There's a great perspective on compliance on Bank Info Security that caught my attention. David Schneier writes a Compliance Insight blog that is especially compelling because it includes anecdotes from the field. I was compelled to comment on the post because there are so many organizations that are still trying to manually review logs because they reason they are too small to take advantage of fully automated compliance reporting solutions like Intellitactics SAFE. When we first launched SAFE, we had Enterprise Management Associates, an independent industry analyst group, review the product relative to the current market. In their technology brief they recognize that SAFE is right sized for every type of organization regardless of size or buying power. This was one goal of the SAFE product line - that we would provide an affordable SIEM alternative for every organization. Every user enjoys the same automation, hundreds of reports and self contained storage appropriate for their volume of logs and events. By choosing one of the five SAFE models - you PAY LESS and do the SAME as largest, most progressive organizaitons in the world. Your next customer wants to have the same confidence in you as they have in the big box store, the global bank or any other organization they entrust with their personal information. We know that SAFE helps you earn their trust everyday.
« September 2008 | Main | November 2008 »
October 2008
October 30, 2008
Size doesn't matter - in compliance
Posted by Pam Casale at 11:51 AM | Permalink | Comments (0) | TrackBack (0)
October 27, 2008
Data breaches - Knowing sooner is a good thing.
The Verizon Study shows that 75% of all data breaches result in compromised data within a matter of days. 63% of companies don't learn about breaches until MONTHS after they occur.
More disturbing - once discovered they take weeks to fix. Good to know.
Better to know - what to do to how to be proactive!
Our favorites:
*Control data with transaction zones -- Investigators concluded that network segmentation can help prevent, or at least partially mitigate, an attack. * Monitor event logs -- Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise. Processes that ensure the timely, efficient, and effective monitoring of and response to network events are critical to protecting data. * Create an incident response plan If a breach occurs, be ready to act. An effective incident response plan will ensure a breach can be stopped before data is compromised. for more tactics go to the article on CIO Today Choose a SIEM that automates zoning or segmentation; expect more than fancy log searching - use events to improve the accuracy of investigation; demand information from a SIEM that is fundamental to your incident response plan. For more on this story
Posted by Pam Casale at 06:59 PM | Permalink | Comments (0) | TrackBack (0)
October 15, 2008
Debunking Security Myths
As best practices evolve and processes mature, myths about why and how things happen are debunked. Myths are sometimes charming and fun - the only bad thing about myths is that if they are based on faulty thinking, or the facts available at the time believing them can result in disaster. On a Dark Reading blog there was a post last week about security myths and it ended by asking what myth the reader would like bunked and why. So here's the myth that not all, but too many, companies are still wanting to believe: If you're compliant you're secure.
The reason I find this particular myth to be so troubling is that thousands of companies have spent and are still spending time and money to take steps to be compliant, to have audit worthy reports and are doing it just for the sake of compliance. The easiest first step is getting all the logs in one place and many of them don't get beyond that step. All the headline grabbing breaches and data loss scandals featured companies that had recently passed an audit or reported to their boards that they were in fact compliant. Logs all collected, neat and orderly, archived appropriately and reviewed as often as possilbe. Unfortunately for these companies compliant didn't equal safe and secure.
It's not uncommon for companies to be sitting knee deep in logs feeling good about compliance while they have no proactive way to isolate bad actors or control the actions of oblivious employees who don't change their password or do any of the 20 things that employees who are still not aware do that invite fraud.
Let's put the myth to bed once and for all - being compliant because you have mastered logging is no guarantee that you are secure. There just aren't enough eyeballs to look at the logs in real time or near real time to do anything significant with them. While you may be compliant for a day or a week because you have them and can report on them you aren't doing enough to be safe or secure.
Folklore and fables explain the most perplexing questions to children - where rain comes from, what makes a star twinkle, why every snowflake is different. But when it comes to security, there are no charming stories, Greek gods or famous Indians to explain why data breaches occur. There's just daily diligence - the age old formula of process, people and technology applied to a constantly changing problem. Then there's active monitoring for understanding and investigation and consistent, repeatable response to test that practices and processes are working.
I don't pretend to be the expert; just an observer of the most experienced and successful security practicioners in the most progressive companies in the world. Seems they are debunking this myth and many more everyday. Email us with your best story of a myth you squelched and what happened next!
Posted by Pam Casale at 11:41 AM | Permalink | Comments (0) | TrackBack (0)
October 13, 2008
Four Tips for SIEM Success
Network World Trendwatch took a look at SIEM solutions in a recent article entitled "SIEM: Finding the Proverbial Needle". In this article, Arlan McMillan, Global Director of Security at ABN AMRO, describes how the bank uses the Intellitactics SIEM to make sense of 1 billion security events per day, reducing false positives and eliminating mistaken firewalls patterns. Analysts are more effective - using a 'washed version' of the data to understand and investigate security events with precision accuracy.
So you're saying - "We don't have a billion events per day or maybe even per month. We looked at SIEM last year and just don't need a SIEM."
While it's true that the more events you have the more complex the task to understand them becomes it is also true that every company, regardless of size and budget, can benefit from a SIEM. Consistent analysis and response, reliable service and repeatable processes is the real value of SIEM and that value is independent of how many events you manage or your company size or your security budget.
Even if you don't have a billion events per day its not easy to understand and take meangingful action on however many events you do see per day. In this article Kelly Kavanagh, a Gartner analyst, suggests that companies are putting SIEM alongside traditional tools for collecting and analyzing application level events or transaction logs to isolate fraud and misuse.
SIEM is easier to use, easier to implement and costs less than it did just a year ago. So if you looked once and dismissed the idea of SIEM - you should look again. SIEM users and Kelly Kavanagh give four tips for SIEM success: understand alert and mitigation strategies, start slowly and make sure the SIEM you choose can scale as you do more, have a plan for how to deal with violations and anomalies and finally get executives on board. Regardless of the SIEM you choose, Arlan McMillan explains: ".. . . you will need to cross organizational borders to secure logs that mights be sensitive or confidential, so you need all your governance issues clearly laid out before you start deployment."
Consistency, reliability and repeatable process - these three things help you verify and validate compliance and secure critical information assets. Maybe it's time to look at SIEM again.
Posted by Pam Casale at 04:55 PM in SAFE Appliances | Permalink | Comments (0) | TrackBack (0)
October 09, 2008
What does being SAFE mean to you?
Just yesterday, a security analyst seeing Intellitactics SAFE, the appliance for security event management, for the first time said SAFE – does it stand for something? Seems like it should stand for security awareness for everyone because that’s what I think I can do with these reports.
When we named this powerful little appliance we weren't thinking about acronyms but we did think that it would keep all the customers SAFE and SECURE! SAFE from predators, from malicious insiders, from over zealous auditors, from cuts to the security budget - just SAFE. So we were thinking – what does being SAFE mean to you?
If you haven’t heard, Intellitactics SAFE, a security information and event management appliance, is rapidly becoming the product of choice for mid size companies looking to do more with their logs. Like Intellitactics Security Manager, the comprehensive enterprise security management software, SAFE collects any logs from anywhere and automatically transforms raw logs into a fewer, more manageable security events then generates reports for compliance or security operations.
In fact SAFE appliances can be your only SIEM or can be dropped into several distributed, remote locations to send events to Security Manager. You can easily build out your security command and control infrastructure. Consistent, reliable security events ensure repeatable processes and reporting across your enterprise, regardless of size. SAFE's right sized architecture fits into every budget.
So what does SAFE mean to you? Email your ideas to marketing@intellitactics.com
Posted by Pam Casale at 03:33 PM in SAFE Appliances | Permalink | Comments (0) | TrackBack (0)
ARE YOU PUTTING SECURITY ON HOLD?
Gartner and Forrester – industry analysts – predict that IT spending will fare better than the economy as a whole and continue to grow on a year-to-year basis.
Revised estimates reflect a 5.4% increase on new purchases in 2008 and include a forecast of a 6% increase in IT spending in 2009.
While companies may opt to delay new projects analysts say you will continue to invest in “absolutely critical products”.
So what’s an “absolutely critical product”? According to the analysts they are the ones that improve earnings or save a lot of money.
More companies are putting SIEM, security information and event management, in the category of absolutely critical products. You might be asking WHY? Today’s SIEM is more than logging. Choose a SIEM that transforms millions and billions of logs into security events. If you give your analysts only raw logs you can’t expect consistent, reliable or repeatable responses. But, when you give them security events you can set rules and check the validity of processes.
Put SIEM on your critical product list and read how SIEM finds the proverbial needle in the haystack in this NEW article in Network World. Check out the value that Intellitactics' customer shares with Network World readers.
Posted by Pam Casale at 03:00 PM in IT Security ROI, SAFE Appliances | Permalink | Comments (0) | TrackBack (0)
October 07, 2008
Online Fraud - A Future Market Gauge?
I read the article Trojan Can Grab Extra Personal Banking Data discussing online fraud and read words I would never have expected to read in such article – affordable malware and fraudsters being honest.
If I hadn’t known the article was talking about the antics of online fraudsters I would have thought the author was talking about a sector of the marketplace. Honestly, to read the downward trend of prices for malware over the past 2 years you would think we were talking about a trend in digital electronics. Does it give anyone else the chills to think that we could soon be receiving MarketWatch Bulletins for malware as just another consumer spending index?
Then there is the part that reads if you want to be a successful fraudster you have to develop a reputation for working reliably and honestly. Talk about making your head explode with contradiction. It reminds me of the original Star Trek episode The Changeling where Nomad is eventually destroyed with contradicting logic. Nomad you are dealing in data stolen from honest people. Nomad you have to be honest with the people that stole the data. Nomad doesn’t that mean you have to turn them in for stealing? But Nomad if you turn them in for stealing then you wouldn’t be able to work with anyone in the online fraud market…Quick Scotty beam me into space before I take the whole ship with me.
All in all I think the author is really on to something. We should be investing heavily in the online fraud market. Especially if we put in charge those who have been heading our financial sector in recent years. Any bets on how long it would take for them to implode that market?
Posted by Kari Onn at 09:43 AM | Permalink | TrackBack (0)
