Keith Townsend, writing in CTO Advisor, believes that no single vendor offers a complete vision for a software-defined...
environment in today's data centers. "Similar to the single pane of glass, no single vendor offers a complete software-defined vision," he said. Nevertheless, Townsend believes that software-defined environment options break down into three major schools of thought.
First is Cisco's approach. The vendor, Townsend said, specializes in selling high-profit-margin hardware through its partner network, a strategy that has yielded dividends in the past. But, Townsend said, "It is not in their best interest to sell software-only solutions that cannibalize their hardware business." The challenge, he said, is separating Cisco's business interest from that of its customers.
VMware, with NSX, has the opposite problem, of over-prioritizing software. To that end, many of its features are only available in a virtualized network. OpenStack, pitched as a way to integrate the best features of each approach, has proven to be an operational challenge. So what's the best option? Point deployments, using customized architectures, Townsend said, noting that a solid hardware and software strategy is needed to build modern data centers.
Read more of Townsend's thoughts on software-defined environments.
How to operationalize threat intelligence
Jon Oltsik, an analyst with Enterprise Strategy Group in Milford, Mass., revisited some threat intelligence research that he conducted last year. Many cybersecurity teams proclaim their need to "operationalize" threat intelligence, but Oltsik wanted to define what that goal would actually mean for an organization. Many groups find it difficult to get a holistic view of external threats, and are overwhelmed by threat intelligence workflows or find that alerts aren't timely and accurate. Significantly, 32% of organizations in an ESG survey said they had blocked legitimate traffic inadvertently.
To truly operationalize threat intelligence, Oltsik believes organizations need to rationalize threat intelligence programs and establish quality metrics. They must also evaluate inputs and outputs and build plans for threat intelligence sharing. Oltsik believes many groups may still struggle with these goals based on resources available and may want to consider platforms from BrightPoint Security, ThreatConnect or ThreatQuotient.
Explore more of Oltsik's thoughts on threat intelligence.
Weighing the effectiveness of security monitoring alerts
Augusto Barros, an analyst with Gartner, wonders whether security monitoring alerts are becoming obsolete. Many security organizations are swamped with more security alerts than they have personnel to deal with, despite assigning junior analysts to categorize threats as high, medium and low. Even when organizations focus on high-level alerts, there still may be simply too many alerts to address. Today, user and entity behavior analytics tools are emerging to overcome some of the prioritization challenges, although Barros believes many more improvements will be needed.
Currently, he said, many security teams are switching to systems that generate risk scores, scoring entities such as users or endpoints numerically. Entities with the top scores, based on multiple criteria, are shifted to the top of the list for analysts to assess. Barros recommends two ways of dealing with these alerts: working down the list from the most severe alert or shifting the highest level alerts immediately from junior to senior analysts.
Dive deeper into Barros' discussion of security monitoring alerts.
IT silos challenged by software-defined environments
How threat intelligence can boost enterprises
Security alerts yield too many false positives