When IT security professionals are asked to describe a “typical” day at the office, there’s usually a wry smile followed by a few moments of hesitation. Considering the wide variety of threats they may face or fires they might fight, it can be hard to come up with a simple summary that an outsider would understand.
Nevertheless, some days are stranger than others. And when things start getting “weird” on the company network, administrators are all but assured of a long night ahead. To mitigate potential damage and increase their odds of an early evening, smart IT pros know it’s all about effective security information and event management (SIEM).
Security and compliance are the primary pillars of risk management in the IT world, yet companies are still having trouble resolving how the two interact. Some assume that the terms are essentially synonymous, just subtle variations on a theme. But others insist that the two are decidedly different, and often end up prioritizing one over the other as a result.
As is often the case, the answer lies somewhere in the middle of this spectrum. While compliance and security are two distinct principles, effectively satisfying each objective depends on keeping them in close alignment with one another.
It’s not a bad time to be on the business side of the cloud. In fact, if you keep up with the latest analyst reports and projections, it’s actually a good time to be in the cloud. Gartner’s most recent IT spending report, released earlier this month, predicts cloud spending to nearly double within the next five years, jumping from $109 billion in 2012 to a cool $207 billion in 2016.
Not too shabby.
Of course, it’s not a bad time to be on the customer side of the cloud either. Massive spending growth for the cloud indicates someone must be doing something right.
However, there is still confusion surrounding the cloud. For all its benefits, there are plenty of myths, misconceptions and general misunderstandings about the technology that may hinder businesses from using the cloud to its utmost potential – or in some cases, may lead businesses to develop too high of expectations.
Ask yourself: Do you need a Security Information and Event Management (SIEM) to maintain PCI compliance?
According to section 10.6 of the latest Payment Card Industry Data Security Standard requirements (PCI DSS v2.0), any entity involved in payment processing is required to perform log analysis at least once daily.
At a recent security conference that I attended, SIEM was the keynote topic. The speaker covered the areas of log retention and reporting in great detail, but fell short in analysis. I asked the speaker to explain the process around creating log analysis, knowing this was a loaded question as we at Virtela have been working on this for years. My intent was not to challenge the speaker; I simply wanted to compare our thoughts about good processes for log analysis . The speaker danced around the subject, answering in abstracts like “try to understand what you are looking for” (not bad, but pretty vague), “understand the threat landscape” (OK, sure that is important, but still pretty vague), and went on about some other lofty ideas, but no concrete “first you do this, followed by this, and then proceed with this…” As I have attended many conferences this year, it is becoming apparent to me that there seems to be a lack of clarity on the subject of operationally defining security events that can be generated (via correlation) from a SIEM. So, I decided to share my thoughts on the subject in hopes of helping those that are trying to deploy a SIEM solution, as well as maybe sparking a healthy debate.
There was a time not too long ago when every conversation about the benefits of the cloud was accompanied by a “but,” followed by something to the tune “what about security?” Businesses were worried that storing their data and running their applications in the cloud presented a security problem, as they would be required to sacrifice control to the hands of some third-party vendor they barely knew.
And their worries were not without merit. It’s true; trusting your data to some other company can – and in some cases should – be a daunting move. After all, in this era of multi-million-dollar data breaches, cybercriminal attacks and the rise of so-called hacktivists, it seems wise to keep your cards close to the vest. You didn’t build the cloud provider’s data center. You don’t know who has access to it on a daily basis. Why on earth would you store your company’s most valuable assets there?
Apple was certainly the talk of the town at this month’s Worldwide Developers Conference, where the company introduced a grocery list of new updates. Between expected announcements for Mac OS X and iOS, as well as a few surprises along the way, Apple demonstrated once again why it’s one of the biggest names in the consumer tech industry.
But then, maybe that description does Apple a disservice. After all, can we really say Apple is still a company geared toward the consumer market? You’re not likely to see a great deal of Mac desktops in the workplace. But the iPhone? In this age of consumerization and bring your own device, seeing one of your co-workers pull out the smartphone isn’t likely to come as much of a surprise anymore.
The amount of data that a company now generates on a day-to-day basis is growing at a breakneck pace. According to a 2010 study by IDC and EMC, the so-called digital universe doubles in size every two years. By 2020, the world will generate roughly 50 times the amount of data that it did in 2011. That equals about 90 zettabytes, which is nothing to shake a stick at.
At the same time, much of this information is coming from unstructured sources, like video and social media. Such data holds valuable potential, but it is only effective if a company knows how to handle it properly.
The bring-your-own-device movement that has emerged in recent years is, for the IT department, kind of like eating brussel sprouts for the first time. You know it’s good for you, and on some level, you even enjoy it. Ultimately, though, it’s unfamiliar territory that you might not be enthusiastic to gobble up.
But unlike brussel sprouts there is legitimate reason to be concerned when it comes to BYOD.
Dawn of a new era
Just a few years ago, BlackBerry ruled the roost of enterprise mobility. Everybody who was anybody had one of these smartphones – which, by today’s standards, were not all that smart. Sure, they allowed you to check email and browse some version of the web. But they lacked the robust apps and appeal of today’s idea of the smartphone. What they might have lacked in functionality, however, they made up for in other areas.
At one point or another, nearly everyone has had a moment of cybersecurity gone wrong. Whether it’s a bit of spyware downloaded from your personal email or a distributed denial of service (DDoS) attack launched against your company’s network, experiences with security threats are not especially rare these days.
But understanding the odds and ends of cyberthreats is something that still eludes the casual computer user. Terms like malware, spyware, DDoS, botnet, advanced persistent threats, we know they’re bad news, but beyond that they’re just jargon used by IT guys and technology pundits. Even those who do claim to understand the nuances of cybersecurity have a tendency to confuse the details or explain them unclearly.
Investing in bandwidth upgrades without knowledge of traffic is like filling a bucket with a leaking hole
“We are growing and need more bandwidth.”
“We’ll need to double the bandwidth as we are over-utilizing the existing pipe.”
These are common complaints – or requirements – of CIOs and Network/IT managers. Upgrading bandwidth to meet business demands is critical. But equally important is the need to know what traffic types are flowing across the network. Are users making right use of the current bandwidth? Is a DS3 being fully utilized with production or business traffic?
Most companies do not identify their traffic flow due to lack of time, resources, or skill. Budget is commonly available to upgrade the bandwidth but not to analyze the traffic, which is rarely considered a necessity under the assumption that all traffic is legitimate traffic. As a result, it’s comparatively easy to make a business case to upgrade bandwidth than it is to invest in identifying the traffic.