As I sat down to watch the new James Bond film with my usual supplies of fizzy drinks and sugary sweets, I was very surprised when he decided to take on the cyber terrorist at large and solve the problem single-handedly, physically and without the need for a Security product in sight!
Of course we don’t all have our a secret agent in our organization, driving around eradicating danger. However, security teams can prepare and have clear flexible strategies in place to reduce risk on their network.
The premise of the film (spoiler alert) is a cyber terrorist getting into the British Secret Service network undetected and causing harm to key personnel. The clever methods used to infiltrate the network highlight what is happening on a daily basis to security teams globally, and though a great film, probably made many security personnel squirm slightly in their chairs when seeing the consequences that could occur!
From internal constraints to the rise of Advanced Persistent Threats (an ESG research report highlighted that 59% of enterprise organizations think they have been a target of on APT attack), the role of the security team is becoming ever more complex. The requirement for a clear security strategy, which is able to adapt and be flexible to an organization evolving needs, is vital.
In an exclusive webcast with Dark Reading on 12/13/2012 at 1200 ET Q1 Labs very own James Bond, Michael Applebaum and Jon Oltsik, Senior Principal Analyst at ESG will be presenting “Information Security in Transition: Top things to consider in 2013”. In this must attend event there will be recommendations on how to improve your organizations’ information security model and importantly key issues that you are likely to face in 2013.
If you don’t want to wait for our webcast to get this information, please download Jon Oltsik’s report “Enterprise Information Security in Transition”.
As the news broke that the final trilogy of Star Wars was going to be made, I was excited and intrigued about the plot. However, one question I always ask myself is, “How different would the story have been if the Deathstar were more secure?”
Along with most Star Wars fans, the moment when the rebel alliance flew in on mass to destroy the Deathstar was one of great intrigue. With a power so great and protection around the entire perimeter of the battlestation, how could it ever be penetrated?
Of course the hero, Luke Skywalker, comes to save the day by finding a small gap and, undetected, he flies through to the center of the Deathstar, destroying it and escaping without a single scratch.
When comparing this scenario to what we see everyday in the news regarding cyber attacks, it is very similar- right down to the part where organizations react to the breach far too late. It is of utmost importance for organizations to make sure they are able to see and react instantly when a security breach is happening, no matter how small. As we see with the case of the Deathstar, it only takes one opening for an attacker to slip in and cause a tremendous amount of damage. We only have to see this in the news, where an attacker describes how he stole a database of 150,000 contacts using a SQL injection (more details) without any reaction.
Having a thorough Security Intelligence strategy in place, with a next generation SIEM as the center piece, is vital for an organization. With the advantage of real-time normalization and correlation across your network, any abnormal behavior will be highlighted and notified immediately to your security team, detailing where, when, how, what and why about the attack.
It is just my opinion, but if the Deathstar had an anomaly detection system to highlight immediately when enemies were within its network, Darth Vader would have had a much easier life…. “May the Force be with you”.
To learn more about securing your own “Deathstar,” watch this Dark Reading webcast featuring end user Richard Webster, Senior Manager of Security at Sanofi, and Michael Applebaum, Director of Product Marketing at Q1 Labs, an IBM Company. In it, they discuss real-world lessons about applying Security Intelligence and next-generation SIEM for threat protection.
The worry to organizations however, is the number of these hackers who have never studied computer science but have an ambition to be a software developer and see it as a challenge to try to break into a businesses network undetected. Although this may seem an innocent personal challenge to them, this is ultimately aligned with greed and more often than not these people want to go for bigger and better.
Security teams need to be aware of methods to detect and instantly act upon this type of malicious hacking from so called “amateurs.” The IBM X-Force 2012 Mid-year Trend and Risk Report details the variety of attacks that a business could expect a hacker to use (read more here). A key point highlighted is the complexity of an organization’s network, moving from a traditional office only model to a world of interconnected devices and services. This has made it increasingly difficult to get a clear real-time snapshot of what is happening in the network, making it easier for amateur hackers to get in without raising any alarms.
In a recorded webcast with SCMagazine UK, Chris Poulin, IBM Security Systems Strategist details how to combat these young hackers, through QRadar’s anomaly detection capabilities and advanced forensic analysis, to quickly identify when a breach is occurring on your network. Click here to view.
With due deference to Oscar Wilde, companies are becoming increasingly ‘earnest’ in their approach to gaining greater intelligence about their security posture.
Media headlines have shown us over the past couple of years that there is an ever-increasing number of security breaches, and what has surprised many security experts is the variety and sophistication of these attacks.
The targeting of specific individuals and groups within an organization; aimed at compromising confidential information has led to security being not just an ad hoc topic in the boardroom but a “top of the agenda” discussion point.
The recent study “Finding a strategic voice” by IBM Center for Applied Insights revealed that over 2/3 of the security leaders interviewed, said their senior execs are paying more attention to security than two years ago and that there is an increased shift towards risk management, meaning organizations are focusing on being more proactive than reactive.
An interesting statistic by EU Justice Commissioner, Viviane Reading, at the Digital Life Design (DLD) conference in Munich Jan 2012, backed the importance of data protection: “In 1993, the Internet carried only 1% of all telecommunicated information. Today, the figure has risen to more than 97%”. This just shows how much easier it is for hacktivists to harness information and plan targeted attacks on a certain individuals online profile.
The need for long-term security strategies that allow organizations to harness their volumes of security-relevant information, has become ever more crucial. We call the product of these strategies ‘security intelligence’.
To help aid your organizations security strategy and provide learn real-world lessons about applying Security Intelligence and next-generation SIEM for threat protection, forensics and network visibility, Q1 Labs, an IBM Company, has two webcasts that you should attend:
Dark Reading Webcast:
“Gaining Insight and Visibility with Next-Generation SIEM: An End User Perspective”
12th September 1200-1300 ET
SC MAG UK Webcast:
“Avoiding the front page; Security strategies to stay out of the headlines”
26th September 1500-1600 GMT (1000-1100 ET)
Borrowing a line from Oscar Wilde’s immortal play: “To miss one of these webinars would be considered unfortunate, to miss both would be downright careless!”
Government agencies, like their private sector brethren, are knee deep in IT security challenges, threats, and regulations. While that’s not much of a shock, this might be – according to the Government Accountability Office, the number of reported security incidents increased by over 650 percent during fiscal years 2006–2010. At the same time, government agencies have widespread deficiencies in security controls, leading to vulnerabilities undetected breaches, and insider fraud.
To help meet these challenges, the federal government is implementing a risk-based IT security strategy based on deploying enterprise continuous monitoring solutions. These solutions will continually assess the actual security state of agencies’ IT networks and systems, while providing scoring information that managers can use to prioritize actions needed to reduce risk and improve their security grades. Continuous monitoring will enable agencies to determine their own security health and compare it to other agencies. Scoring will also allow the different lines of business within an agency to more effectively work together, while enabling agencies to gain the same operating efficiencies from IT investments that Fortune 500 companies have realized.
Recently, along with our friends at 1105 Media and partner Accuvant, we discussed the importance of continuous monitoring and related steps agencies should take while approaching it. Security intelligence plays a critical role in achieving continuous monitoring because of its ability to centralize information into a single console from various data sources.
Most importantly, we talked about how many government agencies are successfully addressing previously disparate functions — including SIEM, risk management, log management, and network behavior analytics — into a total security intelligence solution that fits the constrained budgets and resources of government agencies. The QRadar Security Intelligence Platform enables our customers to leverage existing assets, stabilize budgets, and easily comply with new mandates while maintaining a proactive stance on risk management and security.
If you missed the webinar, or just want to revisit it, watch the whole thing HERE. For a deeper look at how security intelligence helps federal agencies adopt a continuous monitoring security program without requiring additional resources, download this white paper.