Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

This article discusses some of the main defensive security solutions used today and explains the reasons why employing a Log Management and Intelligence solution is critical to complement these protection methods. Let's first look at the most common defensive security solutions that have been popular these past few years. This is not an exhaustive list of all existing technologies, but rather a high-level view of some of the prevalent ones. 1.       Anti-virus 2.       Firewalls/VPN 3.       IDS/IPS 4.       Anti-Trojan/worms 5.       Anti-Spyware 6.       SIEMs These correspond to an approach called "Defense in Depth" that aims to put successive rings of protection between the bad guys and the information to protect, making successful attacks harder and harder. There are other types of security solutions, such as proactive security (Vulnerability Management and... (more)

Logs for Better Clouds - Part 6

Log Collection and Reporting requirements So far in this series we have addressed: Trust, visibility, transparency. SLA reports and service usage measurement. Daisy chaining clouds. Transitive Trust. Intelligent reports that don't give away confidential information. Logs.  Log Management. Now, not all Log Management solutions are created equal, so what are some high-level Log Collection and Reporting requirements that apply to Log Management solutions? Log Collection A sound Log Management solution needs to be flexible to collect logs from a wide variety of log sources, including b... (more)

Log for Better Clouds - Part 8: Cloud Portability

Cloud Portability. (In the context of Logs of course!!) So the honeymoon is over. The Cloud Provider that you so carefully selected is not performing like you expected and you are eying the competition.  You might even be considering re-insourcing back some of your IT services. So what happens to all the logs? As a customer, can you Trust that your Provider(s) will not let you down and mess with your logs? Well, first off, whose logs are they?  Are they the Provider's logs because they are logs generated by their physical equipment, or are these your logs because they trace your... (more)

Preventive Security Through Behavior Modification - Part 3

This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crime, but also as evidence in a court of law, provided that they have been properly managed. Second, logs are widely available. Logs have been around for the past 25 years and today all electronic equipments are capable of generating logs. Third, best practices for log management are mature, all system adm... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 3

We'll see below some examples of security attack scenario that many people will put forth as a perfect example of how powerful, valuable and simple correlation is. As you can see, the overall approach of using static rule-based correlation on these is simply flawed. Attack Scenario Example 1: Identity Theft There are numerous ways to perform an Identity Theft attack, but let's focus on just one of them, recognizing that somebody cannot be in two places at the same time and hence that a user cannot log in your infrastructure from VPN and locally from the office "at the same time."... (more)