Cyber Security You need sharper Cyber Security against stealth attacks Visibility is even more crucial in the

face of advanced cyber security threats A single command and control view for enterprise security To provide an enterprise-wide perspective of risk and compliance, an effective security solution must provide a single command and control view. It must also identify new threats and new avenues by which they infiltrate organizations. The last couple of years have seen a shift from random attacks on many targets to fewer attacks on quite specific targets. Often these take the form of Advanced Persistent Threats (APT), which use a combination of spear-phishing, custom Trojans and beaconing. Its therefore crucial for effective enterprise cyber security to Be horizontally and vertically scalable; Have the capacity to collect all of the vital data all of the time; Be proactive, not reactive, and allow for real time interpretation of all events; Bridge all security information silos so that blind spots are eliminated; Provide for multi-dimensional and Dynamic Behavioral Analysis; Facilitate external data enrichment, i.e. correlating with external data stores to validate and enrich alerts (Vulnerability assessment, IAM, CMDB etc). One more point is that business users should have access to security information that highlights their risk status and the integrity of their systems and datasets. The productivity improvements from these capabilities alone can pay for the deployment of intelligent and more effective security management systems. There is a prerequisite, however: improved communications between IT security and business unit managers.

Business executives spend a lot of time talking about the importance of security, George V. Hulme writes in CSO magazine, while information security officers spend a lot of time talking about how the business side really doesn't understand security. 1 IT security people feel theyre often brought into discussions about new projects too late, while business managers tend to see IT security staff as sticks-in-the-mud who oppose all new initiatives and projects. These are different kinds of silos, and they too need to be bridged. Proof of concept The final point I want to make is that your security investment must suit your specific purpose, so you shouldnt hesitate to ask the shortlisted vendor for a trial using your live data and security infrastructure. This will take extra time, but bear in mind that itll most likely take a year or so before your SIEM begins delivering what you bought it for, so a trial like this is more than worthwhile to ensure that the vendor can deliver on his promises. Be prepared to probe deeply into the trial results though, to ensure that the system addresses your specific needs. Even simple security appliances can impress with the amount of silo-based data they produce but, while they readily generate simple, standard reports, these cant be integrated with other silo-based information. In reality, they will add little to your security effectiveness. Summary It pays to make sure that you invest in an integrated SIEM solution that provides the essential tools and intelligence to provide the right level of cyber security for your organisation. Try before you buy is also a smart move.

IT security systems the big impossible? Cutting funds can cancel out IT compliance

The cost of IT compliance is a lot lower than non-compliance by the time you add up data loss, fines and loss of reputation. The importance of IT compliance and the cost of non-compliance The cost of IT security vs the cost of data breaches and non-compliance The Cost of IT security The value of strong IT security lies in preventing events that can damage your brand or your organisation. Compared to other IT investments, IT security spending is pretty modest. Analyst firm Computer Economics estimates that most organizations spend less than 2% of their IT budgets on security, but adds that it can be as high as 5% in organisations where system availability, data integrity, and confidentiality are crucial. Given those limited funds, possibly more limited since the GFC, you want to make sure you spend them wisely. You want the best performance for your security dollar, along with the lowest implementation and maintenance costs (since you most likely have limited people resources as well). You want to make sure the big exposures are covered, and you want to avoid wasting any of your limited funds. Lets look at an example: Security event log collection and management is essential for compliance with regulations such as Sarbanes-Oxley, GPG13, ISO 27000 and PCI DSS. Business traffic and data volumes are ballooning, however, and weve talked to many organizations whose log management systems cant handle the increasing load. (Many SIEM platforms struggle to handle 10,000-15,000 events per second). What looked like an economical solution has turned out to be a waste of money because Logs will be incomplete, which will be discovered during audits Incomplete logs make accurate forensic replays impossible The SIEM system that relies on complete log collection is compromised also or even rendered unusable, not unlike a denial of service (DOS) [scenario].

As with other IT investments, you need systems that can grow with you and scale up easily to meet increased demand. The cost of data breaches and non-compliance The value of critical company IP or sensitive client data is easier to estimate than the value of collecting complete event logs. When Ford product engineer Xiang Dong "Mike" Yu was accused of stealing automotive design specs for the Beijing Automotive Company, experts said they were worth some $50 million. The cost are even more obvious, and often more public, where fines are involved. In 2010, the UKs Financial Services Authority fined Zurich Insurance (UK) 2,750,000 for failing to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data. The compliance breach involved the data of some 46,000 policyholders. For companies generating large amounts of revenue online, data breaches can stop revenue flows dead in their tracks as was the case with Sonys Playstation Network. That part of the Sony saga cost the company $170 million just in lost revenue. Disruption to business can extend over many months, of course, as lawsuits have to be settled with customers, with banks, with credit card issuers, and sometimes with state attorneys. Back in 2007, Massachusetts-based retailer TJX lost some 45 million credit card numbers to hackers over a period of time. The total cost to TJX was estimated at $4.5 billion, based on a cost of $100 per record breached. These days, the average cost of a data breach is more than $200 per record, according to the Ponemon Institute, and the average cost of significant data breaches reported in Australia now exceeds $2 million. Summary You can buy a lot of IT security for a lot less than the cost of data loss, penalties and lack of IT compliance. Ponemon Institute that IT compliance cost some $3.5 million per annum while non-compliance cost others $9.4 million.