LogBlog

« December 2009 | Main | February 2010 »

Free Beer!

By Lex van den Berghe
LogLogic Customer Evangelist

Oldest trick in the book. Put up a sign that says “Free Beer” and it’s guaranteed you’ll catch the attention of the masses. Well, we’re giving something away that’s even better than free beer…how about free money? One thousand dollars to be precise.

Every LogLogic customer has a great story to tell and we want to hear yours…and your story could win you a cool grand!

Send us your detailed story about how LogLogic helped you overcome a difficult challenge in your IT environment, identify a serious breach, achieve critical regulatory compliance, or save your organization time and money. You all rely on LogLogic every day to keep your companies secure and compliant, and we want to hear about your real-world experiences in the trenches and on the front-lines of your IT environments.

Whether you’re benefiting from our log management, security event management, compliance management, or database security management solutions, we want to pay you a thousand bucks for your story. Check out some of our existing customer success stories to help get your creative juices flowing.

Send us your LogLogic stories no later than March 15th. A panel of LogLogic judges will read your submissions and select the two best stories, who will each win one thousand dollars!

You can find details about our “Tell Us Your Story” contest by visiting http://www.loglogic.com/tellusyourstory/

Do yourself a favor and send me your story. A thousand bucks will buy you a lot of beer, and everyone knows that nothing tastes better than free beer.

Oh, and while I’ve still got your attention, I’m stoked to announce that LogLogic made the finalists list in the Network Computing Awards for 2010, so do us a favor and visit the on-line awards page to cast your vote for LogLogic in the Testing & Monitoring Product of the Year category.

Posted January 28, 2010 in | Permalink | Comments (0)

« December 2009 | Main | February 2010 »

Case Study: "SOX too ambiguous" Complains Large Equity Firm

By Lex van den Berghe
LogLogic Customer Evangelist

 

LogLogic’s customers and their stories are the lifeblood of my job, and I never tire of their real-world tales from ‘the trenches.’

Case in point: I recently sat down with a LogLogic customer, one of the largest equity firms in the world, to discuss Sarbanes-Oxley (SOX) and database security. As you can well imagine, companies in financial services are deliciously tempting targets for hackers, so federal regulations like SOX aim to create guidelines that will keep databases secure.

This customer told me that current regulations like SOX are ambiguous and difficult to understand, and that you could ask ten different experts a question about SOX and actually receive ten different answers. “The intent is good, but the execution is poor,” they said. In particular, small businesses that lack resources will find it very difficult to achieve compliance. Adding to the challenge is the fact that regulations like SOX are a moving target: you might pass an audit today, but next year, with a different auditor, you might fail. Different auditors have different standards and different interpretations of the ambiguous regulations.

Of course, SOX is not all bad. Our customer noted that one of SOX’s up-sides is the requirement that breached companies must notify the people affected. This helps to educate the public and keep companies honest. In addition, the risk of public embarrassment compels companies to spend more money on security than they otherwise would. This increased focus on security helps to prevent data breaches from occurring.

This global equity firm maintains four separate data centers with operations in 20 different countries, and they use LogLogic’s log management and security event management products. SOX compliance was the primary driver that prompted them to approach us. When they were evaluating solutions, one of their top priorities was the ability to create detailed reports. They told us, “Most solutions we looked at seemed to have just slapped on reporting as an afterthought. LogLogic’s in-depth, customizable reports have given us unprecedented insight into changes in our infrastructure and help us to demonstrate compliance.” This unsolicited assessment of our reporting capabilities is something I hear echoed by nearly every customer I have the pleasure of chatting with.

We place great value on the feedback we receive from our customers, especially when it helps us improve our solutions or provides us with tips and insights that we can share with our customer base worldwide. I’m currently in the process of talking with a number of our financial services clients about industry challenges and best practices. Check back for more customer mini case studies and stay tuned for a report of our findings…

Got a cool LogLogic story? Send it to me at Lex.vandenberghe@loglogic.com

Posted January 20, 2010 in Case Study | Permalink | Comments (0)

« December 2009 | Main | February 2010 »

Should we be giving up on traditional Security?

By Sudha Iyer

Its war! The Iranians attacked the Chinese. The Chinese attacked Iran… and Google… and Adobe (and 30 others). The governments of France and Germany warned their citizens against using Internet Explorer in response.

Is our security so poor that we’re just throwing good money after bad? Should we just adopt the Facebook model and assume that everything we do is now public knowledge?

It’s all too easy for IT staff to get lost in the noise about secure configurations, patch Tuesdays and checklists, and to rarely give the time to building a “defense in depth”.

Key to providing a more complete security solution are Intelligence, Vigilance and Surveillance. Together, they build a framework that defines normal and abnormal behavior. For example, if a company usually sees 1000 transactions a day by monitoring activity, when the system peaks at 3000 transactions, we can detect an anomaly. And by applying intelligence, such as knowing it’s the last week of the quarter, we can understand that 3000 is a non-threatening happenstance.

Monitoring application activity for changes in behavioral patterns and proactively acting upon them is vital to providing depth of security. Lets remember here, that whilst the headlines are all fun and games, you’re defending against top-of-line criminals: not people who want to delete your hard drive or put cute messages on your website, but people who want to steal all your data for profit. As both NASA and the US Army were reminded recently, information is stored in databases, and databases have huge exploitable holes. Deploying LogLogic Database Security Manager (DSM) provides the kind of zero-day control required to respond to data leakage attacks. DSM is a Data Leak Prevention service that protects structured data in your databases, and provides the necessary compensating controls to reduce your risk of exposure.

Relying on security patches or rotating firewall ports is not a comprehensive security solution. DSM is a must-have tool in your risk management strategy, ensuring that the crown jewels of your enterprise are not sneaking out, undetected, over the wire.

Posted January 19, 2010 in Risk Management | Permalink | Comments (0)

« December 2009 | Main | February 2010 »

Forrester's 2010 security predictions

By Andy Morris

Firstly, congratulations to Mike Rothman on joining Securosis.

Now, on to my Verizon post. Mike correctly pointed out that I drank too much over Christmas, and that what I said about being safe was fluffy and careless. In my defense, I was having post-Christmas fun, not submitting a whitepaper, or advising anyone on strategy. I’d just spent 400 words telling people to be vigilant, and not believe Verizon’s roses-round-the-door view of 2010. Plugging my products seemed like too good an opportunity to pass.

And in Verizon’s defense, I doubt the author really meant to sound cavalier either. After all, Top 10s are just a way of letting off steam after a long year.

Over at Forrester, the big brains have put out a much more reasonable, more nuanced piece.
I like the Forrester document; it’s in tune with what I’m seeing happening here in Silicon Valley.

So, without further ado, here’s my take on their predictions:
A) Data security budgets will flat-line
I expect this to be true, after all, we’re in a tight spot money-wise at the moment, but some context is required. Firstly, I think that whilst spending on security will flat-line, spending on IT will fall. Meaning that security as a whole will now get a bigger slice of the pie, and therefore, will have greater visibility at the Board and “C-level” within companies. I don’t know of any B-2-B companies that are officially cutting list prices at the moment, but they all seem to be discounting heavily to secure purchase orders. So, now security has a greater share of the pie, buying even more vendor goods, which actually helps everybody. Greater buying power equals cheaper products, means more deployments, which in turn, means greater security. Win/Win. Hurrah for the recession!

B) Enterprises will strike better deals on DLP
This is really a very specific version of what I just said. DLP dealers like Websense, McAfee & Symantec sold roughly nothing last year. The DLP market exploded in to life when some very early adopters paid Vontu a boat-load of cash for early access products. 4 Years have passed since then, and nobody has really bought anything of note. Deep discounting during a recession is business as usual. If you want a DLP prediction, here’s one. Companies will stop pretending they can deploy content filters to prevent breaches, and instead, will focus on education and after-the-fact forensics. Or as we like to think of it over here, Log Management.

C) Cloud data concerns will begin to dissipate
Correctly, in my opinion, Forrester defines “the cloud” as being made up of totally different types of services, each with their own audience, scope, problems, and security concerns. These sub-clouds are: interactive apps (Facebook); hosted apps (Exchange); application APIs (Google Maps); application components (SimpleDB); infrastructure (Amazon); and physical space (GoDaddy). So the headline “concerns dissipate” is a little misleading. As Dimitri said, no one is going to trust the likes of Facebook or Flickr to improve to the satisfaction of a CISO, and everyone already trusts the physical security vendors with their array of cameras, motion sensors and armed guards. What is really top of mind then, are the hosted apps, and the infrastructure bits-and-pieces that can be assembled in to enterprise applications. Forrester is right; we will gradually learn to trust these boys. The key word here is “gradually”. Here at LogLogic we already outsource our email and web service - and we’re very comfortable. We use SalesForce, and again, are happy that our customers are not being mixed in a big pot with our competitors’. But are we going to roll our finance, logistics and engineering secrets out to the cloud? Not yet. If ever. Clever word that “gradually”. It allows Forrester to be both right, and wrong.

D) Full disk encryption will continue its slow and steady march
Full disk encryption is on the rise! Hmmm. A bit like the sea levels. Yes they’re going up, but it’s imperceptible to the human eye - for now. Encryption clearly is a superb idea. But until its 100% transparent to the frustrated sales guy with his laptop, hundreds of miles from tech-support, its not going to be mainstream.

E) Creative vendor couplings will renew interest in ERM
Simply put, no. Well, yes. Creative vendors will seek ERM partnerships, but the examples given by Forrester are all about DLP. So, my question to you is, does tying two technologies, which don't quite fulfill their promise, together, make them attractive? Of course not. ERP will still be hard to deploy. DLP will still over promise, and under deliver. The future of data control is at a fork. We either go the 1984 route, and try to control everything, or we use education, forensics, and public discipline. Big Brother appeals to Silicon Valley because we think we can build it. But as we found out at Christmas, no security is 100% effective, there are no silver bullets, but vigilance and education can go a long way to solving the problem.

So, how do you best educate? My mom always says, (and she’s a teacher), teach by example. To help improve risk management what we need are tools that can analyze what’s gone wrong, and can demonstrate breaches to the masses. We have acronyms for that: SEM & SEIM. Here’s what Gartner, and others, think you need to know.

If you read the Forrester report, 90% of which I agree with, you’ll come to this conclusion: if you’re in business, spend security money wisely, educate your staff, deploy defenses where they’re proven, and be ready to swiftly, comprehensively and immutably document breaches. And stay vigilant. The bad guys are slippery like a worm.
Of course I’m biased, but that’s what we do here at LogLogic. We let you get on with running your businesses, making all that money, giving all those people a safe place to work, and should anything go wrong, we help you remediate.

Happy (safe, compliant, responsible) New Year.

Andy Morris, Product Marketing Director, LogLogic

Posted January 11, 2010 in Top10 | Permalink | Comments (0)

« December 2009 | Main | February 2010 »

Security Breaches: The Victim Will Get Blamed, and Worse

By Barbara Rogan, LogLogic General Counsel

Blame the victim.  This was a common defense in sexual assault cases I helped prosecute when I worked as prosecutor.  Unfortunately this mentality applies not just to rape cases, but also to companies where critical data has been breached – even when the criminals are the ones stealing the data.

One of the biggest data breaches in recorded history hit Heartland Payment.  This is a bona fide case of the bad guys attacking networks and compromising critical data.  In Heartland Payment’s case, the data breach wasn’t found for many months and Heartland Payments has no idea of how many credit card numbers were jeopardized.  Potentially millions of credit card numbers, but no one knows for sure (or at least they are not saying so publicly).  To deal with the publicity and legal fall out, Heartland established a website (www.2008breach.com) to deal with the breach.  The bad guys were caught pretty quickly after the breach was discovered (see: http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=214303553)  and they have already pleaded guilty (see: http://news.cnet.com/8301-27080_3-10423008-245.html).  

But the fact that the bad guys were brought to justice did not exonerate Heartland .  Just this last month, Heartland Payments paid a settlement to American Express of $3.5 million for damages associated with the breach.  Amex apparently was the smaller of the three settlements Heartland will have to pay as they still have not settled with Visa or MasterCard yet.

Okay, so Heartland is a big company, but smaller businesses have been hit with law suits for failing to protect data.  RockYou, a Facebook app, was recently sued in San Francisco in a class action lawsuit (see: http://news.cnet.com/8301-1009_3-10423042-83.html).  Again it was certified bad guys stealing the data.  But because RockYou didn’t take reasonable security precautions to protect that data, they are now facing a very expensive suit and all the negative publicly that that entails.  I am sure that RockYou didn’t want to get profiled by CNET for this reason.

Beyond the civil suits, there is the potential of criminal action.  Just ask HealthNet and Wentworth-Douglass Hospital.  Both companies have suffered data breaches that have resulted in investigations of  by their state’s attorney general office (See here and here). 

The bottom line is that no company should expect sympathy if data in their care gets breached.  Consumers, plaintiffs, and regulatory agencies are just as likely to blame your company as they are the bad guys.   You’re the victim of the data theft, but unless your company has taken all the available precautions it can, you’ll also be viewed as one of the “bad guys”

Shameless plug section: So how does this relate to LogLogic? One way  to make sure you have taken all proper precautions is have complete visibility into the events in your system. It all starts with Log Management, and for visibility and control over your security environment, our Security Event Management. Check them out for more information.

Posted January 07, 2010 in Legal Nerd , Log Management & Intelligence , Security | Permalink | Comments (0)

« December 2009 | Main | February 2010 »

Verizon Thinks You'll Evolve

By Andy Morris, Log Fan

I read Dimitri's take on the Verizon Top 10 Security Predictions for 2010 and thought I'd take a swing at it myself.

Verizon’s security predictions for 2010 are interesting partly because of their insightfulness, and partly due to their lack of insight. You can read their full list of predictions at here, but if you’ll allow me, let me play scrooge.

1) Services will protect themselves.
No they won’t. What most services will do, is appear to protect themselves. They’ll respond to a few highly publicized events with new user interface options that people won’t use properly, and will give the fake appearance of positive change.

2) Malware will not evolve.
This seems about right. Why go to all that fuss and expense of evolving, when most networks still aren’t protected against threats that were discovered ages ago? Mass outbreaks, of course, are for show-off-bored-kids; these days the real money is “on the fringes”. You know, like the Russian Mafia exploiting high street banks for millions. So, no real concern there then. Except that we’re in a recession, and it’s our money they’re stealing.

3) Consumers are getting smarter.
This is possibly the most dangerous of all the predictions. I don’t know if it will be true or false, but as security experts we have to assume it’s false, and build a world that protects the naive, the innocent, the gullible, and that chap that runs with scissors.

4) Windows 7 will be more robust than expected.
Well that’s a low bar - remember Windows 7 was launched on Oct 22, and exploits started turning up as far back as April, but Verizon is right to turn the focus on ISV’s. After all, hackers are after money, and that’s buried in data, and that’s handled by ISV software.

5) Serious finger pointing will occur – criminals think twice.
Yes and no. Finger pointing will occur, but criminals will just shrug. Maybe this is a good time to have a debate about Capital Punishment deterring murderers?

6) Breaches will increase.
Yes they will. The lust for money is powerful motivator.

7.) Nothing happens to non-PCs 8.) CaaS works 9.) Virtualization is not attacked 10.) China will be blamed for everything.
Lets hope so :: I don’t care :: More hoping :: Seems fair.

What does LogLogic predict for 2010? Regardless of whether, all, some, or none, of Verizon’s predictions come true, networks will still be left vulnerable, applications will be un-patched, user error will causes breaches in protocol, and criminals will successfully knock down walls.

But not on a LogLogic protected infrastructure.

We can prevent, capture and prove compliance for whatever 2010 throws at your systems.
LogLogic customers are predicting a stress free, safe 2010.
(No lead paint was used in the making of this post – no thanks to China. Or Nigeria. Or Eastern Europe.)

Posted January 06, 2010 in Security , Top10 | Permalink | Comments (0)

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

June 2010
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch