Druce MacFarlane is the Director of Security Products with Gigamon. He has more than two decades of progressive product management and marketing leadership experience with network and cybersecurity organizations ranging from large corporations to smaller startups, including FireEye, Bricata, Aruba and Netscout.
Druce previously ran the products organization at Cyphort and helped McAfee transition during its spin out from Intel Corporation.
The opinions expressed in this blog are those of Druce MacFarlane and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.
Incident response is a slave to time. From time-to-detection through time-to-containment, time is the crucial factor when responding to any threat.
Every business function seeks to apply finite resources to maximum benefit, and to do that effectively in security, like threats, requires a keen understanding of those costs that are known and those that are hiding.
Security will find indications of compromise revealed in public disclosures exponentially more valuable if they find a way to go back and compare historical data against the new intelligence.
The advent of laterally spreading malware requires the security community to progressively build out incident response to include more thorough scoping to determine the true extent of an event and threat hunting to find those threats that are still h
If signatures in cybersecurity are like fingerprints in a criminal investigation, behavioral detection is like profiling – it’s harder to hide, but it’s not foolproof either.
The complicating factors that prompted a technology analyst to label the market as obsolete 14 years ago still persist today; it remains a rallying cry for greater security innovation.
As the shortage of skilled security staff widens, the effects on policy and products in overall security organization must be factored into the choice to pursue alternative sources of talent.
A layered security posture provides alternative ways to fend off adversaries seeking out unpatched vulnerabilities while enterprises test patches for compatibility