Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

Banks and Insurance companies lose billions of dollars every year to fraud. Traditional methods of fraud detection play an important role in minimizing these losses. However increasingly sophisticated fraudsters have developed a variety of ways to elude discovery, both by working together and by leveraging various other means of constructing false identities. Graph databases offer new methods of uncovering fraud rings and other sophisticated scams with a high-level of accuracy, and are capable of stopping advanced fraud scenarios in real-time. While no fraud prevention measures can ever be perfect, significant opportunity for improvement can be achieved by looking beyond the individual data points, to the connections that link them. Oftentimes these connections go unnoticed until it is too late- something that is unfortunate, as these connections oftentimes hold the... (more)

Logs for Better Clouds - Part 3: On-Demand Rightsizing

Cloud Computing on Ulitzer Last time we saw the difficulty in Predictive Rightsizing, a frustrating exercize based on "guesstimation" aimed at predicting future SLA in an everchanging business environment... So what's the answer? The solution is a truly dynamic, elastic, real-time on-demand SLA with a provisioning that is transparent to the users. Provided that you stay within some reasonable boundaries, you can use as many resources as you need, or as few as required, ramping up and slowing down resource usage, without having to provision SLA in advance of usage. This is the ul... (more)

Blippy Credit Card Breach - Lessons for the Future

Are we growing immune to bad news about security breach? I sure hope not, although it's hard to keep up with all of them. Did you read about the Blippy Data Breach at http://bit.ly/cyR5aU? You know, Blippy, that up-and-coming startup that allowed very sensitive information to leak out and then tried to downplay the incident. Not good.  And when their users fled and tried to cancel service, their canceling service went down.  Oops... Blippy should have known better, too... their business model is based on manipulating very sensitive data - including credit card information. And t... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 2

Rule-based log correlation is based on modeling attack scenarios Back to the visibility aspect. "By managing all your logs you get universal visibility in everything that is happening in your IT infrastructure." Yes, this is a true statement. But to tell that you can easily flag security attacks using rule-based correlation is a major overstatement. Rule-based correlation essentially automates the "If this is happening here" and "That is happening there" then "We have a problem." More precisely, "If this precise event is taking place at this particular time in this specific device... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... Part 4

We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios for which static rule-based log correlation doesn't make sense. Attack Scenario Example 2: Brute Force Attack Let's look at another example scenario. Brute Force Attack. - A user tries to log in to his account - He fails many times in a row and then finally succeeds - Then "probably" a successful Brute ... (more)