Security Management
As I transitioned from the weekend to the work week last night, I settled down to review the 20 Critical Security Controls (v3) published by the SANS Institute. If you haven’t seen this list, you really should take a look as it’s an extremely focused, well written, ...
“There’s a little squishyness to the definition,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group ESG. “Marketing people don’t always use the [NIST] definition.”According to the U.S. Advanced Persistent Threat Analysis, a study conducted by ESG, 8% of the 244 security professionals polled claimed they were not that ...
How do you detect sophisticated attacks in progress? It isn't easy. Large organizations collect data from a number of sources like log files and NetFlow and then organize and analyze this data using tools like log management and SIEM. Based upon the recently-published ESG Research Report, U.S. Advanced Persistent Threat ...
To ascertain just how real the APT threat is, the Enterprise Strategy Group surveyed 244 security professionals in companies with more than 1,000 employees. "When we started this project there was a fair amount of debate about APTs," says Jon Oltsik, a principal analyst at ESG and a Network World ...
“There are number of bills. Most of them are in committee. They stay in committee,” lamented Jon Oltsik, senior principal analyst at ESG and the primary author of the report. “They get voted on in committee and when the Congress changes over, they start over again, and this has been ...
One of the objectives of the ESG Research Report, U.S. Advanced Persistent Threat Analysis, was to gauge what security professionals thought of APTs. Is "APT" nothing more than a marketing term? Do security professionals really believe that APTs are dangerous? To make sure that security respondents were on the same ...
"Even sophisticated IT shops preparing for APTs are using automation more," said Jon Oltsik, senior principal analyst at ESG and the primary author of the study, in an interview. "Automation detects an attack that's underway, and they're willing to use automation to take a system off the network, or block ...
"Security professionals who understand the threat landscape best readily admit that their organizations are not only under attack but also vulnerable," said Jon Oltsik, senior principal analyst at ESG and the primary author of the report. "Even more frightening, the companies that have already taken proper steps to secure their ...
Today, ESG published a new research report on Advanced Persistent Threats (APTs) and what U.S.-based enterprise organizations (i.e., more than 1,000 employees) are doing about them. ESG also used some of the research data to create a scoring system, which we used to segment the market into three types of ...
Jon Oltsik, an analyst at ESG who led the research on the survey, says one goal he had with it was simply to find out whether IT security professionals considered the term APT to be a "serious threat" or more of a "marketing term.""They do think it's a serious threat. ...
