Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. It turns out that UK businesses are leading Europe on Cloud Adoption 40% to 33%. But a whopping 35% of respondents do not plan to use Cloud for any IT services (actually 35.6% in Europe and 31.8% in the UK). This is a huge impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and PaaS respectively Software as a Service, Infrastructure as a Service and Platform as a Service. Let’s spin this another way: 60% of respondents are not using Cloud yet, and of these more than half do not plan to use it at all. Why is that?  How come despite all the benefits around Clouds, so many are not planning on leveraging this approach to IT? The survey doesn’t provide answers.  But it gives interesting clues concerning the role of underlying R... (more)

Kneber: Another Bot Attack

Another hack attack hits the headlines Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer. Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes: 68,000 corporate log-in credentials Access to ... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 3

We'll see below some examples of security attack scenario that many people will put forth as a perfect example of how powerful, valuable and simple correlation is. As you can see, the overall approach of using static rule-based correlation on these is simply flawed. Attack Scenario Example 1: Identity Theft There are numerous ways to perform an Identity Theft attack, but let's focus on just one of them, recognizing that somebody cannot be in two places at the same time and hence that a user cannot log in your infrastructure from VPN and locally from the office "at the same time."... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea... (Part 6 - APTs)

APTs, Advanced Persistent Threats, are the anti-script-kiddies approach to penetrating an environment. Can static rule-based correlation catch these? APT Attackers Love Correlation Environments You remember that "False Sense of Security," the feeling that you are secure, but in fact you're not...? Attackers know that an attack is a process, it is not an event. And they use this - and they use time - to their advantage. They use time scales that static rule-based correlation simply cannot cope with. If you want to correlate disparate events, you need to keep state information on th... (more)

Logs for Better Clouds - Part 3: On-Demand Rightsizing

Cloud Computing on Ulitzer Last time we saw the difficulty in Predictive Rightsizing, a frustrating exercize based on "guesstimation" aimed at predicting future SLA in an everchanging business environment... So what's the answer? The solution is a truly dynamic, elastic, real-time on-demand SLA with a provisioning that is transparent to the users. Provided that you stay within some reasonable boundaries, you can use as many resources as you need, or as few as required, ramping up and slowing down resource usage, without having to provision SLA in advance of usage. This is the ul... (more)