Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

Over the next few weeks, we'll investigate how the expression "An ounce of prevention is worth a pound of cure" could also be applied to the IT world, and what are the tools to foster preventive security through behavior modification. When looking at IT security, it seems that most of the security solutions today are based on Defensive Security. Technologies such as AntiVirus, Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems, Anti-Trojan, Anti-Worms, and Anti-Spyware belong in this category. The primary focus of these technologies is defending against security attacks in progress. Other categories of security exist of course, such as Proactive Security (including Vulnerability Management) and Remediation Security (e.g. Patch Management), but the industry focus these past few years has been on Defensive Security. It is amazing that despite a... (more)

From Data to Information to Knowledge to Intelligence

The answer is Logs. Logs are the only metadata that exists today that: Is widely available Is 100% collectable Is 100% storable On which we can run intelligent reports Allows us to understand the kinetics aspects of this ever-changing data For example logs allow us to understand if a data has had several versions and iterations and, for each iteration: Who created, modified or deleted the data When was the information created/modified/deleted What device was used for the creation/modification/deletion Was that creation/modification/deletion authorized It even gives us some cont... (more)

Fraud Detection, Financial Industry and E-Commerce | Part 1

Banks and Insurance companies lose billions of dollars every year to fraud. Traditional methods of fraud detection play an important role in minimizing these losses. However increasingly sophisticated fraudsters have developed a variety of ways to elude discovery, both by working together and by leveraging various other means of constructing false identities. Graph databases offer new methods of uncovering fraud rings and other sophisticated scams with a high-level of accuracy, and are capable of stopping advanced fraud scenarios in real-time. While no fraud prevention measures c... (more)

Back from SecureCloud 2010 in Barcelona

Back from SecureCloud 2010 in Barcelona I’ve been in information and system security for almost 20 years. Yes it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in the making; I was working on Arpanet and Internet wasn’t born; and information security was a non-issue, all my friends, colleagues, coworkers and family were telling me “don’t even try and make a living out of this dead-end information security thingy stuff”. But somehow I was convinced that it would be a great ride, that it would be fun and that I had to do it. My crystal ball was crystal clear,... (more)

60% of EMEA still NOT using Cloud Services

ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. It turns out that UK businesses are leading Europe on Cloud Adoption 40% to 33%. But a whopping 35% of respondents do not plan to use Cloud for any IT services (actually 35.6% in Europe and 31.8% in the UK). This is a huge impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and PaaS respectively Software as a Service, Infrastructure as a Service and Platform as a Service. Let’s spin this another way: 60% of respondents are not using Clou... (more)