Welcome!

Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

You bought a static rule-based correlation and you want to get the most out of it, or are you planning on getting and deploying one? There are some simple steps you can take to maximize its efficiency. Ask Yourself If You Can Really Afford In-house Real-Time Incident Management The main use case for correlation is real-time incident management, so you need a 24x7x365 team of forensics experts to validate and follow-up on alerts - in real time. No need to have real-time correlation if you only have a 9-5 operation... If an alarm goes on at 3.a.m., do you have the skilled staff to act on it? If the answer is no, can you afford such a team? If you can't afford a 24x7 staff of experts, ask yourself if correlation is really the most appropriate effort for you. In other words, is this the best way for you to go about buying security? Are there better ways to spend your bud... (more)

From Data to Information to Knowledge to Intelligence

The answer is Logs. Logs are the only metadata that exists today that: Is widely available Is 100% collectable Is 100% storable On which we can run intelligent reports Allows us to understand the kinetics aspects of this ever-changing data For example logs allow us to understand if a data has had several versions and iterations and, for each iteration: Who created, modified or deleted the data When was the information created/modified/deleted What device was used for the creation/modification/deletion Was that creation/modification/deletion authorized It even gives us some cont... (more)

Fraud Detection, Financial Industry and E-Commerce | Part 2

First-party fraud involves fraudsters who apply for credit cards, loans, overdrafts and unsecured banking credit lines with no intention of paying them back. It is a serious problem for banking institutions. U.S. banks lose tens of billions of dollars every year (1) to first-party fraud, which is estimated account for as much as one-quarter or more of total consumer credit charge-offs in the United States (2). It is further estimated that 10%-20% of unsecured bad debt at leading US and European banks is misclassified, and is actually first-party fraud (3). Contrary to third-part... (more)

Logs for Better Clouds - Part 4: The Trust Factor

Trust is the fundamental business enabler. It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist.  Without trust, existing relationships cannot blossom. Trust becomes an issue as soon as there are potential conflicts of interest. As a client, do you think it's unfair that your Cloud Provider is also the entity generating reports on actual usage for Pay-per-Use billing calculations? Do you think it represents a conflict of interest? How about when your Cloud provider also generates reports on his level of compli... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 2

Rule-based log correlation is based on modeling attack scenarios Back to the visibility aspect. "By managing all your logs you get universal visibility in everything that is happening in your IT infrastructure." Yes, this is a true statement. But to tell that you can easily flag security attacks using rule-based correlation is a major overstatement. Rule-based correlation essentially automates the "If this is happening here" and "That is happening there" then "We have a problem." More precisely, "If this precise event is taking place at this particular time in this specific device... (more)