Speaking of Security – The RSA Blog and Podcast

As security professionals we are constantly thinking about finding the needle (security incident) in the data haystack. But what if just used a really powerful magnet? Potential threats are more targeted, stealthy and dynamic than they ever have been. Which means you won’t find the needle if you aren’t collecting the hay in which the needle may be hiding. So, it’s more than just collecting a lot of data, it’s about collecting the right data.

Continuing on the theme from a previous blog, what if the use of state-of-the-art security technologies were believed to conflict with EU data privacy regulations? Are security professionals really to be put in the difficult position of not being able to use the most current security approaches to protect their organizations and users? Is there a way to both protect the organization and its users while respecting the rights of users to not be excessively and unreasonably monitored?

At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]

We have seen action movies where the protagonist, stripped of his weapon, manages to find some everyday item like a stick or pen and disarm several baddies, rescue the hostages, and disable the imminent threat to mankind. We accept this premise because it happens every day; ingenuity, experience, and persistence often overcome the lack of a specific tool. We, as 21st century professionals, leverage these skills and the resources at hand to overcome the daily crises and defeat evil (or save a file that has accidentally been deleted). Cue the heroic background music…

Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]

Last week, Atos, VMWare and EMC announced the creation of a new company, Canopy, dedicated to providing cloud services. One of the best things about this announcement, from my point of view, is knowing that for Canopy, security is no afterthought. This time, it’s part of the DNA. You may have heard of Atos as [...]

The Security for Business Innovation Council report published last month lays out a roadmap for responding “When Advanced Persistent Threats Go Mainstream” (as the report title puts it). One of the most important recommendations in that report is captured by Roland Cloutier, VP and CSO of ADP Inc, when he says: “you have to have the resources and a process for risk decision-making that enable rapid changes to your protection platform.” That is, the roadmap in the report doesn’t lead to a static, unchanging security monolith. It’s a model for a process that builds dynamism into security, not unlike the architectural model of the Dynamic Tower that David Fisher has designed for Dubai.

Perhaps no product is more associated with an organization’s Security Operations Center (SOC) than its SIEM. Given that a SOC, as its name implies, is operationally responsible for the enterprise’s security, it is not surprising that it depends heavily on a tool which collects, analyzes, and reports in near real-time on security related activity from around the enterprise. As the SOC goes so too goes its SIEM. Or at least it must for the SIEM/SOC relationship to remain a healthy one.

Last august, I wrote about needing a different answer to the traditional security problem because the changing landscape over time was making conventional protocols, applications and skill obsolete. I wrote there about time and intelligence: these are the essential assets in any security autonomic system. Why? To really boil it down to its basics, it’s a race. In a race, you care about being first, not second. Intel helps you run the race better and time is the only currency that matter. It’s a race to the data, and you want to win. So it’s all about time and intelligence.

The SOC analysts’ goal is to hunt for malware, rogue insiders, misplaced sensitive data, advanced attacks, and other threats on a huge enterprise network terrain and help to guide-in colleagues to execute the digital hunt. Successful SOC analysts do this by leveraging their experience and their understanding of sensitive corporate systems and data, and by constantly surveying their environment, looking at tracks (logs), keeping in contact with the global security community (via various feeds and Websites), and even using a form of video surveillance (full network packet capture) to see where the “animals” are lurking, in as close to real-time as possible.