Performance Tolls - Why you cannot correlate 100% of your logs...?
Compounding the combinatory explosion in the number of static-based
correlation rules, it is impossible to correlate 100% of all your logs, it is
just too expensive and not practical. Read on...
A correlation engine works really hard, even when dealing with a limited set
Each scenario requires lots of rules and exceptions, and most of these rules
need to be interpreted further as dozen, if not hundred of simple checks and
tests. For example, you may want to flag loops with a simple rule such as "IP
Origin" = "IP Destination". If you have 1 000 logs this means that for each
log you need to do 1 000 tests. Imagine having a million logs, a trillion
logs, which is not uncommon on a medium sized infrastructure over a couple
days. Each scenario requires state information to be kept and managed ... (more)
First-party fraud involves fraudsters who apply for credit cards, loans,
overdrafts and unsecured banking credit lines with no intention of paying
them back. It is a serious problem for banking institutions. U.S. banks lose
tens of billions of dollars every year (1) to first-party fraud, which is
estimated account for as much as one-quarter or more of total consumer credit
charge-offs in the United States (2). It is further estimated that 10%-20% of
unsecured bad debt at leading US and European banks is misclassified, and is
actually first-party fraud (3).
Contrary to third-part... (more)
Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to ... (more)
ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Clou... (more)
We saw what typically happens when trying to use static rule-based log
correlation to perform real-time incident management... combinatory explosion
and lack of scalability. How do you automate non-deterministic attacks in a
few discrete steps???
Today, we'll look at more scenarios for which static rule-based log
correlation doesn't make sense.
Attack Scenario Example 2: Brute Force Attack
Let's look at another example scenario. Brute Force Attack.
- A user tries to log in to his account
- He fails many times in a row and then finally succeeds
- Then "probably" a successful Brute ... (more)