Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Stuart O'Brien

The rise of the Chief Cybercrime Officer

960 640 Stuart O'Brien

Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, discusses the role of the CCO and how the CCO and CISO should work in harmony to achieve the common cyber security goals…

The TalkTalk data breach in 2015 was monumental for the cyber security industry. At the time, data breaches were hardly new, but this particular breach resulted in UK MPs recommending that an officer should be appointed with day-to-day responsibility for protecting computer systems from cyber attack.

This governmental guidance was not a consequence of the size of the breach. With the personal details of 157,000 customers accessed, including bank account numbers and sort codes of over 15,000 customers, it certainly was not the largest the industry had seen. Rather, the guidance resulted from the way in which the immediate situation and the following aftermath, were handled.

In most organisations, the responsibility of following this guidance has historically fallen to the Chief Information Security Officer (CISO), with support from the CEO. In the wake of the TalkTalk data breach in particular, the CISO was given ‘free rein’ to strengthen the organisation’s cyber security capabilities.

The many faces of the CISO 

Yet, the role of the CISO was not a new concept. In fact, the CISO dates back to 1994 when Steve Katz was hired to run the world’s first formal cyber security executive office, and was subsequently given the title of CISO. Unsurprisingly, the role has many aspects to it, from security operations, cyber risk and cyber intelligence, data loss and fraud prevention, security architecture, identity and access management, programme management and compliance and governance, to name but a few.

Recently however, the role has come under increasing scrutiny and with the rise of cyber crime and the sophistication of cyber attacks, it’s easy to see why. Research shows that over two-thirds of organisations have experienced at least one security breach in the past year and that the majority of both CISOs and the entire C-Suite believe the CISO is ultimately responsible for the response to a data breach. However, with so many ‘hats’ to wear and multiple day-to-day responsibilities, it is clear to see why, with the increasing threat landscape, many organisations feel that it’s time to add another role to the C-Suite. 

Enter the CCO 

Enter the Chief Cybercrime Officer (CCO), whose remit will entail ensuring the organisation is cyber-ready and who will bear the responsibility of mitigating breaches, taking the lead if a breach does occur and providing the necessary link between the Board and the rest of the company to mitigate risk and work collaboratively to resolve issues as they arise.

With the need for cyber security to become far more central to C-Suite strategies, this new role should ease the load on the CISO and ensure the organisation can get one step ahead of hackers in the cyber crime race. However, organisations must take into account the need for both the CISO and CCO to work in harmony, with clearly defined roles and support from the Board. 

Aligning to boundaries

With both the CISO and CCO working towards keeping the company’s data safe from cyber threats, it is essential for each role to be clearly defined. This definition may look different to each organisation: each role, and the teams working with them, should have clear parameters and responsibilities so that in the event of a data breach, the organisation clearly understands the steps that should be taken, and who should take them.

In practice, this should make every CISO breathe a big sigh of relief. Many CISOs would identify cyber security as the greatest risk within their role, and when they’re also trying to juggle multiple other responsibilities, it’s a lot to have on their shoulders. With the CCO focused on the system architecture and the CISO focused on the security of the information within the organisation, there should be no reason that both roles can’t work collaboratively towards keeping the organisation safe.

Making decisions 

With both roles working in tandem, the next step that organisations need to take is ensuring the CISO and the CCO have enough influence with the Board to make critical decisions and resolve issues immediately. By ensuring that all members of the Board have visibility of the entire cyber security strategy and that the strategy is regularly reviewed and updated in line with new threats and intelligence, the CCO and CISO can be given the responsibility to report and respond to incidents and make rapid decisions on behalf of the business. In the event of a data breach, removing unnecessary approval and authorisation steps ensures that the organisation can respond quickly and put remediating measures in place to minimise potentially catastrophic repercussions.

In a world where cyber security threats can’t be ignored, now is the time for the structure of organisations to truly be considered. Has cyber security been given enough prominence at Board level? Can decisions be made quickly? Can space be made for both the CISO and CCO to work in harmony? By asking these questions and making changes, organisations can ensure they are in a far better position to keep their data safe and protect their reputation.

Coronavirus: Business Continuity During a Global Crisis

960 640 Stuart O'Brien

By Nicole Alvino, Cofounder and Chief Strategy Officer, SocialChorus

We’re living through an unprecedented time, globally and for how long, none of us are that sure. While the new coronavirus may seem like a singular threat, dealing with crises is a fact of doing business—one companies can expect to encounter with increasing frequency. According to PWC, 69% of businesses had experienced a crisis in the last five years even before COVID-19, and the most disruptive causes of crises in the U.S. were natural or environmental. 

Under these conditions, it’s likely that your company already has crisis management and business continuity plans in place. But what should you do to ensure your infrastructure is robust enough and capable of helping you to reach all your workers?

There are five critical challenges that CIOs will face as they try to utilise their stack to reach employees. If you’re a CIO, then you know that you’re the best equipped person in your executive team to plan for business continuity but to be successful you’re going to need every person, across the entire business to understand your plans. Ultimately, your company is looking to you to:

·       Establish a source of truth for your company and communicate with one voice, so employees can separate rumours from facts and trust what they’re being told

·       Reach every worker on every digital channel with the targeted, personalised information they need to respond in an emergency

·       Use intelligent automation to certify message delivery, prompt response, and make sure your crisis communications are not just read but understood

·       Track the success of crisis initiatives and measure the effectiveness of your communications using in-depth analytics

·       Be prepared for emergency situations during COVID-19 and beyond – your stack and your workforce need to prepared for every twist and turn during this pandemic.

As you and the senior leadership team implement your crisis communications strategy you (and they) will ask whether you can reach every employee on every digital channel, even those that are deskless. And can you reach them with personalised, up-to-the minute information that they need? You’ll need to ensure that whatever communications technology you use, whether it be SharePoint, Slack, Zoom, Teams, mobile apps or others, that you can consistently reach and broadcast your company’s messages to all.

One thing we’re hearing is that people are overwhelmed with communications. On average a worker receives 120 emails per day, that’s not counting the ones via other channels such as Slack, IM or Teams. Now consider that your people, like you, are also getting bombarded by emails from school, IM from friends and family and messages via Facebook and WhatsApp. There is an information overload going on so whatever you do, you need to make sure your messages reach people urgently and that they can review them promptly. Our latest paper on CIO Crisis Communications takes you through several steps on how to reach all employees, across all channels, consistently.

Consistency from your business will help to establish trust in your message, especially if you’re able to deliver it immediately to all. And that’s of paramount importance. You don’t want workers in the London office getting communications three hours later than those in Paris or Madrid, or the other side of the world for that matter. All employees are equal, and all deserve to be communicated with, no matter where they are. They may consume your communications in different ways so use your different channels to reach all.

You’ll also need to judge how many times you communicate. Don’t hassle people as we’ve said, they’re inundated with messages already. If you need to know that they’ve received a critical message or piece of advice, then track acknowledgements or read receipts. Then you can take further communications actions with those that are unresponsive and not send repeat messages company wide.COVID-19 is changing the way we live and the way we work. In a world where change seems to be the only constant be the consistent voice across your organisation. Your emergency plans may need to be tweaked over the coming weeks, your infrastructure might need to be extended to ensure your reach is truly companywide but remember it is the companies that manage this situation well that will thrive through the chaos.

Image by Thor Deichmann from Pixabay 

Join our A-list line-up of cyber security professionals

960 640 Stuart O'Brien

The Security IT Summit is taking place this summer and we’d like to invite you to attend as our guest – Sign up today!

30 June – Hilton London Canary Wharf

This complimentary guest pass will give you the opportunity to meet with suppliers based on your own unique requirements, attend a series of seminars and network with like-minded senior cyber security professionals. Lunch and refreshments are complimentary.

The Security IT Summit is a small-scale event, far removed from the large and busy exhibitions and conferences within the sector.

Unlock your priority pass here and join representatives from:

3T Logistics 

AB World Foods

Barclays

Bishop Konstant Catholic Academy Trust

BNP Paribas

Communisis

Diligenta

EMW Law LLP

Euromoney PLC

Firstport

Furniture Village

George Green’s School

GlobalWebIndex

Herod Food

Kennet Equipment Leasing

Knight Care 

Marine Stewardship Council

Marshalls Motor Group

Metropolitan Thames Valley

Parliament Digital Services

Save the Children

Sika 

Telefonica

Ten Group

The Savoy Hotel

Thrive Homes

Willis Towers Watson

Wirral University Teaching Hospital NHS Foundation Trust, Wirral

Your World Recruitment Group

Confirm your complimentary guest pass here today!

Do you specialise in Phishing Detection? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in April we’re focussing on Intrusion Phishing Detection solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Intrusion Phishing Detection solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
Jul – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Closing the gender gap in cybersecurity ‘could generate billions’

960 640 Stuart O'Brien

If the number of women working in cybersecurity rose to equal that of men, there would be a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK.

That’s according to a new report from Tessian, which also reveals that closing the gender pay gap, and equalising women’s salaries to men’s, could add a further $12.7bn and £4.4bn to the US and UK economies respectively. 

The report highlights the importance of encouraging more women into cybersecurity and identifies the barriers stopping this from happening. After surveying female cybersecurity professionals in the UK and the US, Tessian reveals that a lack of gender balance was far less of a barrier to entry in the UK, compared to the US:

·         82% of female cybersecurity professionals in the US believe that cybersecurity has a gender bias problem versus 49% of those in the UK. 

·         Just 12% of UK respondents say a lack of gender balance was a challenge at the start of their career versus 38% of those in the US.

·         US respondents were also three times as likely to believe that a more gender-balanced workforce would encourage more women to pursue roles in cybersecurity. 

The report sought to identify which other factors were discouraging women from joining the cybersecurity industry, and found that:

·         42% of respondents think a cybersecurity skills gap exists because the industry isn’t considered ‘cool’ or ‘exciting’. This opinion was most commonly shared by millennials – 46% vs. 22% of 45-54 year olds.

·         A lack of awareness or knowledge of the industry was the top challenge female professionals faced at the start of their career, with 43% citing this as a barrier.

·         43% of women said that a lack of clear career development paths was another challenge at the start of their cybersecurity career, while nearly a quarter (23%) cited a lack of role models.

·         Just 53% say their organization is doing enough to recruit women into security roles. 

Sabrina Castiglione, Senior Executive at Tessian said: “For organisations to successfully recruit more women into security roles, they need to understand what’s discouraging them from signing up beyond just gender bias. We need to make women in cybersecurity more visible. We need to tell their stories and raise awareness of their roles and experiences. And once through the door, managers need to clearly show women the opportunities available to them to progress and develop their careers.”

When asked what would encourage more women to consider a career in cybersecurity, over half (51%) said there needs to be more accurate representations of the industry in the media. Respondents ranked this as the number one way to encourage more women into cybersecurity, followed by a gender-balanced workforce (45%), cybersecurity-specific curriculum in universities (43%) and equal pay (28%).

In the report, Tessian interviewed Shamla Naidoo, former CISO at IBM who said: “To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry.” 

In addition to huge economic benefits, there are other rewards for women working in cybersecurity. 93% of the women surveyed in the report feel secure or very secure in their jobs, with over half (56%) believing that cybersecurity is one of the most important industries today as cyber threats become more advanced. 

Read the full report and discover the stories of cybersecurity professionals at some of the world’s biggest organisations here: Opportunities in Cybersecurity 2020.

What you need to know about DDoS weapons today

960 640 Stuart O'Brien

By Adrian Taylor, Regional VP of Sales for A10 Networks

A DDoS attack can bring down almost any website or online service. The premise is simple: using an infected botnet to target and overwhelm vulnerable servers with massive traffic. Twenty years after its introduction, DDoS remains as effective as ever—and continues to grow in frequency, intensity, and sophistication. That makes DDoS defence a top cybersecurity priority for every organisation. The first step: understanding the threat you face.

To help organisations take a proactive approach to DDoS defence, A10 Networks recently published a report on the current DDoS landscape, including the weapons being used, the locations where attacks are being launched, the services being exploited, and the methods hackers are using to maximise the damage they inflict. Based on nearly six million weapons tracked by A10 Networks in Q4 2019, the study provides timely, in-depth threat intelligence to inform your defence strategy.

Here are a few of our key findings.

Reflected Amplification Takes DDoS to the Next Level

The SNMP and SSDP protocols have long been top sources for DDoS attacks, and this trend continued in Q4 2019, with nearly 1.4 million SNMP weapons and nearly 1.2 million SSDP weapons tracked. But in an alarming development, WS-Discovery attacks have risen sharply, to nearly 800,000, to become the third most common source of DDoS. The shift is due in part to the growing popularity of attacks using misconfigured IoT devices to amplify an attack.

In this key innovation, known as reflected amplification, hackers are turning their attention to the exploding number of internet-exposed IoT devices running the WS-Discovery protocol. Designed to support a broad variety of IoT use cases, WS-Discovery is a multicast, UDP-based communications protocol used to automatically discover web-connected services. Critically, WS-Discovery does not perform IP source validation, making it a simple matter for attackers to spoof the victim’s IP address, at which point the victim will be deluged with data from nearby IoT devices.

With over 800,000 WS-Directory hosts available for exploitation, reflected amplification has proven highly effective—with observed amplification of up to 95x. Reflected amplification attacks have reached record-setting scale, such as the 1.3 Tbps Memcached-based GitHub attack, and account for the majority of DDoS attacks. They’re also highly challenging to defend; only 46 percent of attacks respond on port 3702 as expected, while 54 percent respond over high ports. Most of the discovered inventory to date has been found in Vietnam, Brazil, United States, the Republic of Korea, and China.

DDoS is Going Mobile

Unlike more stealthy exploits, DDoS attacks are loud and overt, allowing defenders to detect their launch point. While these weapons are globally distributed, the greatest number of attacks originate in countries with the greatest density in internet connectivity, including China, the United States, and the Republic of Korea.

A10 Networks has also tracked the hosting of DDoS weapons by autonomous number systems (ASNs), or collections of IP address ranges under the control of a single company or government. With the exception of the United States, the top ASNs hosting DDoS weapons track closely with the countries hosting the majority of attacks, including Chinanet, Guangdong Mobile Communication Co. Ltd., and Korea Telecom.

In another key trend, the prevalence of DDoS weapons hosted by mobile carriers skyrocketed near the end of 2019. In fact, the top reflected amplified source detected was Guangdong Mobile Communication Co. Ltd., with Brazilian mobile company Claro S.A. the top source of malware-infected drones.

The Worst is Yet to Come

With IoT devices coming online at a rate of 127 per second and accelerating, hackers are poised to enter a golden age of possibilities. In fact, new strains of DDoS malware in the Mirai family are already targeting Linux-powered IoT devices—and they’ll only increase as 5G brings massive increases in network speed and coverage. Meanwhile, DDoS-for-hire services and bot herders continue to make it easier than ever for any bad actor to launch a lethal targeted attack.

The A10 Networks report makes clear the importance of a complete DDoS defence strategy. Businesses and carriers must leverage sophisticated DDoS threat intelligence, combined with real-time threat detection, to defend against DDoS attacks no matter where they originate. Methods such as automated signature extraction and blacklists of the IP addresses of DDoS botnets and available vulnerable servers can help organisations proactively defend themselves even before the attacks starts.

For additional insight, including the top IoT port searches and reflector searches performed by attackers, download the complete A10 Networks report, “Q4 2019: The State of DDoS Weapons” and see the accompanying infographic, “DDoS Weapons & Attack Vectors.”

Security IT Summit

Rub shoulders with Chelsea FC and more at the Total Security Summit

960 640 Stuart O'Brien

Senior professionals from some of the UK’s biggest brands will be gathering for the Total Security Summit on June 29th & 30th at the Radisson Blu, London Stansted – Don’t miss out!

In addition to two days of business networking, you will get the latest insights and advice on trends in the sector via a series of seminar session.

Overnight accommodation, all meals and refreshments, plus an invitation to our networking dinner, are included with your complimentary guest pass.

Register today and join security leaders from:

AB Southampton 

Accor Hotels 

AEG Europe

Allsaints

B&CE

BBC

BRE

Brighton BCRP

Birmingham 2022

Cargill Corporation 

Chelsea Football Club

China Construction Bank

Como Metropolitan London

Cumbric Care 

Demipower Ltd

Dorset and Wiltshire Fire and Rescue

Essex County Council

Ei Group 

Engie 

Freedom Group of Companies

Firmenich

GLL

Heathrow Airport 

HSBC PLC

Hull University Teaching Hospitals NHS Trust

Hogarh Worldwide

Kering International 

London Borough of Redbridge 

London Stansted Airport

Marks & Spencer

Matalan

Michael Kros

National Trust

NatWest Markets

Newell Brands

North West Anglia NHS Foundation Trust

Peel Media Ltd

Procter & Gamble

Portsmouth Guildhall

Pure Data Centres

Sodexo

South East Coast Ambulance Services

SSP UK & Ireland

Telent Technology 

Tesco 

The American School in London

The Lodge Hotel 

Theo Phaphitis Retail Group

Topshop

Transport for London

TransferWise

United Synagogue 

WeWork

Don’t miss out on this unique opportunity! We have just five passes remaining.

Register your free place today

A uniquely-targeted event for cyber security professionals

960 640 Stuart O'Brien

30 June & 5 November * Hilton Canary Wharf, London

If you or a colleague is responsible for your organisation’s IT security, join us as our guest for a unique one-day event tailored to your individual requirements.

The Security IT Summit will enable you to:-

  • Meet face-to-face for a series of pre-arranged suppliers who match your requirements and projects
  • Attend a series of insightful seminars
  • Network with like-minded professionals
  • Enjoy complimentary lunch and refreshments

FREE for you to attend!

Find out more at www.securityitsummit.co.uk or call 01992 374100

77% of IT managers: Physical security is not optimised

960 640 Stuart O'Brien

There are calls for greater collaboration between the physical security and IT communities to meet urgent security and intelligence challenges, after a study of 1,000 IT decision makers across Europe revealed that physical security systems are not optimised according to 77% of respondents, and 20% have identified physical security as a priority for improvement in 2020.

While nearly half of IT managers surveyed by Morphean reported currently using a cloud-based video surveillance (VSaaS) or access control (ACaaS) solution, a further 36% are considering such a solution with a majority of 79% anticipating instalment within one year.

The Video Surveillance as a Service (VSaaS) market is expected to reach $5.93 billion by 2022, growing at a CAGR of 22.0%[1] buoyed by its low cost set up, the flexible scalability on offer and the increasing demand for real-time and remote access to video surveillance data. Morphean says that for the IT security professional already working with cloud systems and services, the growth in connected digital devices through the IoT is resulting in a growing appetite for physical security, such as network cameras, to enhance existing IT systems and assist business intelligence gathering.

The results of Morphean’s independent survey of 1000 IT decision makers within companies from UK, France and Germany with more than 50 employees revealed:

  • Better security, cost benefit and better functionality are viewed as the most influential factors AND the most commonly realized benefits of hosted security solutions
  • Half of respondents cited better security as the #1 benefit of using VSaaS / ACaaS; better functionality (42%) and cost benefits (38%) placed #2 and #3 respectively
  • Half of IT managers have identified data / information security as a priority for improvement in the next 12 months
  • 84% of IT managers are currently using (48%) or considering using (36%) a cloud-based video surveillance or access control solution
  • Of those still considering VSaaS and ACaaS, 79% anticipate introducing these solutions to their business within 12 months
  • 77% of IT managers report that physical security is not optimized; 20% have identified physical security as a priority for improvement in the next 12 months

Rodrigue Zbinden, CEO at Morphean, said: “When looking at the data from our survey, we can infer a number of significant conclusions. Firstly, that while adoption of physical security systems hosted in the cloud is strong, they are not presently optimised to their full depth of intelligence gathering capabilities which the IT department seeks; and secondly, while there is a significant market to be served in the coming year, a language barrier between physical security installers and IT resellers may hamper progress.

“As the in-house IT department becomes increasingly involved in the purchasing process and on-boarding of network connected surveillance and access control devices, greater collaboration will be required between IT resellers and physical securityinstallers. In effect, the fast and effective provision of these systems that are fully optimised and fit-for-purpose, requires cooperation between the IT and physical security industries that are speaking the same language.”

The language barrier to adoption
Morphean says the IT manager, who might ordinarily turn to his/her provider of IT infrastructure to provision additional services, should also consider physical security installers who have proven expertise in this field and an understanding of the full intelligence capabilities of these systems. However, while the IT reseller sometimes lacks knowledge of the systems, the physical security installer needs to learn the language of the IT department, which is also a new skill requirement.

Greater collaboration needed between IT resellers and physical security installers
For the IT manager, easy plug and play connectivity of security devices facilitates rapid integration onto the network, governed by the security that is already in place to connect software and systems. Connection to the cloud allows for powerful insights to be gleaned from IoT sensors, while the operational expenditure model used in relation to video surveillance and access control as-a-service, is already the preferred model of the IT world. 

The increased appetite for hosted security presents an opportunity for IT resellers and physical security installers to work with businesses to help them improve their physical security, while also educating them on the potential business intelligence benefits offered by surveillance and access control solutions when integrated in the cloud. Through partnering, both sides can deliver optimal system set up protecting both the physical environment and the cybersecurity of systems through a comprehensive overarching solution that will better serve the needs of the market. 

Whitepaper download2019 Landscape Report: Hosted Security adoption in Europe

Visibility and control in the public cloud is possible – And it must be unified and contextual

960 640 Stuart O'Brien

By Josh WIlliams, Senior Sales Engineer, Cloud and Automation Solutions at FireMon

Anyone who works in enterprise technology has heard the joke that the cloud is just someone else’s computer. But if we’re being serious, there’s some logic to letting security professionals see cloud instances as just another computer to be viewed as part of their growing network infrastructure. 

We also know the public cloud is different when it comes to security. A key theme from our annual State of Hybrid Cloud Security survey two years running is there’s a lack of clarity around shared security responsibility for public cloud platforms that are being rapidly adopted at the pace of business. Every platform, including Amazon Web Services (AWS), Microsoft Azure or Google Cloud, does security configuration differently, and every FireMon customer is unique when it comes to what they opt to put in the cloud — computing, storage and networking — and what they keep on-premise. 

For the foreseeable future, most enterprises are going to have a hybrid environment, and security professionals want to see any public cloud instance as a piece of the overall puzzle, not a separate puzzle, or worse yet, several puzzles. They need complete visibility, especially as hybrid clouds continue to scale, so they can keep a handle on complexity. 

Public cloud adds security pain points that must be solved 

Extending FireMon’s capabilities to the cloud is a necessary and inevitable next step for addressing the pain points security executives must address as organizations embrace cloud-first strategies and their own digital transformation agenda.  

Security professionals are tasked with applying controls and enforcing governance in public clouds to meet compliance obligations and mitigate risk just as they do with legacy and on-premise infrastructure. Security teams are also expected to enable access to cloud applications without becoming a barrier to the business while still maintaining network and security hygiene. The frequent and rapid changes that are today’s norm must also be managed and documented within budget and resources constraints, including staff that are often stretched too thin. 

These pain points impact several members of the C-suite, including CISOs and CIOs focused on security and compliance in the public cloud, CIOs focused on network infrastructure and operations, and the Chief Digital Officer driving digital transformation efforts. More broadly, the growing complexity and scale of hybrid clouds affect network operations leaders, DevOps, application teams and lines of business, who all face pressure to increase their speed of delivery. 

The proliferation of public cloud instances adds even more complexity and diversity to an infrastructure that now encompasses on-premise data centers, virtualized environments, software defined networks and the public cloud. Visibility across this dynamic environment is paramount if security teams are to enforce policy-driven control continuously across the entire hybrid environment as frequent changes are made. 

Right now, customers find themselves doing all this with multiple tools with no unified user interface for managing different deployments, and little to no automation. They are constantly having to find the right piece to a puzzle that’s always changing as workloads migrate to the public cloud, often quickly and without the proper guardrails in place because it’s so easy for business users to spin up a new application. Even with automation, checks and balances must be put in place to make sure the organization isn’t exposed to new security risks. Most of all, applying security can’t be an afterthought; customers are looking to automate their entire policy management workflow continuum, not just the last mile policy push. 

View public cloud security with context 

FireMon’s solution to the pain points amplified by the growing scale and complexity of hybrid cloud doesn’t mean we’re shifting our focus to cloud only, nor is it to introduce products specifically for cloud platforms. Rather, our strategy is to extend visibility to the commonly deployed public cloud platforms our customers need to see and manage. In all seriousness, a public cloud instance must be seen as just someone else’s computer on the network, but with the context security teams need. 

FireMon is essentially extending intelligent security automation so customers can see the cloud the way they’ve been able to see their on-premise infrastructure. But because each public cloud is different when it comes to configuring security, we’ve done the necessary remodeling work behind the scenes to give customers the visibility they want with the context they need. We support workload migrations to public cloud platforms such as Azure and AWS by normalizing and unifying security policies, so customers are compliant throughout any change process. 

FireMon didn’t need to become a cloud vendor to offer a single, infrastructure-agnostic platform to design, implement, and validate security policies across the environment. Not only does extending our security management platform for on-premises and the data center to public cloud make it unique, it also negates the need for customers to license multiple products for different deployment models.