Last week we saw that a proper Log Management tool is a powerful tool to
catch the bad guys.
Advertise your use of such a tool and you will send a clear signal to
would-be attackers that they will be caught, which will act as a powerful
deterrent, and curb bad behaviors.
A 2004 study from Ibas, a computer forensics firm, conducted on 400 UK
businesses showed that "69.6% of business professionals have stolen some form
of corporate IP from their employer when leaving a job."
I simply cannot believe that 69.6% of the people are "bad guys," responsible
for a trillion dollar worldwide problem. I believe that these 69.6% of people
saw a window of opportunity, somehow persuaded themselves that it was OK to
steal that corporate IP, and assumed that they were going to get away with
The IT world is not that different from "the real world." These 69.6% of
people are not ... (more)
We'll see below some examples of security attack scenario that many people
will put forth as a perfect example of how powerful, valuable and simple
As you can see, the overall approach of using static rule-based correlation
on these is simply flawed.
Attack Scenario Example 1: Identity Theft
There are numerous ways to perform an Identity Theft attack, but let's focus
on just one of them, recognizing that somebody cannot be in two places at the
same time and hence that a user cannot log in your infrastructure from VPN
and locally from the office "at the same time."... (more)
Performance Tolls - Why you cannot correlate 100% of your logs...?
Compounding the combinatory explosion in the number of static-based
correlation rules, it is impossible to correlate 100% of all your logs, it is
just too expensive and not practical. Read on...
A correlation engine works really hard, even when dealing with a limited set
Each scenario requires lots of rules and exceptions, and most of these rules
need to be interpreted further as dozen, if not hundred of simple checks and
tests. For example, you may want to flag loops with a simple rule such as "IP
The debate between data and information has been going on for quite some
time. When people say "knowledge is power", are they referring to data or
information? Is knowledge different still? And how about "intelligence" where
does that fit?
How can we go from data to information to knowledge to intelligence?
The answer is simple. By understanding the animated nature of data evolution
and transformation, and acting upon this understanding.
And this is brought to light by logs from your Information Systems.
Understand this and unleash the Power of Logs.
Figure 1 - Data to Informatio... (more)
Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to ... (more)