Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

Daisy Chaining Clouds, how transitive is Trust? So we talked about some of the challenges - and hence opportunities - faced by Cloud Providers.  Last time we talked about Trust, and how important Trust is for business relationships. Trust is already difficult in pretty straightforward environments, but in the context of Clouds, it can become very fuzzy...   Read on. Clouds: Providers, Clients, Partners and Competitors... all at the same time! We could imagine a world where there are so many cloud providers, so many interconnections between them and so many trust relationships that end-client duties are performed by different cloud providers based on the time of the day, the type and complexity of the task or any other criteria. This means that a Cloud Provider can be both provider and client. We could even envision that some Cloud Providers can be both partners as well ... (more)

Preventive Security Through Behavior Modification - Part 2

Last week, we saw that Defensive Security is not enough to solve the $1 trillion Intellectual Property and IT theft and cybercrime problem. This week, more about Preventive Security. Preventive Security is a set of technologies and processes used to prevent security incidents from even being attempted. These include awareness and training programs, establishment of proper policies and procedures and the use of technology solutions in support of existing laws. In fact, this is not very different from "regular" crime and how we deal with it. We arm ourselves with the means to catch ... (more)

Preventive Security Through Behavior Modification - Part 3

This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crime, but also as evidence in a court of law, provided that they have been properly managed. Second, logs are widely available. Logs have been around for the past 25 years and today all electronic equipments are capable of generating logs. Third, best practices for log management are mature, all system adm... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... (Part 6 - APTs)

APTs, Advanced Persistent Threats, are the anti-script-kiddies approach to penetrating an environment. Can static rule-based correlation catch these? APT Attackers Love Correlation Environments You remember that "False Sense of Security," the feeling that you are secure, but in fact you're not...? Attackers know that an attack is a process, it is not an event. And they use this - and they use time - to their advantage. They use time scales that static rule-based correlation simply cannot cope with. If you want to correlate disparate events, you need to keep state information on th... (more)

Conclusion: Why Rule-Based Log Correlation Is Almost a Good Idea...

During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought it was. Indeed what to think about a "solution" that: Can only address a very limited set of attack scenarios Requires meticulous consideration on how to map out the few selected attack scenarios Doesn't guarantee you to catch attacks in progress even when one of the few selected scenario is taking place Obliges you to think of minute details to slightly reduce false positives Yields hundreds and thousands of basic correlat... (more)