Over the next few weeks, we'll investigate how the expression "An ounce of
prevention is worth a pound of cure" could also be applied to the IT world,
and what are the tools to foster preventive security through behavior
When looking at IT security, it seems that most of the security solutions
today are based on Defensive Security. Technologies such as AntiVirus,
Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems,
Anti-Trojan, Anti-Worms, and Anti-Spyware belong in this category. The
primary focus of these technologies is defending against security attacks in
progress. Other categories of security exist of course, such as Proactive
Security (including Vulnerability Management) and Remediation Security (e.g.
Patch Management), but the industry focus these past few years has been on
It is amazing that despite a... (more)
The answer is Logs.
Logs are the only metadata that exists today that:
Is widely available Is 100% collectable Is 100% storable On which we can run
intelligent reports Allows us to understand the kinetics aspects of this
For example logs allow us to understand if a data has had several versions
and iterations and, for each iteration:
Who created, modified or deleted the data When was the information
created/modified/deleted What device was used for the
creation/modification/deletion Was that creation/modification/deletion
authorized It even gives us some cont... (more)
Banks and Insurance companies lose billions of dollars every year to fraud.
Traditional methods of fraud detection play an important role in minimizing
these losses. However increasingly sophisticated fraudsters have developed a
variety of ways to elude discovery, both by working together and by
leveraging various other means of constructing false identities.
Graph databases offer new methods of uncovering fraud rings and other
sophisticated scams with a high-level of accuracy, and are capable of
stopping advanced fraud scenarios in real-time.
While no fraud prevention measures c... (more)
Back from SecureCloud 2010 in Barcelona
I’ve been in information and system security for almost 20 years. Yes
it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in
the making; I was working on Arpanet and Internet wasn’t born; and
information security was a non-issue, all my friends, colleagues, coworkers
and family were telling me “don’t even try and make a living out of this
dead-end information security thingy stuff”.
But somehow I was convinced that it would be a great ride, that it would be
fun and that I had to do it. My crystal ball was crystal clear,... (more)
ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Clou... (more)