The Sys Admin Did It!
Like the butler in classic murder mysteries, we’re quick to suspect the person with unfettered access, and that’s often the proverbial “red herring”. The 2011 Verizon Data Breach Investigations Report (DBIR) provides system administrators with a statistical alibi. Apparently, the System/Network Administrator was the culprit in only 3% of their investigations. The Verizon team speculates that the while these people do have the “keys to the kingdom,” perhaps someone changed the locks.
Continue reading...28. April 2011
From Point of Entry to Compromise
The leather-clad Trinity, of Matrix fame, runs an Nmap port scan against a target IP address, detects a vulnerable SSH service and, a few keystrokes later, has root access to the power grid. This is the view many hold of the cyber threats we face, but the 2011 Verizon Data Breach Investigations Report (DBIR) tries to downplay this scenario and paints a distinctly different picture. Whether it's leather pants or dragon tattoos, let’s hope you’re not the target of the fictional heroines of hackerdom...
Continue reading...27. April 2011
Log Management: Bad News, Good News
The “bad news” is that log management has failed miserably. The “good news” is that it can’t get any worse. That’s the obvious conclusion from the 2011 Verizon Data Breach Investigation Report (DBIR) where they report that NONE of the breaches they investigated were detected via log analysis. In a half-hearted attempt at humor, the authors of the DBIR do try to make the point that things “are only looking up from here.” I wish that were true...
Continue reading...26. April 2011
Secret Service – Guarding Presidents and Payments
The Secret Service may be best known for their role as the President’s guardians, but it’s their role protecting the U.S. currency that has them guarding all forms of payment and financial systems, and actively pursuing cybercriminals. While this group may not need to “take a bullet” for us, we know it’s a complex task that spans the globe, so we just wanted to take a moment to recognize their efforts and say, “Thanks”.
Continue reading...25. April 2011
2011 Verizon DBIR: Insights and Opportunities
The annual Verizon Data Breach Investigations Report (DBIR) is making headlines, generating tweets and motivating blog posts – like this one. Weighing in at 74 pages, it’s a significant report, and if you’re serious about getting a “state of the union” handle on network security, I encourage you to read it (several times).
Continue reading...16. April 2011
Barracuda: Got SIEM?
The announcement of a breach at Barracuda Networks is only the most recent among several high profile network security companies. We applaud Barracuda’s announcement and the description of what happened. It’s important that the industry share this information and accept that breaches happen – even among some of the most sophisticated networks, using some of the best products available. An SC Magazine article on the Barracuda breach, and others, suggests that the breach “highlights the importance of defense-in-depth.” They’re missing the point...
Continue reading...2. April 2011
Trading Risk Paralysis for Actionable Intelligence
So, you've patched, you've scanned, you're PCI compliant, and you still get breached…
Continue reading...17. March 2011
RSAC 2011: Talk About a SIEM Revolution
At this year’s RSA Conference, I was struck by the number of times SIEM was mentioned. In every discussion on data, incident response, and/or compliance, I heard “well, you’ve got to do something with it, and a good SIEM can help.”
Continue reading...25. February 2011
RSAC 2011: Looking to the Future
As we wrapped up the week at the RSA Conference, I went from looking backward to looking forward. There was a lot of talk about things we already know that we could be doing better, but there's always the undeniable fact that the IT/security landscape, and the threats that come with it, are constantly evolving. What do we see as we look forward, not just into 2011, but beyond?
Continue reading...18. February 2011
RSAC 2011: The Midmarket View
TriGeo has a well-deserved reputation for delivering award-winning SIEM technology that’s built for the SME. We know this market, so as I sat through days of RSA presentations, I started to tally up the obvious disconnects, mixed messages and faulty assumptions that you hear from enterprise vendors as they try to re-frame the discussion for the midsize universe. Here's three of the biggest...
Continue reading...
2. May 2011
0 Comments