Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios for which static rule-based log correlation doesn't make sense. Attack Scenario Example 2: Brute Force Attack Let's look at another example scenario. Brute Force Attack. - A user tries to log in to his account - He fails many times in a row and then finally succeeds - Then "probably" a successful Brute Force Attack just took place Again, let's look at this apparently simple scenario in more details. - Some organizations consider it more likely that Brute Force has taken place if the login failed are on the same account. o But what if the attacker attacks different accounts? § The attack may... (more)

Fraud Detection, Financial Industry and E-Commerce | Part 2

First-party fraud involves fraudsters who apply for credit cards, loans, overdrafts and unsecured banking credit lines with no intention of paying them back. It is a serious problem for banking institutions. U.S. banks lose tens of billions of dollars every year (1) to first-party fraud, which is estimated account for as much as one-quarter or more of total consumer credit charge-offs in the United States (2). It is further estimated that 10%-20% of unsecured bad debt at leading US and European banks is misclassified, and is actually first-party fraud (3). Contrary to third-part... (more)

Preventive Security Through Behavior Modification

Over the next few weeks, we'll investigate how the expression "An ounce of prevention is worth a pound of cure" could also be applied to the IT world, and what are the tools to foster preventive security through behavior modification. When looking at IT security, it seems that most of the security solutions today are based on Defensive Security. Technologies such as AntiVirus, Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems, Anti-Trojan, Anti-Worms, and Anti-Spyware belong in this category. The primary focus of these technologies is defending against secu... (more)

Preventive Security Through Behavior Modification - Part 3

This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crime, but also as evidence in a court of law, provided that they have been properly managed. Second, logs are widely available. Logs have been around for the past 25 years and today all electronic equipments are capable of generating logs. Third, best practices for log management are mature, all system adm... (more)

Preventive Security Through Behavior Modification - Part 4

Last week we saw that a proper Log Management tool is a powerful tool to catch the bad guys. Advertise your use of such a tool and you will send a clear signal to would-be attackers that they will be caught, which will act as a powerful deterrent, and curb bad behaviors. A 2004 study from Ibas, a computer forensics firm, conducted on 400 UK businesses showed that "69.6% of business professionals have stolen some form of corporate IP from their employer when leaving a job." I simply cannot believe that 69.6% of the people are "bad guys," responsible for a trillion dollar worldwid... (more)