APTs, Advanced Persistent Threats, are the anti-script-kiddies approach to
penetrating an environment. Can static rule-based correlation catch these?
APT Attackers Love Correlation Environments
You remember that "False Sense of Security," the feeling that you are secure,
but in fact you're not...?
Attackers know that an attack is a process, it is not an event. And they use
this - and they use time - to their advantage. They use time scales that
static rule-based correlation simply cannot cope with.
If you want to correlate disparate events, you need to keep state information
on these events, and of course the longer you need to keep the state, the
more expensive it becomes, expensive in RAM, CPU, storage etc etc., to the
point where it is not affordable anymore.
Did you know that many/most static rule-based correlation engines cannot keep
state for more than a few mi... (more)
First-party fraud involves fraudsters who apply for credit cards, loans,
overdrafts and unsecured banking credit lines with no intention of paying
them back. It is a serious problem for banking institutions. U.S. banks lose
tens of billions of dollars every year (1) to first-party fraud, which is
estimated account for as much as one-quarter or more of total consumer credit
charge-offs in the United States (2). It is further estimated that 10%-20% of
unsecured bad debt at leading US and European banks is misclassified, and is
actually first-party fraud (3).
Contrary to third-part... (more)
This article discusses some of the main defensive security solutions used
today and explains the reasons why employing a Log Management and
Intelligence solution is critical to complement these protection methods.
Let's first look at the most common defensive security solutions that have
been popular these past few years. This is not an exhaustive list of all
existing technologies, but rather a high-level view of some of the prevalent
These corresp... (more)
Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to ... (more)
ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Clou... (more)