Welcome!

Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

The debate between data and information has been going on for quite some time. When people say "knowledge is power", are they referring to data or information? Is knowledge different still? And how about "intelligence" where does that fit? How can we go from data to information to knowledge to intelligence? The answer is simple. By understanding the animated nature of data evolution and transformation, and acting upon this understanding. And this is brought to light by logs from your Information Systems. Understand this and unleash the Power of Logs. Figure 1 - Data to Information to Knowledge to Intelligence, and the role of logs as metadata Data seems mainly one-dimensional. Consult any data base or data warehouse, perform even complex queries on these and you will get a "flat" answer. The fact that you get a single answer will make you think that data is absolut... (more)

Back from SecureCloud 2010 in Barcelona

Back from SecureCloud 2010 in Barcelona I’ve been in information and system security for almost 20 years. Yes it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in the making; I was working on Arpanet and Internet wasn’t born; and information security was a non-issue, all my friends, colleagues, coworkers and family were telling me “don’t even try and make a living out of this dead-end information security thingy stuff”. But somehow I was convinced that it would be a great ride, that it would be fun and that I had to do it. My crystal ball was crystal clear,... (more)

Logs for Better Clouds - Part 7: Log Integrity

Not all Log Management solutions are created equal... Trusting your logs. Log Integrity is at the core of using logs for such purpose as building Trust, providing non-repudiation and indisputable proof in business relationships between Customers and Providers, but also to provide for evidence admissible in a court of law. We saw that not all Log Management solutions are created equal, and we saw some high-level requirements in terms of log collection and log reporting. We need a solution that is simple to deploy - we want an enabler, not a disabler - and a solution that allows a ... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 2

Rule-based log correlation is based on modeling attack scenarios Back to the visibility aspect. "By managing all your logs you get universal visibility in everything that is happening in your IT infrastructure." Yes, this is a true statement. But to tell that you can easily flag security attacks using rule-based correlation is a major overstatement. Rule-based correlation essentially automates the "If this is happening here" and "That is happening there" then "We have a problem." More precisely, "If this precise event is taking place at this particular time in this specific device... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea (Part 8)

You bought a static rule-based correlation and you want to get the most out of it, or are you planning on getting and deploying one? There are some simple steps you can take to maximize its efficiency. Ask Yourself If You Can Really Afford In-house Real-Time Incident Management The main use case for correlation is real-time incident management, so you need a 24x7x365 team of forensics experts to validate and follow-up on alerts - in real time. No need to have real-time correlation if you only have a 9-5 operation... If an alarm goes on at 3.a.m., do you have the skilled staff to act... (more)