Performance Tolls - Why you cannot correlate 100% of your logs...?
Compounding the combinatory explosion in the number of static-based
correlation rules, it is impossible to correlate 100% of all your logs, it is
just too expensive and not practical. Read on...
A correlation engine works really hard, even when dealing with a limited set
Each scenario requires lots of rules and exceptions, and most of these rules
need to be interpreted further as dozen, if not hundred of simple checks and
tests. For example, you may want to flag loops with a simple rule such as "IP
Origin" = "IP Destination". If you have 1 000 logs this means that for each
log you need to do 1 000 tests. Imagine having a million logs, a trillion
logs, which is not uncommon on a medium sized infrastructure over a couple
days. Each scenario requires state information to be kept and managed ... (more)
Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to ... (more)
ISACA, the Information Systems Audit and Control Association just surveyed
1 529 of its members across 50 countries in EMEA.
It turns out that UK businesses are leading Europe on Cloud Adoption 40% to
33%. But a whopping 35% of respondents do not plan to use Cloud for any IT
services (actually 35.6% in Europe and 31.8% in the UK). This is a huge
impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and
PaaS respectively Software as a Service, Infrastructure as a Service and
Platform as a Service.
Let’s spin this another way: 60% of respondents are not using Clou... (more)
Rule-based log correlation is almost a good idea.
It sounds like a good idea, it appears to be a good idea and many people will
tell you it's a good idea, but in fact it is not.
Rule-based log correlation is very complex, limited in use and applicability,
and boasts a terrible ROI.
It will give you a false sense of security, which is a bad thing.
We'll look at the reasons why this is not a good idea, and some ways to
augment the use of logs to improve your security through pragmatic Risk
History of Logs
What is rule-based log correlation and how did it come about?
This article discusses some of the main defensive security solutions used
today and explains the reasons why employing a Log Management and
Intelligence solution is critical to complement these protection methods.
Let's first look at the most common defensive security solutions that have
been popular these past few years. This is not an exhaustive list of all
existing technologies, but rather a high-level view of some of the prevalent
These corresp... (more)