update; also f5 is not free of flaws:
The F5 Networks BIG-IP appliances are affected by a serious flaw, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’, that can be exploited by a remote attacker to extract the content of the memory, including sensitive data (i.e. SSL session IDs).
That led the engineer to believe Cylance was using the test to close the sale by providing files that other products wouldn’t detect—that is, bogus malware only Protect would catch
How becoming cyber resilient is going to be writing more rules and even introducing even more technology in organizations where whole IT security departments are battling and chasing cyber bots . The owners of these bots are lying in their hammock with a cocktail waiting on another victim they can add to their revenue towards 6 trillion.
Study: 51% of Internet traffic is from bots, 31% is harmful.
So we need to stop the bad guys (girls?) to abuse our known vulnerabilities through bots since we need to become secure to avoid costs.
Buying a solution that will stop these will have definitely have your preference. Of course this will depends on how you need to become #incontrol.
As we go to RSA to see these reactive technology born out of a need since like pre-funeral planning most people don’t want to think about or talk about cyber breach prevention or compliancy.
So we are going to trade shows where the first question will be “what are we searching for?”
Instead of just putting cybersolutions IDS, IPS, antimalware, phissing awareness courses and then buy cyber insurance that on itself need new “innovations” since there are no visionaries according to #Gartner.
ITS HUGE ITS ENORMOUS ITS TRUE
This fuels the industry to enhance the current reactive defences by adding new capabilities that are alien to these products like Artificial intelligence 1 to battle the complexity of humans need to interpreted the onslaught of alerts . And the lack of cyberexperts 5 that are breeded by the demand for “fighterpilots ” since we put everything in the cloud and find out that also that technology comes with perils even though you outsourced your business processes.. http://www.cityam.com/248334/eye-eye-hack-hack-global-cyber-arms-race-heating-up
RSA 2017 will be full of it , its true ,its enormous and they will build all of that for you at premium prices with American technology ofcourse 10 security trend to watch for at rsa 2017.
And that technology at the moment fails , but why?
So we need more technology to protect the technology that protects our assets -huh? But in the mean time configuration errors, malicious insider not stopped by reactive deflection software and phishing techniques stacked upon the “old firewall and antivirus” clubs and the complexity add up for 98% of the breaches .
This is the situation with the current market leaders where bluecoat was once was one of them .
And what do we see happening is that the small fishes get gobbled up by bigger fishes that get gobbled up by supreme whales without modifying or questioning the technology and ends up in governments and big fortune 500 companies without a sanity check since ” we are protected” not knowing how it is protected in the total chain.
What about hidden and visible costs when a breach occurs?
So lets put that in perspective :
We spend $120 billion a year on cybersecurity , according to gartner not on visionary productleaders so basically in the same old pool from usual suspects that have enough money to buy good companies but don’t have the expertise to enhance or integrate it correctly due to reasons mentioned before.Not even taking into account the risk of foreign dependencies and the brain drain these companies have if the brightest are notallowed into the country–
So in early 2015 we see that bluecoat is getting into a round of finance acquired by Bain Capital for $2.4 billion .
Even though flaws at the time were presented by security researchers who where ignored and scorned http://www.forbes.com/sites/thomasbrewster/2015/03/26/hackers-slam-blue-coat-claiming-it-pressured-security-researcher-into-cancelling-talk-on-its-tech/#3db80928659a
Almost a year later Symantec then acquires bluecoat in june 2016 for 4.5 billion and still introduce vulnerabilities Symantec, which recently purchased the Bain Capital-backed cybersecurity firm Blue Coat for $4.65 billion, also employed open source code that it failed to update even after seven years of use, Ormandy notes. He lists the additional vulnerabilities in that code here.
Vulnerabilities were known before bain capital took it over were not fixed after an 2.5 billion injection because time to market was the only thing that counts and is currently at many governments in use..who say we only need to regulate IOT devices ..
We see more of these takeovers from those bigname vendors touting their acquisitions at the RSA show point http://www.crn.com/slide-shows/security/300083720/10-security-trends-to-watch-for-at-rsa-2017.htm/pgno/0/2
So the current visionairs can undergo the same faith as blue coat with you left behind in the cybersand. Where time to market prevales while the products might still have flaws- making money while offering a false sense of security.
So the next offering that approaches you look at it a bit skeptical and address your company cyber resilience how`s needs first before getting in the turmoil of the what wants .
Have a good RSA fair and a good sleep without sand put into to your eyes.