Paul Stringfellow, Author at Gigaom

Everything Your Parents Told You About Posture Is True! Even For Data Security

Paul Stringfellow — Fri, 17 May 2024 17:56:19 +0000

Sit up straight! Shoulders back, chest out! We all heard these wise words about the importance of physical posture growing up. For those who did sit up straight and find themselves in positions of influence when it comes to IT, they are still hearing about the importance of posture, but in this case, it’s the importance of security posture.

Data security is an essential part of the day-to-day mission for any diligent business, but it is also a challenge because of the complexity of how we store, access, and use data while continuing to grow. Therefore, finding effective ways to secure it has been a priority, which has led to the development of data security posture management (DSPM) solutions.

What Value Does a DSPM Solution Provide?

DSPM solutions help organizations build a detailed view of their data environment and associated security risks across three key areas:

Discovery and classification: This is the fundamental first step, as you can’t secure what you don’t know exists. Solutions look across cloud repositories—platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS)—as well as on-premises sources to discover and classify data, looking for sensitive information that could be misused.
Access reviews: Monitoring who is using critical data, what they’re doing with it, and where they’re doing it from is the next step. It’s also important to track the ways in which sensitive data moves through and out of an organization. DSPM solutions review this information looking for misconfigurations, patterns, poorly configured repositories, and over-provisioned rights.
Risk analysis: Once the above analysis is complete, DSPM solutions present a clear proposed security posture. They highlight risks, report on compliance against security frameworks, and offer guidance on how to lower these risks. Without insight into these areas, it’s impossible to apply robust data security.

This type of analysis can be done with native tools and skilled operations teams, but DSPM solutions bring all of these actions and insights into one tool, automating the effort and providing additional intelligence along the way—often more quickly and more accurately than a human.

How Will AI Impact the DSPM Market?

The original purchase drivers of data security tools were the introduction of GDPR, the European Union regulation, and a flurry of other data privacy legislation. Organizations needed to understand their data and where it presented regulatory risk, driving an increased adoption of discovery, classification, and security tools.

It’s likely that artificial intelligence (AI) will drive a new wave of DSPM adoption. AI learning models present a range of opportunities for businesses to mine their data for new insights, creativity, and efficiency, but they also present risks. Given the wrong access to data or even access to the wrong data, AI tools can introduce a range of security and commercial business risks. For example, if tools surface information to users that they would not normally be able to access or present inaccurate information to customers and partners, this could result in negative commercial and legal impacts.

Therefore, it’s essential for organizations to take steps to ensure that the data models that AI is using are both accurate and appropriate. How do they do that? They need insight into their data and to understand when and what information AI learning models are accessing and whether that data is still valid. AI usage should have us thinking about how to ensure the quality and security of our data. DSPM may just be the answer.

Are DSPM Solutions Worth the Investment?

The reality is “it depends.” It’s useful to realize that while DSPM solutions can definitely deliver value, they are complex and come with a cost that’s more than financial. Fully adopting the technology, as well as an effective DSPM process, requires operational and cultural change. These types of changes do not come easily, so it’s important that a strong use case exists before you begin looking at DSPM.

The most important thing you should consider before adoption is the business case. Data security is fundamentally a business problem, so adopting DSPM cannot be an IT project alone; it must be part of a business process.

The strongest business case for deployment comes from organizations in heavily regulated industries, such as finance, healthcare, critical infrastructure, and pharma. These usually demand compliance with strict regulations, and businesses must demonstrate their compliance to boards, regulators, and customers.

The next most common business case is companies for which data is the business, such as those involved in data exchange and brokering. They demand the most stringent controls because any failures in security could lead to business failure.

If you’re not in one of those types of organizations, it doesn’t mean that you shouldn’t adopt a DSPM solution, but you do need to consider your business case carefully and ensure there’s buy-in from senior management before you begin a DSPM project.

Stand Up Straight, and Get your Data Security Posture Right

A good data security posture is essential to all businesses. A DSPM tool will give you the insight, guidance, and controls you need and do it more quickly and effectively than pulling together information from several different tools and resources, improving your organization’s posture more quickly and saving on costs at the same time.

So, don’t slouch, sit up straight, and improve your data security posture.

Next Steps

To learn more, take a look at GigaOm’s DSPM Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

The post Everything Your Parents Told You About Posture Is True! Even For Data Security appeared first on Gigaom.

GigaOm Radar for Data Security Posture Management (DSPM)

Paul Stringfellow — Fri, 17 May 2024 15:00:36 +0000

Data security posture management (DSPM) solutions provide visibility into where sensitive data is, who has access to it, and how it is being used. DSPM gives a comprehensive view of an organization’s data security posture, its compliance position, security and privacy risks, and, crucially, how to deal with them.

Data is core to all organizations and has become an essential asset. As the digital landscape continues to evolve, data is increasingly dispersed across a range of locations. No longer limited to on-premises shares and databases, today data is stored in multiple cloud repositories and data platforms. This complexity presents a significant risk to the security and privacy of data, one that cannot go unchecked, as the impact of a data loss incident is becoming increasingly severe.

The risks associated with the proliferation of data are well known, but the move to the cloud presents specific issues. The ease of use and perceived low cost of cloud repositories means they are often created outside of normal controls. Often, they are used for specific tasks and then discarded and forgotten by original project owners. This leads to shadow data repositories that exist outside of established data storage and security controls. Even those with good data security tools often find that they struggle to identify such shadow repositories, leaving them unprotected and unsecured.

Moreover, the proliferation of data in different repositories has led to the adoption of an array of separate, often platform-specific solutions, which increases complexity and adds cost and risk. Couple this with the ongoing security threats and stringent compliance requirements users must adhere to, and it becomes clear organizations need a better way to stay on top of data security and risk.

DSPM solutions have emerged to give organizations the comprehensive view they need by providing visibility across multiple data platform types, both in the cloud and on-premises. Often cloud-based, DSPM solutions can easily integrate with a wide range of data repositories. They are often able to automatically find data repositories and build a data map. They analyze data movement and lineage to understand how data flows through an organization and where it may introduce risk. DSPM solutions can also discover shadow data stores and analyze the data held within them. They can use this data to help give an organization a clear picture of its data estate, its compliance position, and its security posture. Once deployed, DSPM solutions should continuously monitor security posture, provide guidance on access controls, understand user behavior to quickly identify threats, and enable those threats to be rapidly mitigated.

While some DSPM vendors are well-established providers of data management solutions that have evolved to provide DSPM, this is a new and evolving market in which there are many new and innovative providers with solutions built specifically to tackle this problem.

As organizations’ data demands grow, including in areas such as analytics and AI, diligent IT leaders can’t allow potential threats to remain undetected and unchecked. DSPM is becoming one of the best ways to address this challenge, and that’s something modern data security leaders must consider.

This is our first year evaluating the DSPM space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 12 of the top DSPM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading DSPM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

The post GigaOm Radar for Data Security Posture Management (DSPM) appeared first on Gigaom.

GigaOm Key Criteria for Evaluating Identity Threat Detection and Response (ITDR) Solutions

Paul Stringfellow — Wed, 24 Apr 2024 17:11:44 +0000

Identity management is an essential part of any organization’s IT infrastructure because it serves as the means to control access to applications and data that hold its most critical business information.

Identity and associated credentials, whether human or machine, are the tickets to access and privileges, so gaining control of them is a priority for cyberattackers. Not surprisingly, attempts to steal them are becoming increasingly sophisticated, and trying to detect and stop sophisticated attacks is ever more difficult. This challenge has intensified in the cloud era; with more potential platforms to attack and gain access to, the attacker’s job has become easier, while the defender’s is more complex.

The complexity and frequency of attacks mean that a more proactive approach is required; one that can detect and mitigate potential threats autonomously, accurately, and more quickly than human security teams could. This need has led to the development of identity threat detection and response solutions (ITDR). These systems use broad telemetry, large-scale analytics, and intelligence to identify threats and automate the response to them to quickly and accurately reduce risk.

ITDR solutions use a combination of security tools, processes, and best practices to effectively detect and respond to identity-related threats, such as credential theft, privilege misuse, data breaches, and fraudulent activity. This capability can be a major component in significantly reducing the threat posed by identity security attacks. Any tool that improves identity security should be evaluated as a priority because identity breaches present attackers with the opportunity to engineer attempts to cause disruption and steal data, cash, or both, with obviously negative impacts on any business.

Business Imperative
Identity is a high-value target for the modern cyberattacker, and a breached identity has the potential to significantly impact a business, so finding ways to be effective in identifying threats and quickly reducing the risk they pose must be a priority in any diligent IT security leader’s cybersecurity strategy.

Dealing with the challenge has become more difficult as the sophistication and accuracy of identity threats have increased. As attackers begin to use tools such as generative AI and large learning models (LLMs) to develop even more sophisticated attack approaches, the risk grows.

A solution will require financial investment, and deployment and adoption will take time and may require an organization to rethink the way it manages identity, but the benefit of more secure identities is significant. Those who fail to address the challenge run a high risk of identity compromise, a significant breach, and business disruption.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of an ITDR solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of an ITDR solution, we provide an overall Sector Adoption Score (Figure 1) of 3.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that an ITDR solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for ITDR are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating ITDR Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for ITDR

This is the first year that GigaOm has reported on the ITDR space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective ITDR solution. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading ITDR offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Key Criteria for Evaluating Identity Threat Detection and Response (ITDR) Solutions appeared first on Gigaom.

GigaOm Key Criteria for Evaluating Data Security Posture Management (DSPM) Solutions

Paul Stringfellow — Fri, 19 Apr 2024 13:21:35 +0000

Data is core to all organizations and should be treated as an essential asset. As the data landscape continues to evolve, data is increasingly dispersed across many locations. No longer limited to on-premises shares and databases, it is stored across many cloud repositories and data platforms.

This changing landscape and business demands for how data is used have increased both its value and the impact of its loss. This has not gone unnoticed by cybercriminals, with data being the ultimate goal for most cyberattacks. Whether it is the theft of this data, denying access to it, or a mix of both, data is a valuable asset for owners and criminals alike. The diligent business must take the security of its data seriously for technical, commercial, and regulatory reasons. Data security cannot go unchecked, as the impact of a data loss incident can be severe.

Addressing this threat is not a technology challenge alone. Businesses must ensure that data management processes are comprehensive and understood. People must be educated about the impact of data security breaches and the part they play in protecting data assets. However, this cannot be achieved without the use of technology. Improving a business’s data security posture has led to the development of data security posture management (DSPM) solutions. DSPM solutions are designed to provide full visibility into data across an entire organization. They provide insight into data use and risks associated with how it is stored, used, and accessed. They provide guidance on how an organization’s handling of data aligns with regulatory demands. They can also provide detailed guidance on how to address these risks and threats and apply controls to mitigate and reduce them.

Business Imperative
Data is too key an asset for any organization to fail to take data security seriously. Data security is not an IT-only issue—it is a broad business issue—and should never be an IT-only project or responsibility. However, those in charge of organizational IT are central to protecting data and ensuring it is well-secured.

DSPM solutions can be a powerful component of addressing the risks to an organization’s data assets. They can provide proactive, detailed insight into all data locations, including shadow, dormant, and redundant data that otherwise goes unnoticed and unsecured. DSPM provides a business with a measurable baseline to understand the current posture, steps to improve it, and ongoing monitoring of data usage, access, and risk. In a world where organizations are compelled to comply with increasingly stringent regulations, these types of tools are critical.

However, those charged with data security must also appreciate that the adoption of DSPM solutions is not trivial. DSPM solutions are likely to show risks in the way data is created, stored, and used, and these identified risks are likely to require changes in process—impacting current workflows—and culture. This is why DSPM adoption must be a business initiative and not just a technical one.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a DSPM solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a DSPM solution, we provide an overall Sector Adoption Score (Figure 1) of 3.2 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DSPM solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for DSPM are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating DSPM Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for DSPM

This is the first year that GigaOm has reported on the DSPM space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective DSPM solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading DSPM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Key Criteria for Evaluating Data Security Posture Management (DSPM) Solutions appeared first on Gigaom.

The Time is Right to Review Your Enterprise Firewalls

Paul Stringfellow — Fri, 22 Mar 2024 20:03:52 +0000

Firewalls, we all have one. It’s a well-established market, full of vendors with mature stacks of technology. Firewalls do a number of things, like blocking traffic, intrusion prevention, VPNs, and controlling traffic inbound and out. They’ve been doing it forever, so there’s probably not a lot more to learn, right?

Well, no. If you think the enterprise firewall market is staying still and not worth a deeper look, you may be missing out.

In the last few months, I’ve done more work in the firewall and connectivity space than I had for a long time. What I discovered was that firewall vendors are delivering some game-changing innovations in their solutions. Not that this should be a huge surprise—the reality is our organizations have changed significantly in recent years, driving new demands and, of course, new risks. This has made innovation necessary. And these innovations are more than cool new features or new “nerd knobs” to tweak. They are changes that can, in turn, help drive innovation in the way organizations operate and deliver IT services, supporting improved security and business transformation.

What Changed?

Simply put, it’s the cloud. The cloud has changed much of the way we do all our computing tasks, and we do them now at cloud scale. Enterprise firewalls are no different. Responding to today’s threats requires that sort of scale, not only for the ability to gather vast amounts of telemetry but also for what it allows us to do. Cloud compute enables security vendors to work through this telemetry to provide analytics and intelligence that we can’t get any other way. Vendors are using this cloud intelligence to enhance firewall security offerings. Solutions are being integrated with cloud intelligence platforms to offer rapid, accurate threat detection and response across areas like domain name system (DNS) security and zero-day vulnerability detection, and to provide enhanced defense against DDoS and other attacks.

Connectivity and Access
The modernization of communications is something many enterprises are considering. Low-cost, high-speed internet access is driving companies to move away from inflexible and expensive traditional WAN connections. Access demands have also changed, with traditional VPNs lacking scale and often offering a poor user experience.

This has spurred major changes from vendors, including the addition of software-defined wide area networks (SD-WAN) and zero-trust network access (ZTNA) to leading solutions.

SD-WAN allows organizations to move away from restrictive WAN technologies that are tied to a specific communications provider and instead overlay an SD-WAN across many different types of connections from multiple providers. This enhances performance, increases flexibility, and helps reduce costs.
ZTNA has become a priority for many companies that are looking to enhance the experience and improve the security of remote access. ZTNA provides a more granular set of controls, and its cloud-native design offers better performance and scale than traditional virtual private networks (VPNs). Furthermore, the zero-trust model–which continually evaluates access requests, rather than implicitly trusting a user because their access is via a VPN–is essential for today’s businesses looking to tackle advanced security threats.

The Move to Cloud-Based Security
One of the biggest changes in the firewall market is the move to secure access service edge (SASE). SASE brings a cloud-native approach to dealing with the security, connectivity, and access capabilities traditionally provided by enterprise firewalls, endowing them with the scale and capabilities the cloud provides. All of the major firewall providers see SASE as fundamental to their strategy going forward. To be clear, this doesn’t mean they are going to de-emphasize their firewalls, but they are all increasingly integrating them with these large-scale, cloud-based security solutions.

This is a big win for the enterprise, as it gives them the opportunity to add cloud benefits directly to their firewall strategy today. Moreover, for those considering SASE adoption, it provides a smooth on-ramp that lets them plan for and migrate to SASE architecture in the future.

What’s the Future of Enterprise Firewalls?

Does this mean that firewalls are going away? Absolutely not. Firewalls will continue to be needed by small businesses and huge enterprises—by any organization that needs 100s of Gbps throughput for their data center. But it is also clear that the additional capabilities modern enterprise firewalls can deliver bring great opportunities for organizations to transform their security and communications operations to provide better performance, tighter security, and lower costs.

With all this said, let’s not forget that new firewall projects are complex and difficult, and come with the risk of disruption. But don’t let this keep you from at least reviewing the space because it is full of innovation that can help businesses transform with a host of new capabilities that provide the security needed in the modern world. So, now is as good a time as any to take another look at your firewall strategy.

Next Steps

To learn more, take a look at GigaOm’s enterprise firewall Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, you can access the research using a free trial.

The post The Time is Right to Review Your Enterprise Firewalls appeared first on Gigaom.

DNS Security: The Forgotten Hero of Your Cybersecurity Strategy

Paul Stringfellow — Mon, 18 Mar 2024 20:42:17 +0000

Cybersecurity continues to dominate business IT discussions in response to constantly evolving threats from ever more organized and professional adversaries. The IT industry is awash in debates about which technology organizations should focus on and invest in to improve security. Current topics such as threat intelligence, AI, and zero trust dominate much of the conversation.

Sometimes, however, it’s the less glamorous aspects of security that often can deliver significant benefits. One such area is everyone’s favorite technology to love or hate: the domain name system (DNS) and related services. We’ve all heard the phrase “it’s always DNS” when we can’t connect to a familiar website. Part of the reason we hear this is because DNS is so fundamental to each of our day-to-day communications. DNS is one of the building blocks of internet communications; it’s the way we tie impossible-to-remember IP addresses to the easy-to-remember names we are used to. We rarely attempt to connect to a system via its address; instead, whether the system is internal or external, we will usually connect via its DNS name.

The Central Role of DNS Services

DNS is so fundamental to the way modern IT works that it’s become a key target for cyberthreat actors. A threat actor can use DNS to obfuscate a wide range of potential attacks including DNS hijacking, spoofing, and typo-squatting. These are ways to redirect users from seemingly legitimate locations and applications to malicious ones, which can be used to phish for credentials, deploy malicious code, or steal data. Bad actors also realize that, because of its critical nature, denying access to DNS will hugely impact organizations, stopping users from carrying out day-to-day tasks. Denying access to DNS services can also block access to applications and information that a business and its customers rely on. This has led to a significant re-emergence of denial-of-service (DoS) attacks focusing on DNS infrastructure.

Turning its Power Against Bad Actors

There is, however, good news. While the foundational part DNS plays makes it a target, it also makes it an extremely strong weapon in our cybersecurity defense arsenal. It’s an often-forgotten weapon but a weapon nevertheless. At the root of this is the fact that almost all cyberattacks will start by interacting with DNS. Whether it’s a simple phishing email or the beginnings of a complex malicious code deployment or data theft, the bad actor is very likely to make a DNS call, be that to a malicious website or some kind of command and control service.

Additionally, because cyberattacks often start with DNS, that means there is highly likely to be some initial activity that will leave behind clues about a potential upcoming attack. This may be the creation of unusual domains or the registration of “typo” domains: those that are within a letter or two of the real domain name. All these actions leave clues that modern DNS threat intelligence tools can spot and can take proactive action against.

DNS security tools add value by identifying risks and potential threats at these very early stages, which we can proactively isolate and mitigate, improving security and lowering the risk of an attack on our organization.

To gain this benefit must be difficult, right? That’s the best news of all: DNS security solutions are easy to deploy, with a low-risk integration into your current environment and little if any impact on users.

Nuts and Bolts of DNS Security

DNS security falls into two categories:

Protection, which focuses on securing client system communications that use DNS.
Security, which adds additional capabilities to secure broader DNS infrastructure, along with capabilities like deep packet inspection (DPI) analysis and integration with DNS encryption technologies.

Even with basic levels of protection, DNS security solutions can deliver a lot of value to an organization. For example, simply adding the protection service to the DNS resolution path means malicious domains can be quickly blocked, with new domains identified and blocked constantly. Additional filters can also be put in place to block malicious domains by content type, or by category, ensuring users are accessing only sites that are safe, secure, and appropriate. Even for our mobile users, many vendors will provide off-network protection, allowing organizations to protect DNS security regardless of where a user resides or works.

If DNS security can be so useful, why is it not a frequent topic of conversation? I guess it gets overlooked for not being that exciting! DNS has been around as long as the public internet, so it’s not as alluring a topic as AI, automated threat detection, or managed security services. Regardless, DNS security is a very powerful tool.

If you want a low-risk, high-value cybersecurity investment that will improve your security posture, then I would recommend you look into the DNS security space and understand how it can improve security, reliability, and performance. Put this often forgotten security hero to work for your organization!

Next Steps

To learn more, take a look at GigaOm’s DNS security Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, you can access the research using a free trial.

The post DNS Security: The Forgotten Hero of Your Cybersecurity Strategy appeared first on Gigaom.

GigaOm Radar for Enterprise Firewalls

Paul Stringfellow — Fri, 15 Mar 2024 15:00:39 +0000

Firewalls have been a staple of network security for decades, sitting at the perimeter of an organization’s network and using stateful filters to decide which connections to allow in and out of the network. However, modern organizations operate in a profoundly different landscape. The perimeter is no longer easy to define; organizations are more disparate, users are spread out geographically, infrastructure is deployed in multiple locations, connectivity offerings change, bandwidth capability continues to grow—and, of course, the security threat posed to business is more complex than ever before.

All of this makes an enterprise firewall a requirement for all organizations. Selecting an appropriate solution can be difficult. A firewall is a tool that works at the network layer, and this influences how they are evaluated, requiring an additional focus on performance, flexibility, and scalability, as well as on core features.

Moreover, many organizations already have established solutions, and investing in new firewall technology has the potential to be a disruptive and complex task, especially in larger organizations. But change is almost inevitable as business requirements evolve, especially in areas such as connectivity. With a move toward software-defined wide area network (SD-WAN) and zero-trust network access (ZTNA) strategies and migration to the cloud, organizations are seeking vendors that better fit their cloud strategy. The right solution needs to maintain a high level of perimeter security, and it may also help organizations drive more flexibility and productivity and support efforts around modernization and innovation.

Today, enterprise firewalls must be multifunctional to deal with threats. They should be flexible in deployment and support both on-premises and cloud demands. They should apply intelligence, using analytics and threat intelligence, potentially augmented with AI/ML, to help organizations rapidly identify and mitigate threats. They should also support newer types of connectivity such as SD-WAN and additional security models like ZTNA to ensure secure connections. These functions are essential, as an enterprise firewall is usually the first line of defense for any organization, and solutions must be effective in protecting organizational assets.

The market is primarily filled with well-known and established vendors. However, solutions are evolving. SaaS-based services and the amalgamation of firewalls into cloud-based services like secure service edge (SSE) and secure access service edge (SASE) is creating some overlap within these markets. Thus, to avoid our own overlap with existing reports in the SSE/SASE space, this report focuses on vendors that can provide specific enterprise firewall solutions available as standalone offerings. This can include SSE/SASE vendors as long as the firewall element can be purchased and deployed as a standalone solution. Additionally, this report looks at capabilities across a range of firewalls and is not focused on any specific type of firewall.

This is our second year evaluating the enterprise firewall space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 11 of the top enterprise firewall solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading enterprise firewall offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Enterprise Firewalls appeared first on Gigaom.

CxO Decision Brief: The Value of Secure Endpoint Management Automation

Paul Stringfellow — Tue, 05 Mar 2024 21:47:21 +0000

This GigaOm CxO Decision Brief was commissioned by Syxsense.

One of the biggest IT investments any organization makes is in its endpoint—from servers and desktops to IoT. Poorly managed endpoints can have significant negative impacts on the business, from poor user experience to security vulnerabilities that lead to cyber risk. However, managing an endpoint estate is operationally complex and expensive.

Endpoint management tools offer an answer; however, selecting the right one is critical because a poorly fit solution can produce damaging outcomes, like poor workflows, difficult security controls, and ineffective vulnerability management. All these combine to add more work and frustration for operations staff and end users.

Syxsense addresses these challenges with its endpoint, vulnerability, and security management platform, which unifies ITOps and SecOps to reduce operational complexity, improve security, and increase observability. At the heart of the platform is its automation technology, Syxsense Cortex, which enables IT and security operations teams to design and build playbooks that automate labor-intensive tasks like patching, vulnerability management, security remediation, and remote monitoring and management. Automated identification and remediation of missing patches or vulnerabilities reduces risk, improves efficiency, lowers costs, and improves the experience for operations teams and users alike.

The post CxO Decision Brief: The Value of Secure Endpoint Management Automation appeared first on Gigaom.

GigaOm Key Criteria for Evaluating Enterprise Firewall Solutions

Paul Stringfellow — Thu, 29 Feb 2024 17:12:47 +0000

Firewalls have been a staple of network security for decades, sitting at the perimeter of an organization’s network and using stateful filters to decide which connections to allow both in and out of the network. However, today’s modern organization operates in a profoundly different landscape. The perimeter is no longer easy to define, organizations are more distributed, users are spread out geographically, infrastructure is deployed in multiple locations including the public cloud, connectivity offerings change, bandwidth capability continues to grow—and, of course, the security threat posed to business is more complex than ever before. Enterprise firewalls must continually evolve to operate in these modern environments and effectively secure them.

While most organizations will already have enterprise firewalls, continually evaluating the space should be an important part of an IT leader’s responsibilities. Selecting the right firewall is essential for ensuring that an organization remains secure against the latest threats but also helping to evolve its infrastructure for more effective cloud adoption, more secure access methods, and more flexible and efficient connectivity.

Business Imperative
Enterprise firewalls are a mature market. However, many organizations already have established solutions, and investing in new firewall technology has the potential to be a disruptive and complex task, especially in larger organizations.

Evolution in the cyberthreat landscape, the way organizations operate, the need for higher throughput and performance, and the changes in team communications and connectivity are all drivers that should lead diligent IT organizations to continually evaluate their firewall strategy. Those looking to transform the way they operate or adopt areas such as software-defined wide area networks (SD-WAN) and zero-trust network access (ZTNA) will need to ensure they are using vendors that help to meet these demands.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of an enterprise firewall solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters the adoption of an enterprise firewall solution, we provide an overall Sector Adoption Score (Figure 1) of 3 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that an enterprise firewall solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for enterprise firewalls are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating Enterprise Firewall Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for Enterprise Firewalls

This is the second year that GigaOm has reported on the enterprise firewall space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective enterprise firewall solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading enterprise firewall offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Key Criteria for Evaluating Enterprise Firewall Solutions appeared first on Gigaom.

GigaOm Radar for Domain Name System (DNS) Security

Paul Stringfellow — Thu, 29 Feb 2024 16:00:16 +0000

The domain name system (DNS) is fundamental to every modern organization. It’s the backbone of communications and the means by which clients connect with services both internally and externally. It is a service so fundamental to the basic day-to-day operations of every network that it must be both ultra-secure and resilient. However, the reality is that it is not. In fact, the DNS is vulnerable. Attacks of all types that can undermine the DNS, such as cache poisoning, DNS hijacking, amplification, spoofing, and tunneling, continue to increase.

The impact of a DNS cyberattack on an enterprise can be devastating. It can result in the loss of sensitive data, deployment of malicious code, and denial of access to key services, all of which can result in significant financial losses and reputational damage. Protecting DNS should be a priority, and that means using a solution with a range of security capabilities. A good DNS security solution has a unique value in the overall security chain. This stems from its operation early in the communications process. The vast majority of malicious activity in an infrastructure will make a DNS call; by securing and identifying malicious calls at inception, proactive security can be implemented from the beginning of an attack, helping secure an organization more effectively.

The information gained from a DNS security solution can also greatly enhance an organization’s risk analysis and threat response, providing a rich source of data for security teams and improving resilience, availability, and operational stability.

DNS security is often overlooked, as it lacks the high profile of other security threat vectors. However, DNS communication is a fundamental part of IT infrastructure and very few systems and organizations can operate without it. Safeguarding it should be an essential part of an organization’s security planning, and the right solution will improve the security of DNS as well as deliver improvements across the broader stack. DNS security has the potential to provide a strong return on investment and should be part of every organization’s security strategy.

This is our second year evaluating the DNS security space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

For this evaluation, we’ve updated our inclusion criteria to only include vendors that provide DNS security as a discrete service. The DNS security must be a standalone offering, either a specific solution or, if part of a broader portfolio, able to be deployed and licensed on its own, without the need to include other services. This ruled out some vendors we had included previously that only offered DNS security as part of firewalls or secure internet gateways where DNS could not be unbundled. Additionally, we’re not including vendors that offer authoritative DNS solutions, where it’s required that a user’s DNS infrastructure moves to the vendor’s platform. This is a separate area of DNS security and needs to be evaluated as such. Instead, this report focuses on solutions that offer DNS security for DNS resolution and client end use and those that provide security to DNS infrastructure. The idea is to ensure greater consistency among vendors and to make comparison easier. Despite the elimination of some vendors, the changes resulted in an increase in the number of vendors included in our report.

This GigaOm Radar report examines 11 of the top DNS security solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading DNS security offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Domain Name System (DNS) Security appeared first on Gigaom.

Paul Stringfellow, Author at Gigaom

Everything Your Parents Told You About Posture Is True! Even For Data Security

What Value Does a DSPM Solution Provide?

How Will AI Impact the DSPM Market?

Are DSPM Solutions Worth the Investment?

Stand Up Straight, and Get your Data Security Posture Right

Next Steps

GigaOm Radar for Data Security Posture Management (DSPM)

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Key Criteria for Evaluating Identity Threat Detection and Response (ITDR) Solutions

Key Criteria for Evaluating ITDR Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Key Criteria for Evaluating Data Security Posture Management (DSPM) Solutions

Key Criteria for Evaluating DSPM Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

The Time is Right to Review Your Enterprise Firewalls

What Changed?

What’s the Future of Enterprise Firewalls?

Next Steps

DNS Security: The Forgotten Hero of Your Cybersecurity Strategy

The Central Role of DNS Services

Turning its Power Against Bad Actors

Nuts and Bolts of DNS Security

Next Steps

GigaOm Radar for Enterprise Firewalls

GIGAOM KEY CRITERIA AND RADAR REPORTS

CxO Decision Brief: The Value of Secure Endpoint Management Automation

GigaOm Key Criteria for Evaluating Enterprise Firewall Solutions

Key Criteria for Evaluating Enterprise Firewall Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Radar for Domain Name System (DNS) Security

GIGAOM KEY CRITERIA AND RADAR REPORTS

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption