Don't know whether i'm the authority to write on this. But As a Security Product Entrepreneur from India, gone global wanted to write about this. It not me(guy who have sold everything for this idea, except my soul and body), then who else ? ;-) There're tons of my friend security entrepreneurs who're also trying to crack this space.
Please take it with a pinch of salt as the passion level may be a little one line more than the others as I've not become glorified employee of a VC on day 1 by taking funds to build this. Wanted to prove our skin in the game and taken it to extreme bootstrapping to get here.
The Pic in the title header shows the 20+ serious guys denting Indian Security Product Ecosystem.
We're here to stay and make a dent. as the domestic market itself is growing phenomenally and entrepreneurs are figuring out how to how to raise, exit, etc
Let's see the industry trend on Security investments
About Silicon Valley angles
There may be cases where the global GRC denters like convercent might have got funded 10.2 million on the day they have started their story. But FixNix may be denting still bootstrapping. Yet to figure out the global institution's take on Indian Security startups on compliance space. Sometimes it may look insulting, but the indian spirit, tenacity, perseverance and local market demand is helping us stay put. "On the day it introduced its service, convercent start-up also said it had received $10.2 million in funding led by Azure Capital Partners, Mantucket Capital and City National Bank, Till todate, the global player has raised 30.72m$" On the contrary, from India we're able to bootstrap with 200k$ debt raised from one of the states of Indian Government. The reason I'm trying to get more into FixNix funding case, it's choice of the entrepreneur. Overall, the Indian funding situation is improving a lot.
Indian banking and securities firms to spend 499 bn rupees on IT in 2015- Gartner
Indian banking and securities companies will spend 499 billion rupees on IT products and services in 2015, an increase of 9.8 percent over 2014 spend of 455 billion rupees, according to Gartner.
India will remain the world’s fastest growing information technology (IT) market in 2016 as it is expected to spend more than $72 billion on IT services, products and hardware, up from 7.2% from the current year, according to research firm Gartner Inc
Some insights from PwC survey for understanding the global picture how security incidents are leading to different programs, budgets, policies, etc
Our Chairman Prof.Subra and I were white boarding few Security Analytics modules we were envisioning for FixNix GRC platform on Risk, Audit, compliance Analytics. These new modules can drastically help Internal Audit teams and Compliance teams to predict the future areas they need to focus by a proprietary machine learning algorithm we've put together.
I don't know how many except RSA have solved the analytics need of security industry correctly. Even RSA Analytics is more about the IT part of the GRC and its future. Particularly for the GRC world, who has built a great GRC Analytics module ? Whether it's Metricstream, Lockpath, Openpages ? I don't know even anybody has inclination towards innovating towards big data, machine learning, etc. We're seriously trying to innovate and democratize this space.
Make Security Analytics affordable .. is one of our newly added mission now.
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Today's enterprise security tools have developed an ability to detect a plethora of anomalies and "events" that indicate an attack is under way. For most companies, the problem is interpreting all of that security data to identify sophisticated threats and eliminate them before a serious data loss occurs.
"We're sort of living in this alert-driven culture, but no one has the resources to respond to every alert," says Dmitri Alperovitch, co-founder and CTO of CrowdStrike, a security intelligence and Analytics firm. "There are a lot of false positives, so not every alert is going to be prioritized."
Innovations within security software, appliances, and services have automated many detection and blocking tasks, resulting in improved protection from next-generation firewalls and intrusion-prevention systems. But no matter how advanced a tool is, it will never block 100% of attacks.
That's why, even with so much sophisticated technology available today, brainpower remains the most effective tool in fighting advanced attacks. Smart analysts can connect the dots among different security alerts and logs, letting analysts hunt down and shut down the sneakiest of exploits. But as security data proliferates, these analysts are being snowed under.
Even the most highly skilled analysts can only sift through so much data per day before they become ineffective. What's more, there are only so many analysts out there -- and they don't come cheap.
For most companies, then, it's not just a matter of hiring more analysts. "It's all about how do you maximize the efficiency of your human analysts -- how you present them with the information that's most relevant to them and most actionable," Alperovitch says.
To do that, IT organizations must rethink the factors that drive their security intelligence and analysis. They need to find ways to digest data more efficiently and automate some of the easier correlations among data sets so that analysts have more time to focus on the complex ones.
There are a number of ways to improve data analysis, and much of it revolves around providing data in better context, automating data flows and mathematical analyses, and improving the way data is presented to humans when it's decision-making time.
The trouble with SIEM
Anyone who has been in IT security for a little while might stop at this point and ask, "Wait, isn't data analysis what security information and event management (SIEM) systems are for?"
When SIEM technology kicked off over a decade ago, the promise was that these platforms would become the catch-all system for storing and correlating security data across the enterprise to help analysts stop attacks in their tracks. But that was a time when the corporate attack surface was fairly limited, and the volume of attacks was still manageable. Many of these SIEM systems had a pedigree in log management, and their underlying architecture was built in a time long before the non-relational database revolutionized big data analysis. As a result, SIEM has a number of weaknesses that keep it from being an analytical superstar.
First, many SIEM platforms still can't pull in all of the necessary feeds to track attacks across the typical attack life cycle, or kill chain, which often spans endpoints, network resources, databases, and so on. Even when they can ingest data from, say, endpoint security systems, they are often unable to normalize it (meaning get the data sets into roughly the same format) and pair it with related network security data that could help analysts correlate separate events into a single attack.
"The challenge is you have endpoint systems that don't talk to log data and don't talk to network data," says Craig Carpenter of AccessData, a forensics and incident response vendor. "It may all be sitting in the SIEM, but it's not being correlated. It's not being translated into a singular language that the analyst can actually look at."
In most cases, Carpenter adds, you'll have two different teams looking at the data: the network team and the endpoint team.
"And the two alerts don't match to each other, so they look like completely different events to the analysts," he says.
As the number of security data feeds increases with more specialized services and products -- be they phishing and malware detection or external threat intelligence data -- it only gets harder to map out a single attack across all of the different infrastructure touch points. It's a case of too many alerts with little to no context.
"There's no prioritization," explains Alperovitch. "So it's easy to say with hindsight that they should have connected the dots because there was one alert, but if there's 5 million dots for you to connect, then it's really, really hard for any organization to make sense of it all."
For example, prior to its breach, the retailer Target did get an alert from its security tool, but it was lost in the noise of many other alerts coming in at a rate of hundreds a day.
However, complete mitigation will never be possible and incidents are inevitable, often with associated data breaches.
Post-event clear up requires intelligence gathering, too. The quicker that can be done, the better; more chance of finding the smoking gun.
The net result of trying to speed up incident response is that an increasing capability to use intelligence as an event is occurring. As one supplier, Cisco’s Sourcefire, puts it: the need for security intelligence is “before, during and after” an incident.
Results of the current survey show that the market is in need of analytics and intelligence wrapped around the data that is being (and can be) collected in respondent organizations. In it, only 10 percent of respondents felt truly confident in their “Big Data” intelligence and analytics capabilities. Their biggest impediment is in the process of collecting the correct data in order to make the necessary associations, followed by lack of vulnerability awareness and context. Yet these capabilities are important for a comprehensive detection and response system. The system should also be affordable and able to reduce manpower for strapped IT security departments
Security Analytics Platform
These categories emphasize varying needs for key Security Analytics features, such as deployment models, modularity, scope and depth of analysis, forensics, and monitoring, reporting and visualization. Several products are discussed, including Blue Coat Security Analytics Platform, Lancope Stealth Watch System, Juniper Networks JSA Series Secure Analytics, EMC RSA Security Analytics NetWitness, FireEye Threat Analytics Platform, Arbor Networks Security Analytics, Click Security Click Commander and Sumo Logics' cloud service.
National Association of Software and Services Companies (NASSCOM) and Data Security Council of India today announced the launch of the NASSCOM Cyber Security Task Force that aims to build India as a global hub for providing cyber security solutions, developing cyber security R&D plan and develop a skilled workforce of cyber security experts.
Readers vote on the best identity and access management systems of 2014.
The identity and access management (IAM) market has been shaped by two emerging trends over the last year: ease of use for customers, and extensibility into cloud and mobile use cases.
Sacooru, Inc. is pleased to announce the launch of the world’s first security awareness cloud training platform. Sacooru.com delivers innovative, industry standard security awareness training to individuals, corporations, schools, universities, govenrment agencies and non-profit organizations anywhere, on any device, at any-time.
The Sacooru.com cloud-based platform boasts ready-to-deliver highly engaging information security lessons, your own branded training portal, interactive 3D learning games, quizzes and a Certificate of Completion for every user. Within a few minutes companies can setup their private portal and train two, two thousand or even twenty thousand users or employees in minutes. The user interface is intuitive and simple to use, which is key for user adoption.
Lawrence Grant, CEO and Co-Founder of Sacooru, Inc. used his professional technology and information security expertise from the past 20 years leading successful enterprise-wide Security Governance, Risk and Compliance (GRC) initiatives and Information Security Technology Implementation programs to create Sacooru, Inc. As the Chief Information Security Officer at Venda Inc. and Executive Information Security Consultant at several fortune 500 companies such as Merrill Lynch, JP Morgan Chase, Chicago Mercantile Exchange Group (CME Group), Boeing Corporation, Citigroup, InvestCorp, Corning Corporation, Williams Energy, IBM , Radianz Corporation, Irving Oil, the Depository Trust Clearing Corporation among others, Mr. Grant has been on the pulse of the technologies that run today’s businesses and recognized the need to help protect individuals and companies from the threats devised by cyber criminals. “The number one weakness that cyber criminals exploit in their victims and use against corporations and their employees is the lack of awareness of knowing how to protect yourself from being hacked. The solution was Sacooru, pun intended.” says Lawrence Grant.
Currently there are numerous reports of data breaches and cyber exploits. Data theft is an enormous underground industry. Each customer record that is exposed, in any industry, whether it’s a healthcare, banking or retail company can cost the organization thousands of dollars. Larger breaches of customer records drain millions of dollars from those companies that fall victim. Sacooru.com offers an immediate solution and is a much welcomed resource to companies today.
source : virtual-strategy.com
In a country with the requisite expertise, it's surprising that few have ventured into the next level of technology such as cloud storage, cyber security and software-defined networking.
Delhi: Digital security vendor revenue (hardware, software and services) in India will grow from $882 million in 2013 to $953 million in 2014. Security spending will continue to grow to in 2015 when revenue is projected to reach $1.06 billion. Security services revenue accounted for more than 55 percent of this total revenue in 2013 and this trend will continue into the foreseeable future, says a Gartner report.
NEW YORK: BlackBerry Ltd is buying a privately held German firm that specializes in voice and data encryption, it said on Tuesday, in a bid to burnish its credentials with highly security-conscious clients like government agencies.