The focus is shifting and expanding, with respect to cyberthreat awareness and analysis. The more threat data you have to funnel into today’s filtering technologies, the better, because that provides more meaningful correlations of events that can help to find the needles in the massive threat event haystack. But event correlation is only a subset of what has to happen to improve our odds in dealing with threats, especially advanced persistent threats (APTs). Correlation, also referred to as data distilling, puts pieces together -- x alert plus y alert in z order plus # occurrences, etc. With well-defined data fields and rules it is very effective, but it has to know exactly what to look for.
The expanded view needs to be broader and situational. It needs to incorporate conceptual awareness. It’s not a great example, but here goes... When arriving home from work recently (very late, of course), through the window I could see smoke in the kitchen. Instead of panic and a 911 call, I smiled. My brain instantaneously put all the data points together -- smoke, company coming over that night, bag of apples on the table that morning, plus prior history. My wife’s famous apple pie had bubbled over in the oven (again). When put into context, I knew it was a very good thing.
Areas of contextual awareness related to cyberthreats could include intelligence on:
Who might target you and their plans
What’s normal and not in your environment
Your implementation of new systems, Websites, domains, applications
Other breaches in your industry, community
Big-data technologies are going to play a huge role in going beyond (but not totally replacing) the human involvement that is the contextual factor. Linkages will be made by data mining and applying advanced analytics to the mountains of unstructured data. To beat the attackers, you need to think like one and find their anomalous patterns. If you think only like a victim, expect to be in clean-up mode (like my wife with her apple pie).
@LuFu, the problem is that those types of events are near infinite, whereas corporate resources are finite. So a risk manager cannot prepare for every event that's never befallen her company without getting fired first.
The best way to prepare for a break-in, security breach, earthquakes, or apple pie fiascos is to plan for what has never happended before. My house has never burned down before but I've seen a neighbor's catch fire. I have smoke and carbon monoxide alarms in the house, the fire department's number, an emergency escape plan, and important papers stored in a safety deposit box. I think I'm ready but I'm working on a contingency plan in case a meteor hits my house.
Effective enterprise security requires the ability to monitor and compare anomalous behavior over time, connecting the dots among multiple events. Given the sophistication and volume of the attacks seen today, this is no small task. Indeed, it may be bigger than most organizations can handle. Threat intelligence tools and services can help organizations collect and make sense of the disparate data that can shine a light on events leading up to an attac
Making inferences and being able to piece together those key clues will prove better in the long run than just jumping the gun. More companies need to adopt this theory and not have such a knee jerk reaction to situations.
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Please join us for the "IT Convergence Strategies: Why, When and How " to learn more about:
• 5 truths about infrastructure convergence today that go beyond the hype
• How to exploit the 4 phases of convergence maximum efficiency and agility
• Key milestones to plan for on the convergence journey
• Why integrated management is a critical component of convergence plans
• The importance of an open, modular approach, such as Dell’s active infrastructure, to building a converged data center
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: firstname.lastname@example.org
Dell's Efficiency Modeling Tool The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
VMware has a new solution to the MDM problem, two virtual phones inside a real phone, at least for Android phones. Currently limited to two models, the idea could expand and provide a way of letting companies harmonize their need to manage corporate use of phones while preserving BYOD.
There's a lot of hype about virtualization of networks, NaaS, and SDN, but there's a couple of proven applications that enterprises could adopt right now and potentially save money and improve operations.
Skype/Outlook UC integration means we're going to have competition and fragmentation of UC client architectures, but is that bad? Modern devices can support IM, email, voice, and video clients, so maybe it's the back end of UC we need to be worried about.
Workers are now used to portable device support throughout their everyday lives. We should be looking at the policy of providing fixed-desk devices to support stationary workers. Could portable support be smarter?
Input devices run the gamut, from the humble Missile Command-style trackball to advanced speech recognition. Unfortunately, these input devices can be used for evil as well as good. Case in point: mobile ads that want you to talk to them.
Enterprises want three things in storage systems: First is some speech-recognition way of capturing videoconference data for indexing; second is semantic/AI analysis of emails and IM for content indexing; third is a better system for managing hierarchical layers of storage.