Speaking of Security – The RSA Blog and Podcast

As security professionals we are constantly thinking about finding the needle (security incident) in the data haystack. But what if just used a really powerful magnet? Potential threats are more targeted, stealthy and dynamic than they ever have been. Which means you won’t find the needle if you aren’t collecting the hay in which the needle may be hiding. So, it’s more than just collecting a lot of data, it’s about collecting the right data.

Continuing on the theme from a previous blog, what if the use of state-of-the-art security technologies were believed to conflict with EU data privacy regulations? Are security professionals really to be put in the difficult position of not being able to use the most current security approaches to protect their organizations and users? Is there a way to both protect the organization and its users while respecting the rights of users to not be excessively and unreasonably monitored?

Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.

In a previous blog I introduced the idea that SOC analysts need to be the IT security “eyes and ears” for their entire enterprise, no matter how large or global the enterprise. Implied in this is the assumption that the analysts can actually use their digital “eyes and ears” to the maximum extent technically possible to protect their organization’s IT assets and users, wherever those assets or users may be. This should be no problem because we are all part of one global Internet-enabled global village, aren’t we?

By Matthew Gardiner, Sr. Manager, RSA
In my previous blog, The Future of the SIEM and the SOC, I argued that SIEMs are changing to meet the evolving security needs of Security Operations Centers (SOCs). Advanced Persistent Threats (APTs) in particular are really pushing SOCs to step up their defensive game. The ever repeating cycle of threat/attack discovery and remediation needs to crank much faster than ever before. In many cases the time window from actual breach to data leakage can be measured in hours or days, thus defensive cycles that are operating in time windows of days or weeks are moving much too slowly. The question I will attempt to at least partially answer in this blog is how SIEMs are changing to meet the rapidly changing needs of SOCs.

Perhaps no product is more associated with an organization’s Security Operations Center (SOC) than its SIEM. Given that a SOC, as its name implies, is operationally responsible for the enterprise’s security, it is not surprising that it depends heavily on a tool which collects, analyzes, and reports in near real-time on security related activity from around the enterprise. As the SOC goes so too goes its SIEM. Or at least it must for the SIEM/SOC relationship to remain a healthy one.

The SOC analysts’ goal is to hunt for malware, rogue insiders, misplaced sensitive data, advanced attacks, and other threats on a huge enterprise network terrain and help to guide-in colleagues to execute the digital hunt. Successful SOC analysts do this by leveraging their experience and their understanding of sensitive corporate systems and data, and by constantly surveying their environment, looking at tracks (logs), keeping in contact with the global security community (via various feeds and Websites), and even using a form of video surveillance (full network packet capture) to see where the “animals” are lurking, in as close to real-time as possible.

As I have discussions with the customers I meet and talk to on a regular basis, I constantly yearn to understand the challenges they are facing. What is stopping them from moving forward and implementing the security tools that are available to them?

By Chester Liu – Product Marketing Manager for the RSA Security Management Suite Have you ever been to a presentation or speech, and the speaker is just so ignorant about the very topic that he’s speaking on that you just want to shout out and correct him, but there are a hundred other people in [...]

EMC conducted a survey of U.S. Federal Government IT Security stakeholders recently, and one of the results that struck me was one around cloud adoption. We usually hear about security being an impediment to the wide-scale adoption of cloud and virtualization technologies, but our survey revealed another interesting barrier.