Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer. Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes: 68,000 corporate log-in credentials Access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials 2,000 SSL certificate files Dossier-level data sets on individuals, including complete dumps of entire identities from victims' machines. Penetration of this scale and amongst such an esteeme... (more)

Logs for Better Clouds - Part 7: Log Integrity

Not all Log Management solutions are created equal... Trusting your logs. Log Integrity is at the core of using logs for such purpose as building Trust, providing non-repudiation and indisputable proof in business relationships between Customers and Providers, but also to provide for evidence admissible in a court of law. We saw that not all Log Management solutions are created equal, and we saw some high-level requirements in terms of log collection and log reporting. We need a solution that is simple to deploy - we want an enabler, not a disabler - and a solution that allows a ... (more)

Preventive Security Through Behavior Modification

Over the next few weeks, we'll investigate how the expression "An ounce of prevention is worth a pound of cure" could also be applied to the IT world, and what are the tools to foster preventive security through behavior modification. When looking at IT security, it seems that most of the security solutions today are based on Defensive Security. Technologies such as AntiVirus, Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems, Anti-Trojan, Anti-Worms, and Anti-Spyware belong in this category. The primary focus of these technologies is defending against secu... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... (Part 5)

Performance Tolls - Why you cannot correlate 100% of your logs...? Compounding the combinatory explosion in the number of static-based correlation rules, it is impossible to correlate 100% of all your logs, it is just too expensive and not practical. Read on... A correlation engine works really hard, even when dealing with a limited set of scenarios: Each scenario requires lots of rules and exceptions, and most of these rules need to be interpreted further as dozen, if not hundred of simple checks and tests. For example, you may want to flag loops with a simple rule such as "IP O... (more)

Conclusion: Why Rule-Based Log Correlation Is Almost a Good Idea...

During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought it was. Indeed what to think about a "solution" that: Can only address a very limited set of attack scenarios Requires meticulous consideration on how to map out the few selected attack scenarios Doesn't guarantee you to catch attacks in progress even when one of the few selected scenario is taking place Obliges you to think of minute details to slightly reduce false positives Yields hundreds and thousands of basic correlat... (more)