The Best Security Reacts Quickly to Change
October 22, 2009
I’m certainly not above lifting verbatim research that I believe is helpful to security and compliance practitioners. And the title of this post was lifted from Gartner’s John Pescatore’s post entitled “Who Moved My Soap – The Best Security Reacts Quickly to Change.” Now I could go forth with all sorts of don’t drop the soap in DisneyWorld jokes, but that would obscure the real point, which is not about Pescatore’s hygienic preferences.
Security professionals are not driving the ship. The business folks are. So security folks that are resistant to the ebbs and flows of business will not be successful. We have to face the reality that we (as security professionals) need to adapt our defenses both to the actions of our adversaries, as well as the reality of our businesses. Budgets come and go, projects are re-scoped, and priorities change. That’s business. That’s life. Deal with it.
But you cannot adapt in a vacuum. In order to react quickly (which sounds very similar to my personal REACT FASTER mantra), an organization needs to understand what they are looking for. That means they need to be monitoring as much as they can, establishing what is “normal” in their environment and then watching for what is NOT normal. Things change all the time, but if you don’t know HOW they are changing, there is no way you’ll be able to understand WHY things have changed, and therefore you’ve got no shot to address the issue…before it’s too late.
Oh yeah, did I mention I’m a big fan of security monitoring?
How to use Gartner’s SIEM MQ
June 16, 2009
Yes, that’s right. Our friends at Gartner have published their 2009 Magic Quadrant on Security Information and Event Management for Gartner clients. eIQnetworks is placed in the visionary quadrant.
Mark Nicolett hijacked John Pescatore’s blog for a day to clarify how to use the MQ. In the post, he describes leaders and visionaries: “Vendors that are in the leaders or visionary quadrant meet the major functional requirements of the broad SIEM market.“
The difference between a leader and a visionary? The post states: “Visionary vendors have scored lower in ability to execute (most often due to smaller company size or installed base or growth rate) as compared to leaders.” eIQ has been addressing the enterprise space for a touch over two years (as compared to the other leaders and visionaries in the space for 7-10 years), so we are pleased with our placement.
Yet, Mark Nicolett cautions customers against reading too much into the placements in the chart.
The written research is intended as a starting point for a product selection decision. We really encourage Gartner clients to use our inquiry process to augment your use of the published research. The idea is to get on the phone with us so that we can provide more specific advice based on the client’s environment.
Being a former analyst, I totally agree with Mark’s assessment here. It’s easy to just look at the chart and pick only the leaders to engage with and be done with it. But it would be the wrong thing to do, since visionaries usually bring a different perspective and set of capabilities to the table. At least eIQ does.
Going Beyond Traditional SIEM
March 18, 2009
We recently recorded an audio program with Gartner’s Marc Nicolett to discuss issues related to security and compliance based on what he is seeing out there in the market. To listen, you’ll need to register on the eIQ website.
Here is the description:
Join this exclusive eIQnetworks podcast to hear Gartner’s VP and
Distinguished Analyst Mark Nicolett and Mike Rothman, eIQnetworks Senior Vice President of Strategy, discuss the important ways that SIEM can solve enterprise problems today. Mark Nicolett delves into why organizations should consider a holistic approach to security and compliance management to more effectively monitor for potential attacks, anomalies and trends, and how this data helps enterprises enforce compliance mandates spanning laws, regulations, best practices, and internal requirements. Mike Rothman then presents trends he is seeing in the market, which underscore why security and compliance management must transcend traditional SIEM data to include broader visibility into enterprise IT.
Follow this link to check it out: http://www.eiqnetworks.com/news/Gartner_Podcast.shtml
