Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gorka Sadowski

ISACA, the Information Systems Audit and Control Association just surveyed 1 529 of its members across 50 countries in EMEA. It turns out that UK businesses are leading Europe on Cloud Adoption 40% to 33%. But a whopping 35% of respondents do not plan to use Cloud for any IT services (actually 35.6% in Europe and 31.8% in the UK). This is a huge impediment to the growth of ItaaS – IT as a Service, such as SaaS, IaaS and PaaS respectively Software as a Service, Infrastructure as a Service and Platform as a Service. Let’s spin this another way: 60% of respondents are not using Cloud yet, and of these more than half do not plan to use it at all. Why is that?  How come despite all the benefits around Clouds, so many are not planning on leveraging this approach to IT? The survey doesn’t provide answers.  But it gives interesting clues concerning the role of underlying R... (more)

Logs for Better Clouds - Part 2

Last time, we saw that the biggest impediments to Cloud Provider's adoption are Trust and Visibility. Today, we'll look at the difficulty of predictive rightsizing, and how elasticity is one of the biggest value proposition of Cloud Providers. One advantage of Cloud Computing is elasticity with self-provisioning, which provides a level of flexibility that didn't exist with traditional Managed Service Providers, and which also allows the selection of a level of service and performance that is close to what is needed. With "traditional" MSPs (Managed Service Providers) and outsource... (more)

Conclusion: Why Rule-Based Log Correlation Is Almost a Good Idea...

During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought it was. Indeed what to think about a "solution" that: Can only address a very limited set of attack scenarios Requires meticulous consideration on how to map out the few selected attack scenarios Doesn't guarantee you to catch attacks in progress even when one of the few selected scenario is taking place Obliges you to think of minute details to slightly reduce false positives Yields hundreds and thousands of basic correlat... (more)

Why Rule-Based Log Correlation Is Almost a Good Idea: The Future of SIEM

These past few weeks, I published several blogs pointing out problems with static rule-based correlation, their current limitations, their high TCO, etc. Because these solutions have been sold for many years as the be all and end all to security problems, it has created false expectations in the industry and among clients. But SIEM as a general discipline holds plenty of promises, so let's not throw the baby with the bathwater. Let's think of static rule-based correlation as the engine for the first generation of Security Information and Event Management (SIEM). Looking in my c... (more)

Fraud Detection, Financial Industry and E-Commerce | Part 2

First-party fraud involves fraudsters who apply for credit cards, loans, overdrafts and unsecured banking credit lines with no intention of paying them back. It is a serious problem for banking institutions. U.S. banks lose tens of billions of dollars every year (1) to first-party fraud, which is estimated account for as much as one-quarter or more of total consumer credit charge-offs in the United States (2). It is further estimated that 10%-20% of unsecured bad debt at leading US and European banks is misclassified, and is actually first-party fraud (3). Contrary to third-part... (more)