- Released today, Ed Amoroso’s 2017 TAG Cyber Security Annual – a practical guide for anyone serious about cybersecurity.
- Simon Crosby talks about his experience with Ed and why this compendium is worth your read.
- The Annual is a free download for anyone who’s interested.
When I was a grad student at Cambridge in the mid 90s, Ed Amoroso was already directing AT&T’s cyber security programs. He had both the vision to lead cyber security research at AT&T Labs, and the clout to deliver a real difference – to AT&T’s customers.
He is a CISO first and foremost.
He’s a practitioner who seeks technologies that can transform enterprise security without up-ending the organization. His path to success as CISO of AT&T will, I’m sure, be familiar to many – a rare combination of insight, inspiration, patience, hard work and dogged determination. When Ed retired, I assumed he’d hang up his gloves and relax after a fight well fought. I underestimated his determination to change the security landscape for the better – for all of us.
Today sees the publication of one of the most important guides ever created for cyber security practitioners – Ed’s personally written, comprehensive analysis of fifty leading cyber security vendors and their products, in the 2017 TAG Cyber Security Annual which is freely available and re-distributable.
Here’s an excerpt from the abstract, which makes his determination and purpose clear:
I wrote every word of this 2017 TAG Cyber Security Annual based on my experience, opinion, and research – and I wrote it for one purpose: To serve as s useful guide for Chief Information Security Officer (CISO) teams. My desire was to make all three volumes of the 2017 TAG Cyber Security Annual free to practitioners, and any other person or groups who might find the content useful. To the end, roughly fifty cyber security vendors served as sponsors, agreeing to distribute the Annual with no pre-arranged agreements about the nature of the analysis included. They kindly offered their advice, expertise, and knowledge in the development of this report – and to that end, they are referenced here as distinguished vendors. With their assistance, this report would not exist.
Free Download: Get the 2017 TAG Cyber Security Annual
I’ve barely begun to explore the Annual’s 288 pages myself, but from what I’ve read, the analysis is remarkable because the contents are based on interviews, personally conducted by Ed. The result is a narrative that will be invaluable to InfoSec Pros because it dispenses with the B.S. Ed is an expert, and assumes his reader is an expert, and doesn’t waste time trying to dumb down the innovation of today’s vendors. Reading this Annual makes it resoundingly clear that a shoddy approach to enterprise security is not acceptable, and moreover our horrendous recent history of breaches is not for want of great innovation. What is needed is action – from CISOs and CIOs. This Annual is therefore a call to action.
In my view, if there is one guide to use to drive your cyber security investment in the coming years, it is this one.
My interview with Ed offered me an opportunity to describe how Bromium is different from the traditional narrow categories of the legacy age of enterprise security, when folks thought the network perimeter was defensible, and that detection on the endpoint actually stood a chance. Bromium is covered in detail in Volume 2. Here’s why we are different, and Ed absolutely got it:
Bromium uses enterprise endpoints to transform enterprise-wide security, automating protection, detection and response. Unlike today’s EPP vendors, Bromium assumes endpoints are vulnerable, “in the wild”, and that users will “click on anything” – so malware will execute. Bromium uses micro-virtualization to automate endpoint protection and remediation, and to deliver tamper-proof endpoint monitoring. Insights from all endpoints are correlated in real-time to accelerate enterprise-wide response to an attack, enabling security teams to quickly search for symptoms of a breach.
It has been a privilege to work with Ed to help to launch this valuable security resource. Our joint goal is to dramatically change the odds for enterprises in an era of determined, focused attacks. Ed has made a massive contribution to our collective security and I applaud his dedication, impartiality and commitment to this singular goal.