I just returned from a weeklong trip to Europe, where I contributed my voice to the wildly successful series of RSA Security Summits. With near unanimity in London and Zurich the audience accepted our premise that as a result of the changing IT landscape – including cloud, mobile, big data, extended workforce, supply chains – and the realities of today’s sophisticated attackers, the approach to security in organizations needs to dramatically change. Furthermore there was also general agreement that today’s preventive security systems, that are largely perimeter and signature-based, no longer provide sufficient defenses, and that to compensate organizations must improve their detective and response focused security controls. This quickly led to the practical and real challenge of how organizations can best make those improvements. How in an environment of fixed security budgets can organizations invest to create or significantly enhance their monitoring and response capabilities?
Today’s IT environments are more fluid and complex than ever. Security teams are faced with a flood of alerts and indicators across thousands of devices and massive volumes and varieties of applications and information types. It is more important than ever that the efforts of the security teams are prioritized such that threats that pose the biggest risk to the organization are investigated and resolved first.
My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity. In the paper Jon clearly brings forward his argument – with which I completely agree – that security threats have changed and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit clichéd, but read the paper and you will see that there is a clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, have gone up — way, way up.
In the case of security, organizations need to understand where the risks are, where the infections have landed, where the attacks are in process, and what they should do about them, fast. This has lead security organizations directly into the challenge/opportunity of Big Data, now.
It is a well known that if you want someone or something to change, just apply pressure over a period of time. This is true for organizations, people, and even earthly matter, such as carbon (diamonds) and formerly living plants (hydrocarbons). Markets also transform when under pressure. I believe this is precisely what is happening to the SIEM market right now.
I recently had the pleasure of attending the annual EMC World user conference in Las Vegas, NV. And it was, in my opinion, immensely informative, not just for me but for EMC, RSA and all of its partners and customers. The sessions and Solutions Pavilion were lively and engaging, the keynotes had the production value worthy of most Hollywood movies and the topics were relevant for today’s IT and security managers.
By Matthew Gardiner, Sr. Manager, RSA Unless you have been hiding under a rock in another universe, you are aware that Microsoft is soon to be releasing the latest major round of the Windows franchise, namely Windows 8 and its cousin Windows Server 2012. In fact at the upcoming TechEd North America 2012, this latest [...]
I recently watched the 1932 movie The Most Dangerous Game which was adapted from a short story written by Richard Connell. In short, the story is about a young man, Bob Rainsford, who is ship wrecked on an isolated Pacific island run by a rich, crazy, yet wily Russian Count named Zaroff. Zaroff’s favorite hobby is to hunt big game, in particular human game that was amply supplied by ship wrecked people that washed up on his island. Typically the Count didn’t have too much trouble bagging his human game. After all how long and how far can one run on an island? However, the hunt of Bob Rainsford (and Fay Ray – of King Kong fame – as his helpless love interest) went very differently. Bob, being an experienced hunter himself, used his skills and guile to turn the table on Zaroff. The hunted became the hunter. Let’s just say it didn’t end well for Zaroff.
As security professionals we are constantly thinking about finding the needle (security incident) in the data haystack. But what if just used a really powerful magnet? Potential threats are more targeted, stealthy and dynamic than they ever have been. Which means you won’t find the needle if you aren’t collecting the hay in which the needle may be hiding. So, it’s more than just collecting a lot of data, it’s about collecting the right data.
Continuing on the theme from a previous blog, what if the use of state-of-the-art security technologies were believed to conflict with EU data privacy regulations? Are security professionals really to be put in the difficult position of not being able to use the most current security approaches to protect their organizations and users? Is there a way to both protect the organization and its users while respecting the rights of users to not be excessively and unreasonably monitored?