing security controls. Once malware is uncovered and understood, next-generation threat management can be integrated with existing security tools like network firewalls and IDS/IPS to automatically generate new customized signatures with rules that detect malware or prevent it from executing on clean systems in the future.

Sourcefire FireAMP: Advanced Malware Protection Available Today

Threat management is ripe with VC investment and vendor rhetoric. As such, CISOs find it difficult to know whether security products truly map to advanced malware protection or not. One exception here is FireAMP, a new product from tried-and-true security technology leader, Sourcefire. FireAMP is based on a lightweight agent installed on each system which then connects hosts into the FireAMP architecture. To provide comprehensive coverage, enterprise command-and-control, and real-time malware detection, FireAMP:

Leverages cloud-based big data analytics and leading security researchers. FireAMP is built on a foundation of Sourcefire security research through a connection to its FireCLOUD, a cloud-based big data analytics engine. Of course, this technology is ultimately supported by the Sourcefire Vulnerability Research Team (VRT) who identify malware and provide information on its behavior.
Highlights centralized outbreak controls. FireAMP can define detection and prevention rules in order to understand the impact and scope of an attack.
Monitors and maintains a history of host behavior. FireAMP maintains analysis records in the cloud so users can evaluate whether newly-discovered malware attacks remain undetected on other systems in the network.

Taken together, FireAMP provides the type of visibility, control, and protection as described above. Given this, FireAMP should be on every CISO’s short list for advanced malware protection moving forward.

The Bigger Truth

It is important to note that there is no “magic bullet” solution for addressing sophisticated attacks like APTs. As always, what’s needed here is sound risk management practices and a “defense-in-depth” architecture. Vulnerable systems must be identified and hardened. Networks must be carefully monitored for configuration changes and anomalous behavior.

While solid risk management policies and procedures will make things more difficult for cyber adversaries, smart CISOs also realize that in spite of their best efforts, they will be breached. As a result, it is also important to bolster incident response to accelerate event detection and remediation.

Clearly, Sourcefire considered these security best practices as it developed FireAMP, as the product provides wide-ranging functionality for prevention, monitoring, malware detection, and incident response. FireAMP is also built for scale across the enterprise and for security analytics in the cloud.

Given the scope and potential damages associated with APTs, CISOs may find that FireAMP is the right product at the right time.

[1] Source: ESG Research Report, U.S. Advanced Persistent Threat Analysis, November 2011. All ESG research references in this brief come from this report.

Enterasys Networks aims to unify wired, wireless network management – FierceMobileIT

cwhitehouse — Wed, 25 Jan 2012 19:13:40 +0000

What do analysts have to say about it? Here the takeaway from Jon Oltsik, analyst at Enterprise Strategy Group:

“Delivering applications to mobile users at a large scale requires a fresh approach to architecting wired and wireless networks. Continuing to treat them as separate access networks doesn’t make business sense as it significantly adds to complexity, high costs and an unpredictable mobile user experience. Enterasys addresses this with an integrated architecture for unified wired/wireless networking which simplifies the access layer architecture and provides IT with granular controls to securely manage and deploy mission critical business applications and services for mobile users.”

via Enterasys Networks aims to unify wired, wireless network management – FierceMobileIT.

Information Security Budgets Will Increase in 2012

Jon Oltsik — Tue, 24 Jan 2012 16:39:07 +0000

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

When it comes to information security budgets, however, growth should be more robust. More than half (61%) of midmarket (i.e., less than 1,000 employees) and enterprise (i.e., more than 1,000 employees) organizations will increase security spending in 2012, and of these, 18% will bolster security spending by 8% or more. These results are similar to the data collected in the ESG Research about Advanced Persistent Threats.

ESG also discovered that information security initiatives were identified by respondents as one of the top 5 IT priorities for 2012.

Where will this money be spent?

Headcount. ESG found that 35% of organizations plan to hire additional security staff – if they can find skilled professionals available (see my last blog).
Network security. Just over half (52%) of organizations will make additional investments in network security technologies (i.e., firewalls, IDS/IPS, gateway devices, etc.). Why? Because they need additional scale, integration, and security services at the network level. Good news for Cisco, Check Point, Juniper, McAfee, Palo Alto Networks, and Sourcefire. Other high priorities identified were mobile security, endpoint security, and SIEM.
Advanced malware protection. With the rise of APTs, hacktivism, and other types of sophisticated attacks, organizations have no choice but to adopt a “belts and suspenders” model for anti-malware. This will benefit startups like Countertack, Damballa, and FireEye, as well as established leaders like RSA, Sourcefire, and Trend Micro.
Security services. Given the threat landscape, shortage of skilled security professionals, and increasingly complex IT environment, many organizations will decide to punt and outsource security tasks to professional services and SaaS providers. It’s likely that HP, IBM, Unisys, and Symantec will gain share here.

You can read Jon’s other blog entries at Insecure About Security.

Information Security Skills Shortage Continues

Jon Oltsik — Thu, 19 Jan 2012 19:58:50 +0000

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. The latest 2012 report will be published soon, but in the meantime, I’ve taken a look at the data that will be included. One of the things we track is IT hiring plans in all areas including IT security.

In 2011:

35% of all midmarket and enterprise organizations planned on hiring security staff
22% believed they had a “problematic shortage” of security skills at their organizations

The situation has not improved at all over the past year. In 2012:

39% of midmarket and enterprise organizations plan on hiring security staff
23% believe they have a “problematic shortage” of security skills in their organization

I dug into the 23% who believe they have a “problematic shortage” of security skills. Interestingly, large enterprises that tend to pay the most for IT skills in general are most likely to have these security skills deficits. For example:

18% of midmarket organizations (i.e., less than 1,000 employees) organizations say they have a problematic shortage of information security skills as compared to 26% of enterprise organizations (i.e., more than 1,000 employees).

I also looked at the data by the size of overall IT budget. In this analysis:

16% of organizations with IT budgets of less than $5 million say they have a problematic shortage of information security skills
21% of organizations with IT budgets of more than $5 million/less than $50 million say they have a problematic shortage of information security skills
36% of organizations with IT budgets of more than $50 million say they have a problematic shortage of information security skills

ESG is not the only organization to recognize the security skills shortage. The Center for Strategic and International Studies (CSIS) published similar research about the security skills gap in the Federal sector. As I recall, CSIS said that the Feds have about 1,000 highly skilled cybersecurity professionals proficient in security analysis, forensics, and incident response. Unfortunately, it has the immediate need for at least 10,000.

This skills gap impacts us as a society – all of our online data is at risk. We need more cybersecurity training, programs, and funding as soon as possible. The longer we wait, the greater the risk.

You can read Jon’s other blog entries at Insecure About Security.

Data Center Networking Discontinuity Impacts Network Security

Jon Oltsik — Wed, 18 Jan 2012 18:01:49 +0000

Data center consolidation and server virtualization are creating data centers of massive scale, and thus radically changing the data center environment. Unfortunately, legacy data center networking equipment was not designed for this type of scale and dynamic use case. ESG calls this state data center networking discontinuity.

Data center networking discontinuity is most commonly associated with access, aggregation, and core switches in the data center but it actually extends beyond Layer 2 switching alone. Legacy network security policies, procedures, and technical controls are also a mismatch for burgeoning data center scale requirements. In a recent ESG Research survey, 280 networking professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to define their biggest challenges with regard to data center networking. Just over half (51%) identified network security as their top challenge, followed by network performance (44%), and network management (37%).

Network security contributes to data center networking discontinuity because:

Traditional security zones don’t play well with virtual servers. Old school security zones were based on physical and logical separation – physical servers protected by varying security services and network segmentation. Mobile virtual servers make security zoning much more challenging as security policies and enforcement have to follow virtual servers as they migrate around data centers.
Security adds network latency and architectural complexity. When application traffic has to flow through L3 firewalls, it impacts network performance and latency. And when disparate traffic has to be routed to the nearest physical firewall device, it makes the network architecture more complex and difficult to manage.
Data center scale requires a new mix of physical and virtual security controls. Big firewalls from Check Point, Cisco, Crossbeam Systems, Juniper and Sourcefire may have the right performance characteristics for data center scale but does anyone really want to route all traffic through a single firewall? Clustering can address “single point of failure” concerns but server virtualization and cloud computing applications are far too fluid to depend upon physical security devices. What’s needed is a mix of physical and virtual security services with centralized command-and-control and distributed enforcement, but this model is relatively new and many large organizations are still in learning mode here.

Like core networking, security vendors appreciate the ramifications of data center networking discontinuity and are introducing new products to bridge the gaps. While this transition is in progress, security professionals need time to improve their skill sets, get comfortable with the new data center model, and gain confidence that emerging virtual security services are robust enough for corporate governance, regulatory compliance, and information security requirements.

We are in a period of rapid technology cycles from endpoint devices to cloud computing. No one debates the promise of these technology developments but issues like data center networking discontinuity scare the heck out of the security team. To allay these fears, networking and security vendors need to spend more time on customer education and proof-of-concept projects, and less time on marketing rhetoric. Otherwise, security concerns may continue to slow down the cloud computing train.

You can read Jon’s other blog entries at Insecure About Security.

ESG Video Highlights APT Research

Jon Oltsik — Thu, 05 Jan 2012 18:33:54 +0000

I’ve written many blogs about the recently-published ESG Research Report, U.S. Advanced Persistent Threat Analysis, but there is a lot of data I haven’t detailed. Since I can talk faster than I can type, ESG just posted this video that highlights the report data and some of its most important implications.

Let me know what you think.