Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

The answer is Logs. Logs are the only metadata that exists today that: Is widely available Is 100% collectable Is 100% storable On which we can run intelligent reports Allows us to understand the kinetics aspects of this ever-changing data For example logs allow us to understand if a data has had several versions and iterations and, for each iteration: Who created, modified or deleted the data When was the information created/modified/deleted What device was used for the creation/modification/deletion Was that creation/modification/deletion authorized It even gives us some context information that we can use in order to infer some additional information In fact, properly used logs allow us to understand a lot about how the data came about and the different iterations of this data. Granted, this is not as good as the brain’s holographic capabilities to keep and pro... (more)

Unleashing The Power of Logs

This article discusses some of the main defensive security solutions used today and explains the reasons why employing a Log Management and Intelligence solution is critical to complement these protection methods. Let's first look at the most common defensive security solutions that have been popular these past few years. This is not an exhaustive list of all existing technologies, but rather a high-level view of some of the prevalent ones. 1.       Anti-virus 2.       Firewalls/VPN 3.       IDS/IPS 4.       Anti-Trojan/worms 5.       Anti-Spyware 6.       SIEMs These corresp... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... (Part 5)

Performance Tolls - Why you cannot correlate 100% of your logs...? Compounding the combinatory explosion in the number of static-based correlation rules, it is impossible to correlate 100% of all your logs, it is just too expensive and not practical. Read on... A correlation engine works really hard, even when dealing with a limited set of scenarios: Each scenario requires lots of rules and exceptions, and most of these rules need to be interpreted further as dozen, if not hundred of simple checks and tests. For example, you may want to flag loops with a simple rule such as "IP O... (more)

From Data to Information to Knowledge to Intelligence

The debate between data and information has been going on for quite some time. When people say "knowledge is power", are they referring to data or information? Is knowledge different still? And how about "intelligence" where does that fit? How can we go from data to information to knowledge to intelligence? The answer is simple. By understanding the animated nature of data evolution and transformation, and acting upon this understanding. And this is brought to light by logs from your Information Systems. Understand this and unleash the Power of Logs. Figure 1 - Data to Informatio... (more)

Kneber: Another Bot Attack

Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer. Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes: 68,000 corporate log-in credentials Access to ... (more)