Search The Situational Room
Tags
infosecurity security management cyberattack Stuxnet CISO APT SIEM cybersecurity situational awareness SIEM is Dead Advanced Persistent Threats compliance automation Sony data correlation insider threats enterprise security compliance Unified Situational Awareness data breach wikileaks PCI strategy infosec podcast Information Security
RSA and The “New Normal” of Cybersecurity – Part 4
Near-Real Time Visibility to Make Effective Decisions.
by John Linkous
Last week, RSA announced that a successful advanced persistent threat (APT) attack against the company’s infrastructure has resulted in the exfiltration of data that could potentially be used to reduce the effectiveness of RSA’s wildly popular SecurID two-factor authentication products. While we don’t yet know what was compromised (A token seeding database? Future product design data? We may never know…) or who conducted the attack (China? The Anonymous group?), we do know one thing: the perception of the effectiveness of “secure” authentication and encryption has been deeply shaken. The fallout from this compromise will likely be swift, and significant.
In my previous post I offered three things that organizations can do to mitigate these complex, advanced threats.
Having Access to All Security Data
Knowing How All the Security Data is Related
Near-Real Time Visibility to Make Effective Decisions.
In this final post I want to look at achieving near-real-time visibility of your security position to aide effective decision-making.
Recently, I spoke with with a global financial services firm that discussed how they were bringing together all of their security data (both event-based, and non-event based) into a single database platform, front-ended with a business intelligence (BI) tool to run queries and analysis. Certainly, there’s nothing wrong with that; however, that approach is not the same thing as situational awareness. Why? Because it doesn’t provide the ability to make decisions in real-time. It cannot help you if you’re in the process of experiencing an APT attack; it can only help you discover the attack pattern after-the-fact… and after critical data has been exfiltrated from your environment. A true situational awareness solution requires real-time (or very near real-time) correlation and analysis of all security data, and needs facilities such as pattern/behavior recognition, live monitoring, and alerting — as well as backward-looking forensic analysis.
Do you have near-real-time visibility of your security position? Could you make a decision based on up-to-date security data if your network came under attack?