SN blogs: Patterns identify 9 security risk categories

SN blogs: This week, analysts discuss finding security risk patterns, using iSCSI for storage transportation and an outside-in approach to monitoring.

Find patterns in security threats to minimize risk

Current Analysis blogger and analyst Amy Larsen DeCarlo discusses how to follow patterns to recognize security threats. DeCarlo references the Verizon Data Breach Investigation Report that shows that most security incidents follow one of nine distinct patterns. Some of the categories include: crimeware/malware, insider/privilege misuse, denial of service attacks, cyber espionage and point-of-sale intrusions. While nine categories can still seem like a lot to determine risk, DeCarlo says that a single industry – be it healthcare, retail, etc. – will have three of the nine dominating its risk. DeCarlo says about 72% of the risk factors will come from three categories.

Read all of the categories that DeCarlo lists as security threats.

To monitor the cyber-security supply chain, use an outside-in approach

Enterprise Strategy Group senior analyst Jon Oltsik says that CISOs need to focus on the entire cybe- security supply chain and not just the aspects of IT that they can physically touch within their networks. The cyber-security supply chain refers to anyone who comes in contact with an organization's IT systems, networks, services or applications. It includes among others hardware or software suppliers, VARs, business partners and contractors. Instead of relying on a more basic auditing approach, Oltsik suggests an outside-in continuous monitoring methodology, similar to the continuous monitoring that takes place from withinIT networks.

Read more of the outside-in approach that Oltsik suggests.

Managed mobility services aren't as similar as they might seem

Current Analysis analyst Kathryn Weldon says that while managed mobility operators provide similar services, there are a few aspects that separate one from the other. For example, while most services include mobile device management, only some offer add-on security capabilities. Weldon says that mobile enterprise application management (MEAP) is another differentiator as some companies choose not to word missing???MEAP services or offer their own application development capabilities. Aside from these specific examples, Weldon says that obvious differences can be seen in mobile operators' partnering strategies, global footprints and view of their roles in enterprise mobility.

Read the other differences Weldon mentions among different mobility operators

iSCSI is capable of large-scale storage deployments

VirtualizedGeek analyst and blogger Keith Townsend defends the notion that Internet small computer system interface (iSCSI) can be a viable option for large enterprise storage vendors. Townsend says that while traditionally, Fiber Channel has been the go-to form of interconnection, taking into account the innovative option of iSCSI could be just as useful. While Townsend acknowledges only one vendor, SolidFire, which uses iSCSI with Tier 1 applications, he says that it is important to consider that iSCSI has proven to be capable of anchoring large-scale deployments.

Read more of why Townsend says iSCSI is just as capable as FC.



This was last published in May 2014

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.