Category: Cloud Security
Posted by Melissa Stevens in Cloud Security, Cybersecurity, In the Industry
What control do you have over data once it leaves your network? Do you have any idea where it’s been, or what’s been done to it?
In his latest contribution at Security Week, Chris Poulin ponders the concept of smarter data; data that is self aware. In an effort to combat security issues with “free-range data”- issues like lack of access control, identification and tamper-proofing- Poulin suggests that looking at data as an object made up of code, properties and of course, the data itself, would eliminate these security challenges.
He says, “Putting on my developer’s hat, I envision data as an object composed of some sort of universal code, the data, and accompanying properties. To protect the information and code, it could only be run on a system controlled by the data’s owner, perhaps using a method similar to public/private key pairs, and aside from innocuous information about the certificate, everything else is encrypted.
The benefits are manifold: you could revoke access to any individual at any time, self-destruct the data (well, the decryption keys anyway), and implement true data-in-motion DLP, just to name a few. Additionally, you could provide tiered access to the data or properties based on role or user, which would be useful in helping cloud providers make intelligent decision on how to store and handle the data, for example.”
Click here to read the full article, “Self Aware Data? Smarter for Sure,” and share your thoughts on Poulin’s ideas about smarter data. Is he dreaming big or just dreaming?
Posted by Melissa Stevens in Cloud Security, Cybersecurity, In the Industry, Security Intelligence
As a marketing professional, I have a confession to make: I am slightly obsessed with infographics. That’s why I was so excited when my colleague at Q1 Labs decided to create one of our own.
But, I’m not the only one who thinks infographics are a great way to visualize large amounts of information; I’ve heard others calling 2011 “the year of the infographic”. So, why the buzz? Read this quote from Soshable.com describing the value this tool provides to viewers:
Rather than read a long article that describes data, infographics puts the data into a format that can be more easily taken in and can add a layer to the understanding by appealing to our natural visual acuity.
Since one of the problems we solve with our Security Intelligence solutions is consolidating massive amounts of disparate raw data from the entire enterprise (network elements, data center assets, hosts, private and public cloud services, you name it) in the form of logs, events, external threat data, network flows, etc., into actionable, meaningful insight for companies- I think infographics have a purpose that is similar to our own. For that reason, in honor of the infographic, I bring you a list of the top cyber-security related posts from around the web. Enjoy!
1) The Evolution of Modern SIEM
Depiction of the change SIEM technology has undergone to evolve towards Security Intelligence.
Click to view full image
2) 8 levels of information Technology Security
“In a world of viruses, malware, and hackers, information security is a big deal. One single method of IT security cannot insure protection of mission-critical data.”
Click to view full image
3) Computer Threats: A Breakdown: The Spreading Infection of Software Virus & Scams
“Depicts the growing cyber-threat landscape, including viruses, breaches, phishing scams and more.”
Click to view full image
4) Infographic Summarizes the News of the World Phone Hacking Scandal
“The infographic, titled, “News of the Scandal: The Story That Destroyed a 168 Year Old Newspaper” provides a detailed timeline with pivotal events, key players and technology-enabled privacy breaches that destroyed the 168 year old publication.”
Click to view full image
5) IT Security & The Cost of Breaches
“There are a number of tools to fight negligence, including education, executing best practices and vigilance. More challenging is increasing data protection amid the surge in malicious attacks coming from inside and outside the organization…
[This] infographic… produced by SEO.com for Dell, gives a bit more context for the threat environment.”
Click to view full image
6) A Short History on Hacking
“Hacking has become much more than a word that moved from the pseudo-urban dictionary to the “real” dictionary; it’s part of a job description that could mess up your world in a flash…This visual story from OnlineMBA.com also quantifies the damage.”
Click to view full image
7) The Cost of Data Security
“From Pragmatix, here’s an infographic that looks at the financial consequences of data breaches.”
Click to view full image
Why government leaders are focused on Cyber Security
“CyberThreat_US is a new series from OhMyGov exploring the urgent cybersecurity issues faced by the U.S. government.”
Click to view full image
9) The PSN Security Breach
“Just how much financial damage have the attacks on Sony caused this year? The numbers are still climbing, but this new infographic outlines the chain of events that have led to millions of PSN users’ information being compromised”
Click to view full image
10) Hack Attack: Lulzsec’s Hacks and Security Stats
“This year has seen the rise of hackers in the public eye, groups such as Anonymous and Lulz Security (Lulzsec) have breached the security of some of the biggest brands on the planet.”
Click to view full image
Posted by Melissa Stevens in Cloud Security, Cybersecurity, Federal, Security Intelligence, SIEM, Threat Management
Click image to launch video
Last week I shared part one of John Burnham’s discussion of the INSA study released earlier this month. In this post, we continue the conversation and move onto the role of Security Intelligence as a cloud and how it could be used as part of a comprehensive cyber-strategy.
John cites a QRadar Security Intelligence customer, The Salt River Project (the nation’s third largest public power and utility company), as an example of an organization who has used next-gen SIEM to cross organizational divides. He explains that the federal government could deploy Security Intelligence across all organizations under the umbrella of the Department of Homeland Security (DHS) to collect and report data securely and confidentially to DHS, much like The Salt River Project has done to collect intelligence across its several internal agencies.
Watch the video to hear what else John thinks the Federal Government could be doing to strengthen their strategy for preventing cyber-threats.
Posted by Todd Harris in Cloud Security, Security Intelligence
While I only have one first cousin, we have bizarre similarities and notable differences. First off, she’s 12 and about ten times smarter than I am (yes, I set myself up with that one). We share some slightly similar facial features, personality traits, and food tastes that favor northern Italian cuisine. She is an accomplished violinist already. I hack at my guitar every once in a blue moon. Anyway… enough kicking myself in the teeth.
What does this have to do with SIEM and cloud computing? Similar to my previous “cloud security” themed post, I will again reference the best practices paper by Q1 Labs’ CSO Chris Poulin. In this, he suggests that SIEM itself provides a cloud-type capability and is structurally similar. I find this a very interesting correlation and pretty darn accurate in many ways. Lets get into it.
A classic SIEM is fed data from all around an organization via different groups with varying requirements and responsibilities. These groups cross organizational divides and often have very different interests, data types, and use cases. SIEM has definitive customers and providers, as do cloud providers. For example, the systems management group may feed Microsoft Windows Active Directory events into the SIEM to be alerted on user login failures, signaling a brute-force password attack or escalation of privileges attempt.
Cloud providers are fed data from different customers, expecting their data to be protected, segmented from other customers, controlled, secured, and monitored. A cloud provider is also expected to not access customer data for their use or benefit unless allowed by the customer. While this may not 100% correlate to a SIEM environment, there are contractual obligations between the operational management function and SIEM consumers to ensure processes are in place to handle potential incidents, empowering the data owners and developing a clear escalation process.
Related: What’s in a cloud security plan?
This points out one of the differences between cloud and SIEM, and why they might be cousins, yet only distant cousins. The SIEM provider generally has total context and an overarching security responsibility, otherwise known as security intelligence, that spans across data from all groups. For example, correlating vulnerability scanner results with firewall logs and network activity to detect an active threat. In the case of cloud services, there is a clear dividing line between roles and responsibilities; especially involving customer data. The data belongs to the customer and has to be treated differently. An example is GMail. Most likely, it wouldn’t be accepted if Google started reading our email or forwarding it to other GMail users. Okay, they are reading it, but hopefully not forwarding.
What do you think, are there other similarities between cloud and SIEM? Besides SIEM being a lot smarter than cloud, that is.
Learn more about IT Security best practices in cloud environments.
Posted by Todd Harris in Cloud Security, Security Intelligence
Q1 Labs’ CSO, Chris Poulin, recently authored a paper defining best practices for IT Security in a cloud environment. In this, he covers some interesting viewpoints on various hurdles expected when organizations secure their public or private cloud environments, as well as the steps necessary to create an effective security policy, and the similarities between SIEM and cloud environments.
Since this is a week of two major cloud related conferences - VMworld and Dreamforce – let’s talk cloud security!
What are a few of the steps cloud providers and customers can take when building out their own cloud security plan? One major chunk of the process is to start with an assessment of risk. That is, understand your current data types, locations, business processes, and information flow. Understand where the critically sensitive data is. Just like any other enterprise, cloud computing requires customers and cloud providers to define their own information topology before any reasonable security policy can be defined and implemented.
Step 1: Discovery
Know where all of your data is, no matter how you classify it. The key is uncovering the difference between the data that can and cannot be housed in the cloud. An eDiscovery process is recommended to locate buried and even misplaced data. Too often organizations find that Personally Identifiable Information (PII) is mixed with less critical data and matched with the wrong security protocols.
Step 2: Classification
After understanding where your data is, it needs to be classified appropriately and distributed to systems with security controls to match the data sensitivity. This step alone can help you make progress meeting various compliance regulations.
Step 3: Data transit
SIEM can help define your data transit policy by monitoring endpoints, firewalls, and network activity to govern if the data should be allowed to proceed to the cloud or not. Content-aware network profiling from Data Loss Prevention (DLP) solutions can fed to the SIEM to perform more complex correlations with other data feeds. For example, watch for PII such as a social security number in a patient healthcare record and combine that with the firewall logs and network activity found within a SIEM to gain a bigger picture of malicious activity.
As Chris Poulin has blogged, there is no question that more modern SIEM (a.k.a. Security Intelligence) solutions have their place in the cloud. It’s not a matter of if SIEM is ready for the cloud, but if the cloud is ready for SIEM. For more on IT Security best practices in cloud environments, take a spin through Chris’ complete writeup.
Related: SIEM and Cloud might be cousins
The latest on Cyber Security