Welcome!

Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios for which static rule-based log correlation doesn't make sense. Attack Scenario Example 2: Brute Force Attack Let's look at another example scenario. Brute Force Attack. - A user tries to log in to his account - He fails many times in a row and then finally succeeds - Then "probably" a successful Brute Force Attack just took place Again, let's look at this apparently simple scenario in more details. - Some organizations consider it more likely that Brute Force has taken place if the login failed are on the same account. o But what if the attacker attacks different accounts? § The attack may... (more)

Conclusion: Why Rule-Based Log Correlation Is Almost a Good Idea...

During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought it was. Indeed what to think about a "solution" that: Can only address a very limited set of attack scenarios Requires meticulous consideration on how to map out the few selected attack scenarios Doesn't guarantee you to catch attacks in progress even when one of the few selected scenario is taking place Obliges you to think of minute details to slightly reduce false positives Yields hundreds and thousands of basic correlat... (more)

From Data to Information to Knowledge to Intelligence

The debate between data and information has been going on for quite some time. When people say "knowledge is power", are they referring to data or information? Is knowledge different still? And how about "intelligence" where does that fit? How can we go from data to information to knowledge to intelligence? The answer is simple. By understanding the animated nature of data evolution and transformation, and acting upon this understanding. And this is brought to light by logs from your Information Systems. Understand this and unleash the Power of Logs. Figure 1 - Data to Informatio... (more)

Logs for Better Clouds - Part 4: The Trust Factor

Trust is the fundamental business enabler. It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist.  Without trust, existing relationships cannot blossom. Trust becomes an issue as soon as there are potential conflicts of interest. As a client, do you think it's unfair that your Cloud Provider is also the entity generating reports on actual usage for Pay-per-Use billing calculations? Do you think it represents a conflict of interest? How about when your Cloud provider also generates reports on his level of compli... (more)

Logs for Better Clouds - Part 5: Daisy Chaining Clouds

Daisy Chaining Clouds, how transitive is Trust? So we talked about some of the challenges - and hence opportunities - faced by Cloud Providers.  Last time we talked about Trust, and how important Trust is for business relationships. Trust is already difficult in pretty straightforward environments, but in the context of Clouds, it can become very fuzzy...   Read on. Clouds: Providers, Clients, Partners and Competitors... all at the same time! We could imagine a world where there are so many cloud providers, so many interconnections between them and so many trust relationships that ... (more)