threat detection

June 25, 2009

Obama’s CyberSecurity Policy

Sunil Bhargava: Cyber attacks are typically silent, stealth in nature and don’t command the attention of the general public. President Obama’s announced cyberspace policy didn’t get the attention it deserved – given that cyber attacks have the potential to close down critical infrastructure – effectively closing down the markets, strategic defenses, disease control infrastructure or the core communications networks. So why isn’t the cyberspace policy getting the attention it may deserve? This is what we asked Warren Axelrod, security expert, author and speaker. Here’s Warren’s response.

From the desk of Warren Axelrod: Why is the cyberspace policy boring? The answer I’m giving is one that security professionals will be able to identify with – to an outsider it’s boring. Virginia Heffernan in a recent New York Times Magazine article entitled “Lights! Camera! Inaction! People Using the Internet are Boring”. Ms. Heffernan discusses the various, mostly unsuccessful, attempts by filmmakers to create excitement when something, which would cause all sorts of reactions in the physical world, happens in cyberspace. The flashing of messages of doom and destruction on a screen does little to raise one’s pulse. It is only when the messages are linked to visuals of bad physical things happening, as in the Terminator or Batman movies or Die Hard and Live Free that anxiety increases in the audience.

The people tuned into the President’s announcement are the professionals at Homeland Security, the Pentagon and the utility officials protecting the three main electric grids. These are people who know that attacks are up year over year and the attackers are getting smarter and more devious every day. There were a couple of articles on the cyber speech the next day but not as many as one would expect – given the gravity of the situation. The news aggregation magazine, The Week, provided Cyber Security 101 in the article “The Rise of the Cyberspy”. This article focused on the Pentagon’s “near constant” cyber attacks by foreign hackers primarily from Russia and China.

So again, the general public, who depend so heavily on the Internet and computer systems and networks in general for their well being and economic progress, can’t seem to get excited about a President who actually uses technology and knowing the dangers is setting policy, making cyber security a priority. We can only hope that the steps we need to take to defend ourselves in the dangerous realm of cyber space won’t be delayed and prioritized out of existence as it was eight years ago. The new “cyber czar” may be greeted with some fanfare, but will likely find it as difficult as his or her predecessors to implement effective measures. If only cyber criminals had two heads and long tails that could decapitate an innocent bystander.

Postscript: Intellitactics is the chosen SIEM by intelligence and defense organizations on the front line of cyber attacks. Join Intellitactics every Tuesday to see what it takes to defend against cyberspys and hackers.

Posted by Sunil Bhargava at 12:00 AM in current affairs, enterprise security management, threat detection | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

June 16, 2009

Intellitactics and Quest - security as a service

Now, QUEST- a California based service provider - is offering a NEW Managed Security Service. They'll be implementing Intellitactics SAFE appliances on the customer's premise and remotely managing logging, compliance reporting and event analysis. Their clients get all the control of ownership without the overhead.

Everyday we talk to companies that want and need to automate log reviews, threat detection and reporting requirements for multiple regulatory standards. They are all doing something, but they all want to do more. Unfortunately, the economic turmoil has created obstacles for these companies to move forward. Staffing is an issue, deploying and implementing the solution takes time, even the evaluation process required for a capitol investment requires more energy than they have. These are all good reasons to consider security as a service.

QUEST CEO Tim Burke and I were talking about what they're clients say are good reasons to engage with a security service provider. More companies are considering security as a service and by implementing Intellitactics SAFE on the Client premise - they get the best of both worlds. Quest offers redundant operation centers and SAS 70 Type II certification; the staff is highly qualified. This new security offering, featuring Intellitactics SAFE may be just the ticket for companies that need a fast start  - whether they're prepping for audtis, augmenting staff or defending against cyber criminals that stalk mid-size companies. Quest's unique service offering is a short term fix for lots of companies which will offer long term benefits.

Posted by Sunil Bhargava at 12:00 AM in enterprise security management, IT Security ROI, partners, security as a service, threat detection | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , ,

June 03, 2009

Intellitactics Poised for Mid Market Success

This week Gartner published their annual research on security information and event management (SIEM)vendors. The research covers the high number of vendors (21) in this space and it also underscores the many different ways companies are building, packaging and selling SIM and SEM and a combined solution for companies that want and can handle both.

So what about Intellitactics? Well, we have two distinct product lines that we've developed. The first is a software solution, Intellitactics Security Manager, that in Gartner's estimation is "optimal for large enterprises" with the need to customize and configure their SIEM to adapt to sophisticated and complex requirements.the second is Intellitactics SAFE - a fully capable SIEM appliance that is uniquely designed for mid market companies. SAFE is simple to deploy and easy to use. So if a company just wants to do better during an audit or is large enough to face complex security threats but too small for dedicated security operations centers  then SAFE is perfect. Lots of capability on ONE appliance - the ultimate in simple and a fast path to value.

Our packaging is simple. Buy what you need now from Intellitactics or from a select number of VARs that all have unique capabilties and areas of expertise. We're also proud of the MSSPs that offer security services in the traditional way or co-opt SIEM with a SAFE appliance on premise with remote management by the MSSP. No matter what your budget, there is an affordable way to get the benefits of SAFE: improved understanding of logs and events and accelerated investigation of security incidents. We aren't bundled with your storage solution or your NOC solution or thrown into your maintenance bill. Everyone of our customers conducted a thorough investigation and selection process and chose Intellitactics.

Finally, we like what we do. Everyone in the company takes a lot of pride in the success our customers in 21 countries and many industries are having with our product. We are just as excited today after 11 years of providing security solutions as we were when we the first customer bought a product that in those days was an elaborate toolkit.

So if you're an independent thinker and you're looking for a vendor partner highly invested in your success - we're the company you're looking for! Take a look -  any Tuesday and see for yourself how simple SIEM can be.

Posted by Sunil Bhargava at 06:00 AM in compliance, enterprise security management, log management, partners, threat detection | | Comments (0) | TrackBack (0)

Technorati Tags: , ,

June 02, 2009

Intellitactics Detects Insider Threats

The most dangerous insider threat is the employee who knowingly breaks security policy to achieve a selfish or malicious end. According to CERT, 68 percent of theft for competitive advantage takes place within three weeks of an employee leaving his/her job. These threats are deliberate and involve financial gain, revenge or an attempt to gain competitive advantage – sometimes called espionage. Unfortunately, many organizations report that they don’t have anyone focused on insider threats – malicious or otherwise. If you can identify a risk you try to prevent it. Many organizations develop sophisticated policies but don’t implement the technology required to enforce it. Following the reliable maxim "If on the other hand you can’t prevent it, you must detect it" suggests that policy enforcement requires monitoring of security events, or minimally reports on logs. Simply put, if you identify a risk, then you should attempt to prevent it and monitoring is a recommended mitigation for risk.

Detection, in fact, plays a critical role in all risk controls; network and operating system logging is vital. You can use logs to detect out of norm behavior, especially if you can aggregate logs by source, target or user id and set thresholds using time or number of instances that will create an automatic notification. SIM solutions, known for logging, that offer security event management can have a major impact on the productivity and capability of your security team. There are never enough eyeballs to review logs. Log searching, no matter how sophisticated the technology, is effective when you specifically know what you are looking for. Automated event management transforms logs into more useful and actionable information.

Disgruntled employees often act out of the norm by creating unknown accounts, setting up backdoor connections and other behaviors that proper logging, and ideally security event management, can detect. Several best practices exist, but they all have one common bond: Someone must review the reports your systems generate! Better yet – choose a system that generates alerts. Many insider attacks go unnoticed because attackers develop tools and innovations while no one else is watching.

Another complimentary approach is security awareness training. In the case of malicious insiders, the education is not targeted at the user -- who clearly doesn't care about security policy and is bent on breaking it -- but on the insider's potential colleagues, who might recognize the warning signs that a co-worker is about to be bad and with training will know what to do about it.  

See how simple logging and event management on one appliance can be, join our Intellitactics SAFE open house every Tuesday.

Posted by Sunil Bhargava at 11:32 AM in enterprise security management, threat detection | | Comments (1) | TrackBack (0)

Technorati Tags: , ,

Archives

More...

Categories

About

My Photo
Subscribe to this blog's feed

Compliance

Control Frameworks

Sites We Watch

Subscribe to this blog's feed