Thursday, August 22, 2013

CyberEdge announces plans for first annual Cyberthreat Defense Report

These are exciting times at CyberEdge. We’ve compiled a stellar team of consultants and we’re doing some great work for an impressive (and steadily growing) set of clients. What more could we ask for? The answer: to do more cool things – especially ones that have tremendous potential to help our clients meet their marketing and sales objectives.
It’s with this answer in mind that we announce our plans to publish the first annual Cyberthreat Defense Report. With a release timeframe of early 2014 (pre-RSA), the “CDR” will be based on survey responses obtained from hundreds of IT security practitioners and decision makers in commercial and government enterprises across both North America and Europe. The goal for this research study is to obtain cold, hard data regarding which types of threats concern these organizations the most, the technologies they believe hold the greatest promise for cyberthreat mitigation, and the cyber-defense investments they plan to make going forward.
Beyond merely consuming the report’s data to shape their marketing strategies, there is the not-to-be-missed opportunity for security solution providers to also sponsor the report. Added benefits for sponsors include: being able to contribute survey questions, being able to more thoroughly leverage the CDR as part of your marketing campaigns, and being directly associated with what is certain to be a landmark report.   
For more details on the objectives for this research study, the methodology we intend to use, and – of course – the opportunities and entitlements associated with sponsorship, please see the corresponding prospectus, available here:

Tuesday, July 23, 2013

Cisco to Acquire Sourcefire: A Perfect Match (On Paper)

Early this morning, Cisco (Nasdaq: CSCO)
announced its intention to acquire Sourcefire (Nasdaq: FIRE) for $2.7 billion. Cisco will pay $76 a share, which equates to a 29% premium to yesterday's close at $59.08. From Sourcefire's point of view, this is not too shabby given their 2012 revenue of $223.1 million, an increase of 35% from the prior year.

On paper, this is a perfect match. In fact, I discussed potential Sourcefire acquirers with Gartner analyst, Greg Young, during last month's Gartner Security & Risk Management Summit in DC. We agreed that, realistically, Cisco was the only vendor that could acquire Sourcefire, as Juniper is rumored to be looking to exit the threat-protection space and Dell had already acquired SonicWALL.

From Sourcefire's point of view, they are the dominant player in a gradually declining IPS (intrusion prevention system) market. All signs point to enterprises transitioning from stand-alone firewalls and IPS appliances to consolidated NGFW (next-generation firewall) solutions. Although Sourcefire is slowly increasing its firewall capabilities, it's many years behind competing firewalls from Check Point, Palo Alto Networks, and Cisco. Plus, even if Sourcefire closed the firewall gap in a year or two, the company is just not perceived as a trusted firewall brand. In my view, Cisco is the life boat Sourcefire would need anyway in the next year or two. And it's much better to hop on the life boat now before their ship actually starts stinking.

From Cisco's point of view, there are two vendors that are dominating the firewall conversation today--Check Point and Palo Alto Networks. That's because each vendor has launched best-of-breed NGFW solutions featuring top-tier firewall capabilities, strong IPS detection, and robust application control, along with other features, such as URL filtering and advanced malware detection. Although Cisco offers a solid ASA firewall, its IPS component leaves much to be desired. If the company can integrate Sourcefire's best-in-class IPS and strong application control capabilities with Cisco ASA firewall software, then Cisco will be in a much better position to compete for NGFW dollars.

Although I strongly believe this is a perfect match for both companies, there are a few obstacles that both must contend with:

1. Cisco should not screw with Sourcefire's open source model. Snort is still the de-facto standard for IPS. Removing Snort from open source will result in a ton of bad press and many unhappy Snort and Sourcefire users.

2. Sourcefire's IPS and NGFW software is closely integrated with purpose-built network acceleration hardware from Netronome (assembled within Intel appliances). A proper NGFW uses a single-pass architecture for inspecting traffic by its firewall, IPS, and app control engines. I have no idea how long it will take to port Sourcefire software to Cisco hardware or Cisco software to Sourcefire hardware. Or, for that matter, how long it will take to create a unified management interface. But it's not going to be easy and it's not going to happen overnight.

3. Like most acquisitions of this kind (such as IBM's acquisition of ISS, HP's acquisition of TippingPoint, and Intel's acquisition of McAfee), the talent that caused the success of the acquired company will soon be marching out the door looking for the next big thing. Sourcefire is widely viewed as an innovative network security provider. Whether Cisco can carry that torch definitely remains to be seen. I think the best thing Cisco can do is offer Sourcefire's founder and CTO (and Snort creator), Marty Roesch (pictured above), an insane amount of money and an impressive title (Chief Security Strategist would do) to keep him around as long as possible.

If Cisco plays its cards right, its little orange dot on the Gartner Firewall Magic Quadrant may one day move from the Challengers box on the top left to the Leaders box on the top right, joining Check Point and Palo Alto Networks. But it's not going to happen overnight and it's certainly not going to be easy. But I wish Cisco and my former Sourcefire colleagues all the best.

Friday, June 21, 2013

Celebrating the life of Citrix founder, Ed Iacobucci

Earlier today, Citrix founder, Ed Iacobucci, passed away after a 16-month battle with pancreatic cancer. He was 59. <learn more>

Ed had a profound influence on my life. On so many lives. Prior to founding Citrix (then "Citrus Systems") in 1989, Ed was known as the "Father of OS/2," heading up the OS/2 development team at IBM in Boca Raton, Florida. His success attracted the likes of Bill Gates and Steve Ballmer, who offered Ed the position of CTO at Microsoft. Ed turned it down in favor of starting his own company. (Years later, Ed confessed that, at the time, he felt at $95 per share, Microsoft was way overvalued. Even Steve Ballmer agreed.)

I began my 6-year Citrix tenure in October 1996 among the first 100 employees. This was back when the company was headquartered in a small, unimpressive office in Coral Springs, Florida doing $15 million per year. Back then, Citrix had a tradition of recognizing every new employee at the quarterly company meeting. Ed would throw out a Citrix polo shirt to each new person after their name was called. I was sitting in the back of the room when it was my turn, but Ed had no trouble reaching me.

Ed instilled a 'work hard, play hard' mentality in Citrix's corporate culture. Each summer, every employee worldwide--and their immediate family members--were invited to an all-expense-paid company weekend. My wife, Carrie, and I enjoyed company weekends in Naples, Marco Island, and Orlando, Florida. We 'Citrites' also enjoyed a 'cold one' after 5 o'clock each day from the in-house keg tucked away back in Engineering--at least until we implemented a formal human resources department!

I'll never forget having dinner with Ed and his (then) future wife, Nancy Lee, in Las Vegas the night after he won the 1998 Ernst & Young Entrepreneur of the Year Award. I sat next to Ed as he told stories of growing up in Buenos Aires, Argentina, and what it was like for Citrix in the early days. The next day, I had the pleasure of meeting Bill Gates during a cocktail reception before the SC Magazine Awards ceremony (in which Citrix was honored). The only thing Bill wanted to know was when was his friend, Ed, going to arrive!

Ed was the textbook definition of a visionary. His vision spawned the multi-billion dollar virtualization industry. Throughout his career, Ed had the courage to follow the path less traveled. And we are all the better for it.

Thursday, June 13, 2013

Top Five Insights from the 2013 Gartner Security & Risk Management Summit

This year's Gartner Security & Risk Management Summit--held in National Harbor, Maryland, just
outside of Washington, DC--was noticeably bigger... and in some ways, even better. (I got to get my photo taken with America's favorite zookeeper, 'Jungle' Jack Hanna, for one thing.) I guess this isn't too surprising since it followed the largest RSA Conference on record last February.

This year, there were over 2,200 attendees, including delegates and exhibitors. I don't remember how many attended last year, but my guess is that attendance is up 10-20% this year. Everyone agreed the exhibit hall was definitely bigger!

The following is a recap of the top five insights I took away from this year's Gartner conference:

#1 - The "Explosion" of Advanced Threat Protection

The era of Advanced Threat Protection is well underway. This was undoubtedly the most notable theme of this year's conference. If I had a nickel for every time I heard "FireEye" mentioned in a keynote or break-out session, I could pack up and retire.

The exhibit hall was chock full of vendors touting their abilities to detect advanced threats--in addition to FireEye, of course--including Palo Alto Networks, Damballa, Sourcefire, Trend Micro, AhnLab, Blue Coat, Zscaler, Proofpoint, and many more.

#2 - BYOD / Mobile Device Security Remains Hot

Clearly, the second-biggest theme this year was around BYOD (Bring Your Own Device) and securing mobile devices. Mobile Device Management (MDM) vendors got a lot of (deserved) attention this year, including AirWatch, Citrix, and MobileIron. In a recent Gartner survey on 2012-2014 security spending priorities, MDM came in first place! I can assure you that plenty of CISOs left the conference this week with a new-found respect for MDM. I know I did.

#3 - "Big Data" Is Alive and Well

Although not nearly as hot as it was at the RSA Conference in San Francisco last February, the concept of "Big Data" worked its way into virtually every session that talked about SIEM technology and tactics for uncovering advanced threats. Solera Networks--recently acquired by Blue Coat--definitely benefited from this theme. So did NBA (Network Behavior Analysis) vendors, like Lancope and Arbor Networks, who were almost forgotten three years ago.

#4 - Vulnerability Management Gets Much-Needed Love

Although the Vulnerability Management industry--or "Vulnerability Assessment," as Gartner calls it (don't get me started)--is a very mature market, it is still experiencing healthy growth. And I attribute much of this growth to the advanced threat landscape that has been snowballing over the last five years. The reason I say this can be summed up in one graphic in Mark Nicolett's presentation on "Operationally Effective Vulnerability Management." Mark had a slide that depicted the insignificant number of cyberattacks that typically occur within the first month following a public vulnerability disclosure and then the massive number of exploits that follow 2-3 months later. Further, Mark displayed the following strategic planning assumption (SPA) that I think makes a lot of sense: "Through 2015, 80% of successful attacks will exploit well-known vulnerabilities and will be detectable via security monitoring."

Our industry is so hot and heavy for Advanced Threat Protection products (and rightfully so) that it seems to have forgotten about the critical importance of good old-fashioned vulnerability management and patch management solutions. Vulnerability management and patch management should be the foundation of an effective advanced threat mitigation strategy--beyond the "meets minimum" activities for satisfying regulatory compliance.

#5 - It's No Longer a Matter of 'If'

It was so refreshing to hear everyone--analysts, attendees, and even vendors--all agree on one thing: It's no longer a matter of 'if' your network will be compromised. It's a matter of 'when.' There was so much attention given to threat 'detection' technologies that I almost wanted to install a Snort IDS when I got home!

In a related note, I heard the most remarkable strategic planning assumption (in Ray Wagner's keynote) that I've heard in quite some time--perhaps ever! "By 2020, 75% of enterprises' information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2012." Although I'm not convinced this prediction is even half true, I'm sure it made a lot of security vendors smile.

Thursday, May 23, 2013

The King of Content

The King of Content

Content is king. But what about the king of content? For my money, the white paper takes the crown, far and away. Sure, a good webinar is worth its weight in gold. But webinars aren’t nearly as consumable or leverageable as white papers. Case studies are cool (i.e., important), too. In my experience, though, they’re typically too high-level. Not to mention that you need a fleet of them to cover all the angles (i.e., business issues solved and vertical markets of interest). Presentations? Rarely are they sufficient as a standalone resource.
In comparison, white papers have a number of key strengths:

1. They force crystallization of a topic. In my experience, there is no tool more powerful for forcing one to think through the issues surrounding a topic than trying to write about it. In theory, much of this should already be done, at least for high-level topics (think MRDs). But theory and reality don’t always align. And what about all of those secondary, more granular topics that still need to be fleshed out?

2. They establish credibility and thought leadership. A single, well-written paper can demonstrate applicability and value of your products for solving a specific set of business problems, while also conveying a number of important intangibles, such as attention to detail and professionalism. With a series of papers covering additional angles and providing further insight on a topic, credibility can quickly be transformed into thought leadership.

3. Decision makers prefer them. Simply put, white papers provide an opportunity for business and IT professionals to absorb a large amount of relevant information with a modest time investment.

4. They accelerate sales. A marketing campaign leveraging a solid white paper delivers qualified leads to the sales force and can make it easier to close a deal by simplifying the process that prospective clients use to gather information and begin to evaluate your solution.

5. They deliver unparalleled flexibility and value. White papers can be used to convey just about any type of information, from technical selection criteria, innovative capabilities, business cases and TCO models to product/vendor comparisons and best practices for implementation and ongoing operations. Moreover, the same content can often be leveraged over and over again – for web copy, articles, blog posts, newsletters, presentations, solution briefs and so forth.

Of course, the effectiveness of a given white paper will depend on the quality of both the content and the writing. But that’s a topic for another day. In the meanwhile, if your organization needs help developing one or more white papers, let us know. It’s one of our specialties! 

Thursday, May 2, 2013

CyberEdge Wins 2013 Hermes Creative Award for Best Book

Yesterday, the Association of Marketing and Communications Professionals (AMCP) announced winners of 2013 Hermes Creative Awards. I am thrilled to announce that CyberEdge Group won the Platinum Award (highest honor) for Best Book! This is CyberEdge's second 'Best Book' award in as many years!

The Hermes Creative Awards ( is an international competition for creative marketing professionals involved in the concept, writing, and design of marketing materials and programs. Entries come from corporate marketing departments, advertising agencies, PR firms, graphic design shops, production companies, and more.

This Hermes Creative Award is for a custom book that CyberEdge authored and published earlier this year titled Definitive Guide to Next-Generation Threat Protection, sponsored by FireEye ( Like For Dummies books that CyberEdge has authored for its clients (in partnership with Wiley Publishing), Definitive Guide books and eBooks are excellent resources for both generating high volumes of qualified leads and for building thought leadership among your customers and partners.

I would like to thank FireEye for sponsoring this Definitive Guide book, and I share this award with the extremely talented folks in their marketing department that contributed to this book's success.

To download a free copy of FireEye's Definitive Guide to Next-Generation Threat Protection eBook, connect to their website at

Tuesday, April 23, 2013

Insights from the 2013 Verizon Data Breach Investigations Report

The annual Verizon Data Breach Investigations Report (DBIR) is arguably the most comprehensive, highly respected published research on the subject of corporate data breaches. From where I sit, it's certainly the most-quoted third-party source in cybersecurity white papers, books, and eBooks. I've personally quoted stats hundreds of times from these reports since their inception in 2008.

Verizon's latest report covers data breaches investigated during 2012 by the company's RISK Team and 18 other organizations from around the globe, including various law enforcement agencies (including the U.S. Secret Service) and national computer emergency response teams (CERTs).

The report compiles information from more than 47,000 security incidents and 621 confirmed data breaches resulting in over 44 million compromised records across 27 countries. But what's particularly notable is that this is the first time Verizon has incorporated information on breaches resulting from state-sponsored cyberespionage attacks. In fact, such attacks accounted for 19% of the data breaches covered in the report, with more than 95% of the associated cases originating from China.

The full Verizon report is 63 pages long. Here are a few of the most-notable highlights:
  • 37% of breaches affected financial institutions; 24% retail
  • 92% of breaches were perpetrated by outsiders
  • 19% of breaches attributed to state-affiliated actors
  • 52% of breaches used some form of hacking
  • 40% of breaches incorporated malware
  • 29% of breaches leveraged social tactics
  • 78% of initial intrusions rated as low difficulty
  • 69% of breaches discovered by external parties
  • 66% took months or more to discover
My hat goes off to Verizon for publishing such a comprehensive report each year. To download your free copy of the 2013 Verizon DBIR, click here: