Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to e-mail systems, online banking
sites, Facebook, Yahoo, Hotmail and other social networking credentials 2,000
SSL certificate files Dossier-level data sets on individuals, including
complete dumps of entire identities from victims' machines.
Penetration of this scale and amongst such an esteeme... (more)
ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Clou... (more)
We'll see below some examples of security attack scenario that many people
will put forth as a perfect example of how powerful, valuable and simple
As you can see, the overall approach of using static rule-based correlation
on these is simply flawed.
Attack Scenario Example 1: Identity Theft
There are numerous ways to perform an Identity Theft attack, but let's focus
on just one of them, recognizing that somebody cannot be in two places at the
same time and hence that a user cannot log in your infrastructure from VPN
and locally from the office "at the same time."... (more)
Performance Tolls - Why you cannot correlate 100% of your logs...?
Compounding the combinatory explosion in the number of static-based
correlation rules, it is impossible to correlate 100% of all your logs, it is
just too expensive and not practical. Read on...
A correlation engine works really hard, even when dealing with a limited set
Each scenario requires lots of rules and exceptions, and most of these rules
need to be interpreted further as dozen, if not hundred of simple checks and
tests. For example, you may want to flag loops with a simple rule such as "IP
These past few weeks, I published several blogs pointing out problems with
static rule-based correlation, their current limitations, their high TCO,
Because these solutions have been sold for many years as the be all and end
all to security problems, it has created false expectations in the industry
and among clients.
But SIEM as a general discipline holds plenty of promises, so let's not throw
the baby with the bathwater.
Let's think of static rule-based correlation as the engine for the first
generation of Security Information and Event Management (SIEM).
Looking in my c... (more)