John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Security Immersion Therapy: Summing Up the 2010 Gartner Security Summit

by John Pescatore  |  June 24, 2010  |  Submit a Comment

This past Sunday through Wednesday was the 16th annual Gartner Information Security Summit, held for the past 7 or 8 years in the Washington DC area where I live. I’ve used this line before, but at these conferences Gartner uses every part of an analyst, including the oink – we are either doing presentations, talking with clients in formal 1-1s, or during HDRs (hallway design reviews) informally. Or even much, much more informally at H3SDRs (Half Hammered Hospitality Suite Design Reviews)…

I did presentations on Cloud Security, FISMA changes, Clean Pipes, DNSSec (with Lawrence Orans) and hosted user case studies on automating vulnerability management using SCAP (Security Content Automation Protocol) at Orbitz, and another on very advanced Computer Forensics by a branch manager from the Transportation Security Agency.

My one on one meetings and conversations ran the gamut but I’d say the three major themes were:

  1. Cloud security – is anyone really using cloud, if so (mostly not so) what did they do about security?
  2. Consumerization – more pressure to allow iPhone/iPad, Droid phones, home PCs, consumer-grade web sites, etc.
  3. Botnets/Advanced Persistent Threat – the Google compromise gave it visibility but many, many more enterprises have been impacted by targeted threats.

For government clients, both of the above squarely collide with FISMA and some of the coming changes. Similarly, for those in retail these trends collide with the Payment Card Industry Data Security Standards.

The last issue, targeted threats/botnets/APT (DoD lingo) also brought out a lot of dissatisfaction with the large incumbent vendors who are doing a very poor job of dealing with targeted threats. That’s why in our Cool Vendors research notes for several years I’ve highlighted innovative small vendors in the security as a service and application security areas that are dealing with targeted threats.

This is a continuing truism in the security markets: threats change, larger vendors react slowly, smaller innovative vendors react more quickly. Some break out, many get acquired, many fail.  But for every acquisition there is usually one or more startups – if you are hoping for a single vendor to manage, please change careers!

Submit a Comment »

Category: Uncategorized     Tags:

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment