admini – Page 106 – CyberSecurity Institute

To Improve Security, Get Your DAM Info Into SIEM

Posted on December 3, 2010December 30, 2021 by admini

As Rothman sees it, the biggest advantage to integrating DAM with SIEM is the context it provides. “A database attack is usually one aspect of a broader attack…. The DAM has no visibility on network traffic, server configurations, exfiltration attempts, user activity, or a million other things,” Rothman says.

According to Rick Caccia, vice president of marketing at SIEM vendor ArcSight, this additional context is particularly important for monitoring database access through applications that are tied into data stores — but only through some layer of technological complexity. “The common problem DAM products have is most customers don’t have their applications directly talking to a database; they have some sort of application server that runs applications that talk to the database, and that application server tends to hold one connection to the database,” Caccia explains.

Tying DAM information into the SIEM allows an organization to more easily correlate the activity a user might have done on a front-end application with the query activity by an application server sent directly into the database.

“Organizations take application logs, send the application logs to the SIEM, send the DAM logs to the SIEM, and the SIEM correlates those two together,” Caccia says.

Rothman and Caccia agree that one of the biggest challenges in feeding DAM into SIEM isn’t the technology — DAM and SIEM vendors have worked together during the past few years — but is often caused by internal staff battles.

http://www.darkreading.com/database-security/167901020/security/security-management/228500270/to-improve-security-get-your-dam-info-into-siem.html

How to have a Disastrous Crisis

Posted on November 8, 2010December 30, 2021 by admini

Panic
Panic can take all sorts of forms:
A failure to communicate It can manifest it’s self in a communicative denial where the person or team fails to call in help from other groups or people. This can be very damaging and costly. There was one crisis I was brought to perform a post mortem on, where the team had failed to notify the management of a lost laptop. Expensive and wasteful expense.

Reacting without following process or procedure Just reacting or “shooting from the hip” can cause all sorts of chaos, both short term and long term.

Overreacting It is very important to ensure that the organization responds with the appropriate level of urgency and energy. Too much and you can excerabate the situation by having users or customers losing their trust in the organization. This is damaging short term and long term. Delivering the information in a calm and clear manner is very essential and the emotional.

How do you not panic? Have a plan, have the right people and the right attitude.

Loose focus on the objectives. Focus on the technologies issues and not the business..
At all times,the following should be the goals of everyone involved: Protecting people, Protecting the environment, Protecting the business

Waste times and resources
Before a crisis occurs, make sure you have a good idea of the people, the capabilities and objectives of the organization.

Focus on the immediate and forget about the long term implications.
In the heat of the moment, you might be tempted to use an approach that might be ethically unsound Respect the law and regulations, and people.

So, what is a crisis or incident team? (Part 2 in the Crisis Team Series)

Posted on November 5, 2010December 30, 2021 by admini

Paul’s definition of a crisis response team (if we have to keep calling it that (to justify the budget)) is:

An operational capability that allows an organization to quickly initiate, track and coordinate the capabilities of multiple groups and individuals, with the single focused goal of solving an immediate business impacting event, quickly and effectively.

Business Impacting Event? Sometimes, we fail to leverage the abilities of an incident Response capability due to the fact that we view them as only useful during an IT security incident. They can be, and should be leveraged beyond that myopic vision of the role.

[Sidebar: This “pigeon holing” of security is a common problem that I have encountered in my career as a security professional. Security team can easily become isolated and out of touch of, due to the fact that the teams act as superior or independent of the rest of the organization. Misunderstanding, mistrust, “snobbishness” and general lack of communication are typical symptoms that I have encountered when called upon to fix, from everyone else’s perspective, a dysfunctional security team. Security is not a standalone capability, especially in today’s world, and needs to be integrated into the rest of the organizations.]

To create this change, we have to start at the individual level. To help create the capability, and to break down the barriers of stagnant traditional security models, I believe that a security professional needs to have a broader view of the world, encompassing not the only viruses, vulnerabilities, and hackers but also business impacting events or perspectives.

By adopting this approach, crisis response teams can provide valuable services across an organization. Crisis response teams should not be only be involved in an IT incident but they can help in situations dealing with the handling of a sensitive business events or geo-political situations. A good incident response team has the maturity and capabilities to handling these delicate situations with the aplomb required to bring about an effective resolution.

So what does the crisis response team do? To be successful in responding to these situations, requires the coordination and cooperation of multiple teams and individuals. And that is what drives how I define an incident and thats what a crisis team should be focused on as one of its primary objectives. it is driving forward to resolution with a fast ,multi-team coordinated response.

It is the last part of the sentence that really resonates with me. I almost want to change the name from crisis response to coordinated group adverse business event response team (but GABERT is a bit too long as an acronym).

I have had great success in supporting small and large organizations in many crisis situations where the capabilities and preparedness of the crisis response team have been leveraged.

So change the perceptions. It helps if people don’t view the IR team as a set of strange talking geeks, who only like IT and hacking. I can tell you that the majority of the IT security industry is very gregarious, and we don’t hide out in hidden cubicle with no light, despite how Hollywood might like to portray. Some of us even have sun tans.

So what do you think? Is this too ambitious, or outside the scope of IT security? Or could this approach add value to your organization and help expand the understanding and integration of the security team?

In the next article, we will talk about the principles goals and requirements around the culture of a crisis response team.

A new series of blog posts on Crisis Response

Posted on November 2, 2010December 30, 2021 by admini

I have been through a quite few crisis with large and small organizations and I hope that these posts will help IT teams protect their people, the world and the businesses.

Why would I write a set of blog entries about crisis response? Well to be honest, I am hoping that I can generate business opportunities, and also create a online resource of information about this very important capability. I have searched across the web and found very few sites dedicated to this subject. Yes, you can find information on disaster response but I think organizations are facing few disasters (hopefully), but probably everyone has a couple of crises a year.

So let’s start. For me, crisis response is an operational capability that needs to exercised frequently, as opposed to once a year. It goes beyond the traditional world of viruses and hack attacks. It’s something that can be leveraged to help an IT organization with it’s daily activities, not just when things are going wrong.

Hopefully, you will find this information useful.

And if you want to provide feedback, I have a forums section just for crisis response. No person is an island and it is only through sharing of knowledge and experience, that we evolve.

Now, I have become a bit of a pain when it comes to posting. I need you register and I promise not to share your email with anyone else. I will also sometimes check to see whether the person registering is really a professional. And I won’t use the email for any marketing or profiteering. If you want to talk business with me, contact me.

Thanks Paul

Web Host 1&1 Launches Server Management App for iPhone, iPad

Posted on October 20, 2010December 30, 2021 by admini

Launched at the beginning of 2010, the 1&1 Dynamic Cloud Server provides dynamic adaptation of RAM, CPU cores and disk space to deal with changes in server load.

To use the new iPhone app for mobile administration, customers need only insert their 1&1 contract number and password once, and then view all relevant server details in real-time.

http://www.thewhir.com/web-hosting-news/101910_Web_Host_11_Launches_Server_Management_App_for_iPhone_iPad

Four Big Trends Changing Computing, Gartner Says

Posted on October 19, 2010December 30, 2021 by admini

Sondergaard started by talking about how it usually takes about 10 years from when a technology appears until it really changes business, citing the PC, mobile phone, and Internet as example. He noted that while the IBM PC appeared in 1981, it didn’t reach an installed base of 100 million units until 1990. Twenty years ago, Tim Berners-Lee sent the first Web request; by late 1996, there were less than half a million Web sites; but today there are 250 million sites and 1.8 billion Web users. Global IT traffic is doubling every 2 years, and the information we create is moving from 275 exabytes per year to 275 exabytes per day by 2020.

Social computing will blur the lines between enterprise and personal computing, and social networking within and between organizations will massively improve productivity.

Context-aware computing means many more connected devices with sensors that understand the location, language, feelings and dreams of consumers by using patterns to determine your desires.

Pattern-based strategy uses predictive analytics on both structured and unstructured data, but it’s more about a business framework that lets us seek and model patterns, and then adapt accordingly.

Each of these trends is disruptive, he said, but the combination is an “unimaginable force” that will transform not just IT, but business and government.

But while IT budgets grew from $1.2 trillion in 2000 to $2.4 trillion now, overall, they aren’t growing very fast, he said. He said that while IT departments have been internally focused on optimizing processes and costs for the past 20 years, now it was more about business processes.

And he said that while the IT vendor industry is changing — through mergers and acquisitions creating “supervendors” — the four big trends in IT directions will bring this strategy into question.

Eric Knipp said the old rules of IT as a “black box” were ending, as users now have unprecedented IT resources. As a result, CIOs and IT managers must transform themselves from controllers to implementers; implementing “smart control” — managing technology in tighter concert with business goals.

Knipp said the concept of creating IT systems that are “built to last” is obsolete and is being replaced by a new dynamism of “built to change.”

He talked about layering the applications portfolio to systems of record that need to be stable and secure, like a GL; systems of differentiation that you don’t know how long they will last, such as pricing; and systems of innovation, built for ad hoc projects or collaboration.

Nick Jones and Research VP Hung LeHong talked about how all the information available via sensors, social networks, and advanced analytics, were changing all industries from retail, to warehouses, to construction.

Jones said that cloud computing enables quantum change in the economics of IT, letting CIOs save as much as 50 percent of operational costs; and this can allow the funds for IT departments to innovate.

http://blogs.pcmag.com/miller/2010/10/four_big_trends_changing_compu.php