Security is a Holistic Proposition

Gorka Sadowski

Subscribe to Gorka Sadowski: eMailAlertsEmail Alerts
Get Gorka Sadowski: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Articles from Gorka Sadowski
In this series of blogs we will expose how fraudsters operate, we will run through several typical fraud scenarios, we will investigate where, how and why legacy detection solutions fall short, and what can be done to improve them. Banks and Insurance companies lose billions of dollar...
The debate between data and information has been going on for quite some time. When people say “knowledge is power”, are they referring to data or information? Is knowledge different still? And how about “intelligence” where does that fit? How can we go from data to information to kno...
You bought a static rule-based correlation and you want to get the most out of it, or are you planning on getting and deploying one? There are some simple steps you can take to maximize its efficiency. The main use case for correlation is real-time incident management, so you need a 2...
These past few weeks, I published several blogs pointing out problems with static rule based correlation, their current limitations, their high TCO, etc. Because these solutions have been sold for many years as the end all be all to security problems, it has created false expectations...
Disappointed with your SOC in a box solution? Here are a few steps to improve your static rule based correlation solution... During these past few weeks, we have looked at several reasons why a static rule based correlation is not the "SOC in a Box", end-all be all that many thought i...
Compounding the combinatory explosion in the number of static-based correlation rules, it is impossible to correlate 100% of all your logs, it is just too expensive and not practical. Read on... A correlation engine works really hard, even when dealing with a limited set of scenarios:...
We'll see below some examples of security attack scenario that many people will put forth as a perfect example of how powerful, valuable and simple correlation is. As you can see, the overall approach of using static rule-based correlation on these is simply flawed. Attack Scenario E...
We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios fo...
In this installment, we'll see that modeling attack scenario is doomed for failure. Attacks are not deterministic, and trying to model an attack as a series of discrete steps will just not work. By managing all your logs you get universal visibility in everything that is happening in...
Rule-based log correlation is almost a good idea. It sounds like a good idea, it appears to be a good idea and many people will tell you it’s a good idea, but in fact it is not. Rule-based log correlation is very complex, limited in use and applicability, and boasts a terrible ROI. ...
Last week we saw that a proper Log Management tool is a powerful tool to catch the bad guys. Advertise your use of such a tool and you will send a clear signal to would-be attackers that they will be caught, which will act as a powerful deterrent, and curb bad behaviors. A 2004 study...
This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crim...
Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right? Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries. This is not a straightforward Trojan - a sim...
These correspond to an approach called "Defense in Depth" that aims to put successive rings of protection between the bad guys and the information to protect, making successful attacks harder and harder. There are other types of security solutions, such as proactive security (Vulner...