09 Dec

Threat Intelligence Management Framework

In order to respond effectively to the rapid growth of emerging and increasingly sophisticated threats, it is important that organisations have an effective strategy around threat intelligence management. The framework proposed by McAfee (part of Intel Security) follows a layered approach.

The Threat Intelligence Funnel

Global level intelligence sits firmly at the top. This threat intelligence is often not real time and by definition cannot be relied upon when protecting against Zero Day threats. However, global intelligence is very valuable around identifying the vast majority of commodity signature based threats. Global intelligence feeds such as GTI (Global Threat Intelligence), a service provided by McAfee; or similar services shouldn’t be relied upon in isolation. This is due to the wide range of indicators of compromise that may or may not be locally relevant. This lack of local relevance may also lead to false positives.

Some organisations may choose to subscribe to more industry focused community and third party intelligence feeds. For instance, financial services organisations may choose to subscribe to the likes of FS-ISAC and in the case of federal and public sector, GovCert may be playing a part. Other organisations may choose open source providers such as Hail A Taxii or other similar alternatives. While industry vertical-focused or third party providers are valuable and may provide more targeted threat intelligence, the indicators of compromise may still not be as relevant to specific organisations.

According to Verizon’s 2016 Data Breach Investigations Report 70-80% of threat samples that an organisation receives, are unique to that institution. This number has progressively increased in the last few years. This increase, validates the view that sophisticated and more advanced threats are targeted and arhcitected around the specific vulnerability profile of individual organisations. This changing threat landscape, highlights the importance of relevant, real-time and local intelligence gathered from local context aware sensors.

Therefore local threat information, complemented by community and global information sources as part of an actionable intelligence funnel framework is a vital component of any layered defence strategy.

24 Nov

The Ambition, The Possibility and The Reality.

In the war against Cyber Criminals, Enterprise IT teams fundamentally have a significant challenge on their hands. The fundamental problem is essentially this:

Cyber Criminals are “out innovating” Enterprise IT.

Cyber Criminals can essentially move faster than most IT organisations as they are not bound by “change control” or ITIL. They also don’t need to conform to corporate ethics, policies or compliance requirements. Additionally they don’t need to contend with corporate politics, siloed operations and empire builders.

Their mission is very simple. Gain unauthorised access to information and other assets and maximise return on time invested doing so. The rapid weaponisation of the cyberspace coupled with significant commercial opportunities for cyber criminals has given rise to ever more sophisticated, tailored, difficult to detect and targeted attacks aimed at the industry. These attacks have the potential to cause significant damage; damage to both reputation and business viability.

In an effort to build the most sophisticated defence against such threats, every IT organisations has ambitious plans to build the most powerful defence. For those Star Wars fans out there, this can be likened to the Death Star!

The Ambition

The Ambition

However due to technology and budgetary limitations,  the reality looks more like the below:

The Possibility

The Possibility

But due to the fragmented nature of the cyber security market and how organisations tend to think about “security problems”, most IT environments end up with this:

The Reality...

The Reality…

Often times, IT organisations end up with a “bag of bits”. These point solutions are often sold without any professional services attached to them and the business outcomes are often overlooked leading to vendor proliferation.

According to a study done by Penn Schoen Berland, a global market research and consulting firm, earlier in 2016, 62% of security practitioners believe that technology sprawl adversely impacts the overall security posture of organisations.

In order to build the “lego set” an integrated open and extensible architectural approach that penetrates deeper into the fabric of the organisation with the ability to learn and adapt and get stronger over time is essential.

01 Oct

VMware’s Cloud Management Strategy

VMware has steadily become a major player in the Cloud Management arena, increasing its market share gradually year on year.

VMware has adopted a multi-dimensional approach to the notion of managing the software defined enterprise, focusing on Operations, Automation and IT Business Management. According to IDC, this unified strategy has propelled VMware into a leading position in the Cloud Management space where it has dominated over 20 percent of the market share since 2012.

As part of its strategy to move away from offering point solutions, VMware leads its engagements around suite of capabilities. Specifically around cloud management, the suite on offer is currently branded as the vRealize product family.

VMware Cloud Management Architecture

VMware vRealize Suite Architecture

One of the core fundamentals of an architecture that is designed from the ground up to embrace change, is that agility is gained without loss of control, safety, security and compliance. VMware’s focus around an analytics driven intelligent operations framework can address this challenge.

As illustrated above, the core properties of intelligent IT operations are around Performance, Capacity, Configuration, Compliance and the ability to leverage unstructured data to gain deeper visibility into the environment.

IT and Business Value Convergence

In the current climate, IT organisations, more than ever, need to clearly demonstrate their impact on revenue; while exposing the true cost of IT. With VMware’s vRealize Business solution, this can be rapidly achieved. Additionally vRealize Business gives IT organisations the financial insight they need to defend decisions around where workloads are placed. vRealize Business, makes it possible to see a cost comparison around private and public cloud deployment models. This enables organisations to make intelligent decisions around where workloads are place.


While VMware has some work to do around evolving the Automation piece of the puzzle, it is incredibly simple to layer vRealize Automation (vRA) technology on top of vSphere in order to deploy a vSphere based Infrastructure As a Service. For most things outside of vSphere, vRealize Orchestrator acts as a glue to give vRA a significant level of extensibility. However, with additional extensibility comes more complexity and VMware has some work to do in this area. Having said that, compared to some other solutions out there, normally, you shouldn’t need a bus load of consultants to make vRA work for your organisation.

14 Apr

The Strategic CIO

The current landscape has changed dramatically due to the challenges surrounding the economy as well as the consumerisation of technology. This changing landscape of instant gratification and tough business operating conditions is giving rise to a new breed of Chief Information Officers, often referred to as The Strategic CIO.

Courtesy of Economist Intelligence Unit

Courtesy of Economist Intelligence Unit

Time is no longer a luxury CIOs can afford. The days of multi-year project implementations are gone. CIOs are expected to provide quick monthly/quarterly transformative initiatives significantly accelerating time to value. CIOs are now fully expected to be in lockstep with the business. You may have heard my colleagues at VMware talking about the need for IT to operate at the same speed as the business.

CIOs are now fully expected to have the technical depth as well as business knowledge. CIOs can no longer be disengaged from their’s business’s core values. They are now expected to be fully aware of their business’s processes, objective and top initiatives.

A strategic CIO’s top priority is to accelerate the delivery of such initiatives as well as and enhancing the business’s capabilities around developing a sustainable competitive advantage.

The Strategic CIO can clearly demonstrate the positive impact of technology to business leaders. From enabling the CMO to leverage social and mobile trends to accelerate the company’s online presence to helping the CFO to drive down time to close the books as well as increasing governance.

The strategic CIO will focus on making strategic technology investments by maximising the value of the overall IT budget through transitioning it away from keeping the lights on and towards continuous innovation.

14 Apr

Cloud Automation

As technology has become an integral part of most businesses, increasingly organisations have recognised an agile IT infrastructure is essential to their success going forward. As discussed in previous posts, due to the new normal market conditions IT organisations need to meet business requirements quickly. However, that’s no longer enough. IT organisations also need to develop the capability to anticipate upcoming business trends and adjust their posture accordingly. Organisations that recognise this need, are actively seeking to  reduce the “Human Latency” factor and streamline their processes wherever possible.

I have come across several organisations recently where the need for automation hasn’t been fully recognised resulting in a situation where manual tasks, configurations and other pesky and repetitive non-value adding activities, take time resulting in delays, generating errors and inconsistencies. The following issues feature in such organisations.

  1. The culture of hoarding and general over-provisioning of resources is pervasive leading to lack of efficiency.
  2. Lines of businesses and various departments tend to bypass IT and provision their own infrastructures leading to loss of control.
  3. Unauthorised use of public and private cloud resources is the norm and often unknown to IT, leading to potential loss of valuable intellectual property.
IT Transformation

Image commissioned by EMC Global Services.

In contrast, enterprises that are moving forward with automation investing in technologies such as vRealize Automation from VMware, have moved significantly towards:

  1. Transforming their culture to that of just-in-time and just-right provisioning and consumption model.
  2.  Self-service and on-demand access to resources leading to a better “churn-rate” in resource usage improving asset utilisation.
  3. Getting out of the way of business agility while retaining full control.
  4. Transforming the IT organisation from builders of infrastructure to broker of services and innovation centres of excellence.

In order to successfully move towards a X-as-a-Service delivery model, businesses will need to re-engineer their internal processes and in some case restructure their teams. Without this, automation aspirations can prove extremely costly and potentially not feasible. This is not necessarily a problem technology alone can fix.

14 Apr

Software Defined Architecture

The effects of the financial armageddon of 2008 is largely still with us. Emergency monetary policies such as quantitative easing that were executed globally some of which dating back to 2001, have effectively pumped “funny money” into the system to the tune of multiple trillions of US dollars. The net effect of this is the diminishing value of all major currencies. This has resulted in organisations and individual consumers to qualify and scrutinise their spending much more carefully.

Additionally, thanks to the late Steve Jobs,  the consumerisation of technology has given birth to a generation of very informed and well connected buyers giving rise to a compare-the-market-dot-com landscape.

The above factors have created challenging, dynamic and unpredictable market conditions that will probably stay with us for the foreseeable future forming our new normal.

Therefore if businesses do not deliver their goods and services faster, better and more valuable (not necessarily cheaper) than their competition, they will lose potentially significant revenue opportunities.

The Future of Information Technology

Image commissioned by EMC Global Services

Many organisations today recognise the true potential of Information Technology as a strategic weapon and have transformed their view of IT from being purely a cost centre to a potentially disruptive innovation engine.

For almost over a decade VMware has lead this transformation giving rise to the notion of a Software Defined Architecture. Whilst we can all accept that Tin matters, it is clear that physical-oriented, manually driven, siloed architectures of the past that are designed from the ground up to be “predictable” have rapidly lost their relevance to Software Defined Architectures that are designed from the ground up to embrace, enable and de-risk change completely transforming the approach to change management.

One of the bi-products of the software defined approach is that by definition architectural intelligence is constructed in software and as such it can be easily manipulated. A programmable, policy engine at the heart of this architecture will enable IT organisations to define what good looks like allowing the intelligent infrastructure to delivery against such policies and do so at scale.

Therefore the ability to operate at scale without a significant rise in operational costs is a fundamental property of an intelligent Software Defined Architecture.