Daisy Chaining Clouds, how transitive is Trust?
So we talked about some of the challenges - and hence opportunities - faced
by Cloud Providers. Last time we talked about Trust, and how important
Trust is for business relationships.
Trust is already difficult in pretty straightforward environments, but in the
context of Clouds, it can become very fuzzy... Read on.
Clouds: Providers, Clients, Partners and Competitors... all at the same time!
We could imagine a world where there are so many cloud providers, so many
interconnections between them and so many trust relationships that end-client
duties are performed by different cloud providers based on the time of the
day, the type and complexity of the task or any other criteria.
This means that a Cloud Provider can be both provider and client.
We could even envision that some Cloud Providers can be both partners as well ... (more)
Last week, we saw that Defensive Security is not enough to solve the $1
trillion Intellectual Property and IT theft and cybercrime problem.
This week, more about Preventive Security.
Preventive Security is a set of technologies and processes used to prevent
security incidents from even being attempted. These include awareness and
training programs, establishment of proper policies and procedures and the
use of technology solutions in support of existing laws.
In fact, this is not very different from "regular" crime and how we deal with
it. We arm ourselves with the means to catch ... (more)
This week let's review why logs are such a popular and powerful tool when
performing forensics, and how to insure that investigators are working from a
clean stream of data.
Logs used in forensics have several distinct advantages.
First, logs can be used not only to solve the IT crime, but also as evidence
in a court of law, provided that they have been properly managed.
Second, logs are widely available. Logs have been around for the past 25
years and today all electronic equipments are capable of generating logs.
Third, best practices for log management are mature, all system adm... (more)
APTs, Advanced Persistent Threats, are the anti-script-kiddies approach to
penetrating an environment. Can static rule-based correlation catch these?
APT Attackers Love Correlation Environments
You remember that "False Sense of Security," the feeling that you are secure,
but in fact you're not...?
Attackers know that an attack is a process, it is not an event. And they use
this - and they use time - to their advantage. They use time scales that
static rule-based correlation simply cannot cope with.
If you want to correlate disparate events, you need to keep state information
on th... (more)
During these past few weeks, we have looked at several reasons why a static
rule based correlation is not the "SOC in a Box", end-all be all that many
thought it was.
Indeed what to think about a "solution" that:
Can only address a very limited set of attack scenarios Requires meticulous
consideration on how to map out the few selected attack scenarios Doesn't
guarantee you to catch attacks in progress even when one of the few selected
scenario is taking place Obliges you to think of minute details to slightly
reduce false positives Yields hundreds and thousands of basic correlat... (more)