The security monitoring and correlation like tools of today are inundated with data flows and struggle to keep up. Consider this, a relatively small environment whose devices produce 2,500 Events Per Second translates to 216 Million events per day. Those events create alerts and those alerts create incidents. Incidents drive activity for analysts and the more incidents delivered by the monitoring systems, the more analysts needed. This avalanche of data and alerts come from numerous, disparate devices in our environments that forward data to log managers, SIEMs and other security management systems. The challenge in digesting that data has created an enormous workload on analytics teams, making it exceptionally difficult to determine which events require attention. Not to mention determining that in a timely manner.
A user calls IT to report that they can’t open files in a network share. Nick Burns (Your Company’s Computer Guy) starts checking permissions on the folder and share, and confirms the user has valid access. He opens up the share and discovers files with .xxx filename extensions and they appear encrypted. He looks through other folders on the share and finds that every other folder in that share has the same thing. He then logs in to the AV console to see if he can find any evidence of virus activity on the desktops. After a few minutes, he determines that there are two machines that have had some interesting activity and rushes out to check on each of them.
The biggest problem our customers are wrestling with is their culture.
One of the things we like to do at Lumenate is hold executive briefings with our current and prospective clients. The idea is simple, we bring in a group of our Practice Managers, subject matter experts and business leads to spend a few hours of open dialog with clients. Beforehand we ask those clients to tell us about their key areas of interest, it’s wide open, we’ll cover just about any topics and ideally drill into specific challenges they’re facing. Those that attend represent a wide range of industries, organization types and sizes. We have healthcare clients, utilities, government agencies, startups and 100 year old firms.
Just a few years ago datacenter infrastructure decisions were much easier to make, whether you were building a greenfield environment or refreshing end of life hardware. Most of the workloads that could be virtualized had already been virtualized, so your hypervisor choice was simple. All you had to do was choose switches, storage, and begin your rollout. Even your Enterprise IT organization structure was setup along these lines of infrastructure. The network team took care of the network. The server team took care of the various VMs, hypervisors, and OS. Lastly, in larger organizations you had a dedicated NAS/SAN team to manage the traditional storage array. Life was good and all was right in the world.
As a security professional you make large investments in protecting your enterprise against cyberattacks. Not wanting to put all your eggs in one basket, you layer your security using numerous technologies. You successfully deploy these solutions and ramp up your team to manage these solutions.
From punch cards - to PC’s - to Platform 3, technology has evolved to become consumer focused, enabling and career changing. From back office operations - to boardroom communication - to business community relations, the role of the Manager of Data Processing to the Director of MIS to the current day “next generation Chief Information Officer” has evolved into a business enabling and community serving executive position with a laser focus on business outcomes.
Big data has transitioned from a vague and grandiose concept spurred by web innovators into a plethora of clear, documented, and actionable technologies that enable organizations to create, store, retrieve, and analyze data more efficiently. It is important to differentiate two disparate types of big data: operational and analytical.
Protect Those Apps!
So you’re the new manager of the desktop team or the risk and security officer, congratulations to you on the new job and duties! One of those new responsibilities is to ensure that your assets and software inventories line up with what your organization has published for use via your Common Operating Environment (COE). But other than Group Policy Objects in Active Directory, what tools are at your disposal to accomplish your job and how flexible are those tools?