Latest news
This exchange neatly sums up a key IT security problem. Companies have to rely on staff to observe reasonable security practice, on partners not to pass on malware, and so on. Just like the financial markets, a big part of security is trust. But when that trust is undermined, things fall apart rapidly. And the problem is, it’s very hard to spot the clues that show when trust has been breached, and a security threat is emerging.
Drowning in data
Why is this? Because complex networks and security deployments throw out Gigabytes of log data every day. Although they’re vital, security systems such as IPS, IDS, firewalls and anti-virus also create problems by generating false positive alerts, often hiding emerging threats from the IT team.
A recent IBM survey of 700 European IT managers highlighted the scale of the issue. Over 45% received more than 4,000 security events per second. This volume of data swamps IT teams, and makes it almost impossible to prioritise potential threats.
Perhaps the most critical issue is delayed action. These events take time to sort through – time that can be exploited by REAL security threats. And before you know it, you could have business partners, customers or shareholders asking: "Why didn’t you notice what was happening?"
Filtering false positives
So what causes false positives? The biggest cause is insufficient alert context. Firewalls and intrusion systems don’t understand the business importance and vulnerabilities of all systems within the organization. For example, an attempted malware infection of a web server may be reported as a high-priority event by the firewall, even if systems have already been patched against it. This is the ultimate aim of security management: understanding and prioritizing reported activities in context. So if a threat arises, it generates an alert. The IT team doesn’t need to know if the threat presents no risk. This gives the IT team the ability to filter the noise, and focus on real threats.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
