Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer. Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes: 68,000 corporate log-in credentials Access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials 2,000 SSL certificate files Dossier-level data sets on individuals, including complete dumps of entire identities from victims' machines. Penetration of this scale and amongst such an esteeme... (more)

60% of EMEA still NOT using Cloud Services

ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. It turns out that UK businesses are leading Europe on Cloud Adoption 40% to 33%. But a whopping 35% of respondents do not plan to use Cloud for any IT services (actually 35.6% in Europe and 31.8% in the UK). This is a huge impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and PaaS respectively Software as a Service, Infrastructure as a Service and Platform as a Service. Let’s spin this another way: 60% of respondents are not using Clou... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 3

We'll see below some examples of security attack scenario that many people will put forth as a perfect example of how powerful, valuable and simple correlation is. As you can see, the overall approach of using static rule-based correlation on these is simply flawed. Attack Scenario Example 1: Identity Theft There are numerous ways to perform an Identity Theft attack, but let's focus on just one of them, recognizing that somebody cannot be in two places at the same time and hence that a user cannot log in your infrastructure from VPN and locally from the office "at the same time."... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... (Part 5)

Performance Tolls - Why you cannot correlate 100% of your logs...? Compounding the combinatory explosion in the number of static-based correlation rules, it is impossible to correlate 100% of all your logs, it is just too expensive and not practical. Read on... A correlation engine works really hard, even when dealing with a limited set of scenarios: Each scenario requires lots of rules and exceptions, and most of these rules need to be interpreted further as dozen, if not hundred of simple checks and tests. For example, you may want to flag loops with a simple rule such as "IP O... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea: The Future of SIEM

These past few weeks, I published several blogs pointing out problems with static rule-based correlation, their current limitations, their high TCO, etc. Because these solutions have been sold for many years as the be all and end all to security problems, it has created false expectations in the industry and among clients. But SIEM as a general discipline holds plenty of promises, so let's not throw the baby with the bathwater. Let's think of static rule-based correlation as the engine for the first generation of Security Information and Event Management (SIEM). Looking in my c... (more)