When Will Security Systems Start Avoiding the Avoidable?

April 25, 2013 by Leave a Comment
Email

Personal SecurityThis week, TIBCO LogLogic has been taking part at InfoSec Europe, the largest Information Security Event in Europe.  According to initial reports, there are over 17,000 registrants at this year’s event.  We are at booth F50 and we hope to see you there.

One of the highlights about going to one of these shows is the chance to soak up the latest and greatest in information security and put it out for the public (recall my observations from the RSA show earlier this year).  Often, there are regional differences.  In EMEA, “Big Data” has not yet captured as much attention in IT Security as it has in the States (locals say, “Give it another six months.”).  More often, however, you find common security issues — more common than regional people probably realize.

Avoiding the Avoidable

A favorite topic is the latest information on security breaches.  At InfoSec Europe, the 2013 Cyber Security Breaches Survey was officially released, and details of the survey’s results were discussed and reviewed.  One observation I made at RSA noted that 80% of successful security attacks will exploit well-known vulnerabilities that could have been detectable via security monitoring.  This finding is corroborated in the UK government’s 10 Steps to Cyber Security recommendations from last year.

Despite this, the 2013 survey found that take-up of these basic security guidelines, including analysis of log data to monitor networks, was patchy at best (only 30% of large organizations had followed the guidelines).  As such, perhaps it should come as little surprise the survey’s finding that 93% of large organizations (250+ employees) and 87% of small business had at least one security breach last year.

How long can we avoid avoiding the avoidable?

Filed Under: Cyber Security Tagged With: , , , , , ,

How North Korea is Like a Rogue Computer Process

April 17, 2013 by 1 Comment
Email

Recognizing North Korea and Kim Jong-un’s recent actions as probable bluster has parallels to assessing a rogue computer process or questionable user activity on a network. When a process goes wrong in a system, log monitoring software gives off a real-time alert as a warning. With a less-than-enterprise class solution, this alert might be all that happens, which forces systems administrators to decide on an action based on isolated, incomplete information. With lives at stake rather than system and network resources, the result could be tragic.

Context is Key for Real Understanding

The U.S. government has the benefit of a sophisticated infrastructure providing correlated analysis of any situation from multiple angles. The direct threats from North Korea are correlated with data on their lack of actual troop movements, no missile facilities preparations, and in context of historical data of frequent threats right around national holidays. Similar to the U.S. government, a true enterprise-class log management and data analytics system should enable IT managers to have a fully informed view of any specific event with all the pertinent information available at once to enable fully intelligent action. [Read more...]

Filed Under: Event Processing Tagged With: , , , , , , ,

You’re Being Stingy With Your Data

April 13, 2013 by Leave a Comment
Email

With all the talk about how big data should be used, what for, and why, rarely do we hear about who uses “it.” All the recent buzz around big data is not because data has all of a sudden become more valuable, it’s that people are now realizing and discussing how to use new technologies and architectures to derive value from these large data sets.

All too often, organizations have looked at the log management problem from an application-centric point of view. Unfortunately, this approach typically results in an “accidental architecture” of redundant connections to log services, inefficient use of network resources, and valuable data “siloed” into distinct, unrelated, and difficult to traverse data stores. This causes log data to become less valuable than it could otherwise be.

Put Your Money Where Your Data Is

Real deep log data use has historically been prohibitively expensive. Due to the complexity involved and expensive solutions, getting this valuable data unlocked wasn’t a priority for this quarter’s earnings while it was understood to be a long-term advantage. Companies weren’t purposely withholding information; it was just a shortsighted solution to a problem they didn’t know they had. Log management is supposed to protect data from bad guys with an agenda, but it shouldn’t make data inaccessible from people at a company who can gain value. Businesses need an enterprise-class platform that anyone can easily see across the enterprise. [Read more...]

Filed Under: Event Processing Tagged With: , , , , ,

What Does Hiking Have to Do with Innovation?

April 2, 2013 by Leave a Comment
Email

Three friends and I went hiking last week in a dense forest. The objective was clear: to reach a small fortress about six miles from base camp. Without maps, or smartphones and no real clue how to get there, we were on our own. With  no rules, or parameters to validate our moves and literally no support or back-up, we had to make instant decisions based on events as they occurred. We were trailblazers, quite literally, and had to innovate in creating a trail for others to follow just to reach our goal.

Trailblazing is the process of leaving markings that follow each other at certain — though not necessarily exactly defined — distances, and marking the direction of the trail. The markings left by previous hikers help others follow the best trail.

This is essentially what today’s organizations have to face. They know the end objectives (mitigate risks and comply) and apply forensics to determine what went wrong so it can be amended the next time. If you’re lucky, you can isolate the event and put a mark up so others don’t follow that path in the future, but the ability to make decisions in real time or leverage trailblazing is what differentiate organizations from being average to becoming outstanding.

[Read more...]

Filed Under: Event Processing Tagged With: , , , , , , ,

Three Key Security Observations from the 2013 RSA Conference in San Francisco

February 27, 2013 by Leave a Comment
Email

At the RSA Conference in San Francisco, it’s all security, all of the time. When one topic is the only focus over such a short period, it becomes easy to see current trends. Here are three that have caught my attention:

1. Advanced persistent threats (APTs) – APTs will continue to be an issue for enterprises in 2013 and beyond. The machine layer of defense is excellent at catching threats that are known ahead of time, where rules can be written, filters created and bad things can be “bucketed” from good things. Sometimes a human eye is brought in to spot things computers don’t “see” so easily. In a perfect world, that is enough.

But the significant problem is the A in APT. Advanced threats haven’t been identified, and only by collecting all data available and using user and machine activity monitoring can these threats be identified and blocked.

2. Bring Your Own Device (BYOD) – BYOD brings problems as well when people using their own devices can break any policy at any time. Enforcing policies across disparate devices (some more secure, some more vulnerable) requires monitoring of systems and user activity. [Read more...]

Filed Under: Event Processing, Tech Trends Tagged With: , , , , , , , , ,

Log On With IT Compliance and Truly Manage Big Data

February 6, 2013 by Leave a Comment
Email

Log ManagementWe know business is data-driven, but are we missing the forest for the trees? Sitting inside our own systems is data that describes our daily operations and offers an opportunity to take intelligent, data-driven actions. When it comes to operational data, like log files, many businesses struggle to know how to take use this information wisely.

Billions of daily logs, log files, from a wide variety of sources are now part and parcel of big data. If you can manipulate data in real time, you can expand your understanding beyond log management into customer-centric areas. If you can determine a large single-purchase is fraud or not in the moment, you mitigate risk while maintaining customer loyalty. Log data is both deep and wide.

Take RadioShack Corporation, an American franchise of electronics retail stores with a vast retail network that includes 4,700 company-operated stores across the United States and Mexico, 1,500 wireless phone centers, and 1,100 dealer and other outlets. In the fast-paced world of wireless devices and consumer electronics, RadioShack has a mobility strategy rooted in customer advocacy and choice. [Read more...]

Filed Under: Integration, Retail, Tech Trends Tagged With: , , , , , , , , , , ,

What’s Logs Got to Do with IT?

November 5, 2012 by Leave a Comment
Email

Many of the conversations about Big Data focus on information flowing into the organization from somewhere else. It isn’t as widely discussed that there is an enormous amount of information coming out of every enterprise’s IT infrastructure that is just as critical, offers enormous insights and is just as time sensitive. Big Data isn’t complete without log data.

What is Log Data?

Log data, effectively, is like non-stop tweets coming from IT assets and is generated by almost every element within an enterprise’s infrastructure. By managing this data proactively instead of just when something goes wrong, organizations mitigate risk, ensure service availability and promote operational efficiency.

This data provides an immutable fingerprint of user and system activity that can be, at the lowest level, a failed logon and at the higher levels, a significant diversion from baselines, runaway application or an actual security breach. Logs leave behind a track that can be followed to answer questions like: “Who did what and when?”; “Are we following regulations?”; “Is our network performing optimally?” and “Is our data safe and secure?” These are all critical to business operations and can bring down an organization that isn’t paying attention.

Getting specific, log data gives us a view into: [Read more...]

Filed Under: Analytics and Optimization, Cyber Security, Tech Trends, Two-Second Advantage Tagged With: , ,