Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gorka Sadowski

The debate between data and information has been going on for quite some time. When people say "knowledge is power", are they referring to data or information? Is knowledge different still? And how about "intelligence" where does that fit? How can we go from data to information to knowledge to intelligence? The answer is simple. By understanding the animated nature of data evolution and transformation, and acting upon this understanding. And this is brought to light by logs from your Information Systems. Understand this and unleash the Power of Logs. Figure 1 - Data to Information to Knowledge to Intelligence, and the role of logs as metadata Data seems mainly one-dimensional. Consult any data base or data warehouse, perform even complex queries on these and you will get a "flat" answer. The fact that you get a single answer will make you think that data is absolut... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea - Part 2

Rule-based log correlation is based on modeling attack scenarios Back to the visibility aspect. "By managing all your logs you get universal visibility in everything that is happening in your IT infrastructure." Yes, this is a true statement. But to tell that you can easily flag security attacks using rule-based correlation is a major overstatement. Rule-based correlation essentially automates the "If this is happening here" and "That is happening there" then "We have a problem." More precisely, "If this precise event is taking place at this particular time in this specific device... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea (Part 8)

You bought a static rule-based correlation and you want to get the most out of it, or are you planning on getting and deploying one? There are some simple steps you can take to maximize its efficiency. Ask Yourself If You Can Really Afford In-house Real-Time Incident Management The main use case for correlation is real-time incident management, so you need a 24x7x365 team of forensics experts to validate and follow-up on alerts - in real time. No need to have real-time correlation if you only have a 9-5 operation... If an alarm goes on at 3.a.m., do you have the skilled staff to act... (more)

Kneber: Another Bot Attack

Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer. Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes: 68,000 corporate log-in credentials Access to ... (more)

Back from SecureCloud 2010 in Barcelona

Back from SecureCloud 2010 in Barcelona I’ve been in information and system security for almost 20 years. Yes it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in the making; I was working on Arpanet and Internet wasn’t born; and information security was a non-issue, all my friends, colleagues, coworkers and family were telling me “don’t even try and make a living out of this dead-end information security thingy stuff”. But somehow I was convinced that it would be a great ride, that it would be fun and that I had to do it. My crystal ball was crystal clear,... (more)