Point Solutions Must Die

Last year I wrote a blog post titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem."  This concept naturally extends beyond incident response to broader enterprise defense.  An ecosystem approach provides us an alternative to the cobbling together of the Frankenstein’esque security infrastructure that is so ubiquitous today. 

Many of us in the information security space have a proud legacy of only purchasing best in breed point solutions. In my early days as an information security practitioner, I only wanted to deploy these types of standalone solutions. One of the problems with this approach is that it results in a bloated security portfolio with little integration between security controls. This bloat adds unneeded friction to the infosec team’s operational responsibilities.  We talk about adding friction to make the attacker’s job more difficult, what about this self-imposed friction?  S&R pros jobs are hard enough. I’m not suggesting that you eliminate best in breed solutions from consideration, I’m suggesting that any “point solution” that functions in isolation and adds unneeded operational friction shouldn’t be considered. 

Read more

Startups That Were At BlackHat 2013

What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team over a week ago (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of green tea, and meeting new people and learning new things. In general, I like to keep an eye and ear out for startups to see what’s bubbling up, and came across a few at BlackHat:

  • Co3 Systems. Co3 Systems* help to automate the four pillars of incident response (prepare, assess, manage, and report) and break down responsibilities and response to ensure best practices are followed along with compliance with regulatory requirements. They just updated their security module to include threat intelligence feeds from  iSIGHT PartnersAlienVault, Abuse.ch and SANS, and recently rolled out an EU data privacy and breach notification update to the product. I’m a numbers nerd, so when they let me play with the solution, I immediately started running simulations that estimated the cost of a breach.
  • FileTrek. FileTrek provides visibility and transparency into where data resides, how it’s being accessed, moved, used, changed, and shared between people, devices, and files. No, it’s not DLP. It’s more like the mother of all audit trails that takes context and sequence of events into account. That way, if someone who is supposed to have access to data starts to do things with it beyond what they normally do, FileTrek will flag it as suspicious activity.
Read more