This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
This white paper covers why incident readiness and response often falls short in ten areas that span people, processes and technology. By tackling these shortcomings, organizations can reduce risk by with early warnings of potential problems.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
This white paper covers why incident readiness and response often falls short in ten areas that span people, processes and technology. By tackling these shortcomings, organizations can reduce risk by with early warnings of potential problems.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.
Complete network security protection for sme's within limited resourcesIJNSA Journal
The purpose of this paper is to present a comprehensive budget conscious security plan for smaller
enterprises that lacksecurity guidelines.The authors believethis paper will assist users to write an
individualized security plan. In addition to providing the top ten free or affordable tools get some sort of
semblance of security implemented, the paper also provides best practices on the topics of Authentication,
Authorization, Auditing, Firewall, Intrusion Detection & Monitoring, and Prevention. The methods
employed have been implemented at Company XYZ referenced throughout.
Accelerite Sentient helps IT administrators to find and fix critical security, compliance and configuration issues in the endpoint network within seconds. It gets real-time information across enterprise endpoints thus, classifies and presents the endpoint information obtained in visual and graphical format .
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
Wisegate recently conducted a research initiative to assess the current state of security risks and controls in business today. It was instantly clear that the job has changed: With BYOD and cloud adoption causing CISOs to hand off infrastructure control, the name of the game is now using IPC tools to defend the data. Learn about CISOs’ current focus on data leak prevention and encryption in this Wisegate Drill-Down report.
Nowadays Organisations rely on data heavily to increase the efficiency and effectiveness of their business activities. It is necessary for organisations to secure their database from external attack in other to ensure confidentiality, integrity and availability. Different approaches to protect sensitive database are needed in an enterprise environment and can be combined together to strengthen an organization's security posture, while minimizing the cost and effort of data protection. Some of which are explained below. 1
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
Organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats against your critical functions supported by computer equipment such as servers, desktops, switches, routers, firewalls, etc.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
Log Analysis Across System Boundaries for Security, Compliance, and OperationsAnton Chuvakin
This article covers the importance of utilizing a cross-platform log management approach rather than a siloed approach to aggregating and reviewing logs for easier security and compliance initiatives.
This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.
Complete network security protection for sme's within limited resourcesIJNSA Journal
The purpose of this paper is to present a comprehensive budget conscious security plan for smaller
enterprises that lacksecurity guidelines.The authors believethis paper will assist users to write an
individualized security plan. In addition to providing the top ten free or affordable tools get some sort of
semblance of security implemented, the paper also provides best practices on the topics of Authentication,
Authorization, Auditing, Firewall, Intrusion Detection & Monitoring, and Prevention. The methods
employed have been implemented at Company XYZ referenced throughout.
Accelerite Sentient helps IT administrators to find and fix critical security, compliance and configuration issues in the endpoint network within seconds. It gets real-time information across enterprise endpoints thus, classifies and presents the endpoint information obtained in visual and graphical format .
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
Wisegate recently conducted a research initiative to assess the current state of security risks and controls in business today. It was instantly clear that the job has changed: With BYOD and cloud adoption causing CISOs to hand off infrastructure control, the name of the game is now using IPC tools to defend the data. Learn about CISOs’ current focus on data leak prevention and encryption in this Wisegate Drill-Down report.
Nowadays Organisations rely on data heavily to increase the efficiency and effectiveness of their business activities. It is necessary for organisations to secure their database from external attack in other to ensure confidentiality, integrity and availability. Different approaches to protect sensitive database are needed in an enterprise environment and can be combined together to strengthen an organization's security posture, while minimizing the cost and effort of data protection. Some of which are explained below. 1
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
Organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats against your critical functions supported by computer equipment such as servers, desktops, switches, routers, firewalls, etc.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
Log Analysis Across System Boundaries for Security, Compliance, and OperationsAnton Chuvakin
This article covers the importance of utilizing a cross-platform log management approach rather than a siloed approach to aggregating and reviewing logs for easier security and compliance initiatives.
Real-time fallacy: how real-time your security really is?Anton Chuvakin
While the claims that "modern business works in real-time and so the security should too" are often heard from various vendors, it appears that few organizations are able to achieve that at the moment. This paper will look at the real-time requirements of the whole organization's security posture.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
The purpose of this paper is to present a comprehensive budget conscious security plan for smaller enterprises that lacksecurity guidelines.The authors believethis paper will assist users to write an individualized security plan. In addition to providing the top ten free or affordable tools get some sort of semblance of security implemented, the paper also provides best practices on the topics of Authentication, Authorization, Auditing, Firewall, Intrusion Detection & Monitoring, and Prevention. The methods employed have been implemented at Company XYZ referenced throughout.
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
You should consider cyber security. Issues that should be addressed before an issue arises in order to prevent it. Protecting digital data and preventing its loss or theft is one of the responsibilities that cybersecurity consulting companies are responsible for. Without anybody knowing, a hacker can connect to any of the company's devices and get data.
The specialist, however, recognises such assaults and takes preemptive action. Without the assistance of cybersecurity experts, you cannot be certain that sensitive information and internal systems are consistently safeguarded against unintentional errors and outside invasions. Therefore, businesses should invest in cybersecurity organisations for their IT security needs.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
The Fundamentals and Significance of Security Orchestration Toolssecuraa
Did you know, security orchestration and analytics are essential parts of creating a cyber security program? Security orchestration tools allow companies to protect their data and information from cyber threats.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Because the biggest impact of cyber breach is data loss, data protection should be architected into the DNA of your cyber security solution. This means focusing security efforts around data from the very beginning, from initial risk assessment, to control design, to implementation and auditing.
Most cyber security solutions protect infrastructure, assuming that data stored within containers will be protected. This white paper explains why this assumption is no longer valid and outlines an approach to designing a cyber security solution directly around data.
Compliance Officers, Risk Managers, Security Professionals, and IT Leaders will understand
the goals and steps of data-centric solution design, as well as its potential benefits.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
When stars align: studies in data quality, knowledge graphs, and machine lear...
Take back your security infrastructure
1. "Take back your security infrastructure"
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
WRITTEN: 2004
DISCLAIMER:
Security is a rapidly changing field of human endeavor. Threats we face literally change
every day; moreover, many security professionals consider the rate of change to be
accelerating. On top of that, to be able to stay in touch with such ever-changing reality,
one has to evolve with the space as well. Thus, even though I hope that this document will
be useful for to my readers, please keep in mind that is was possibly written years ago.
Also, keep in mind that some of the URL might have gone 404, please Google around.
This paper discusses the question of optimizing security decisions in an organization, based on the
information provided by the technical security infrastructure.
Imagine you work for one of those companies where information security is taken seriously, senior
management support is for granted, the appropriate IT defenses are deployed and users are educated on
the security policy (a security utopia, no less). Firewalls are humming along, intrusion detection systems are
installed and incident response team is trained and ready for action. This goes a long way towards creating
a more secure enterprise computing environment.
In this context, lets look at it from the prevention-detection-response model. Prevention is mostly likely
handled by the combination of organization’s firewalls, intrusion prevention devices, vulnerability scanning
as well as hardened hosts and applications. Apparently, intrusion detection systems seek to provide
detection, while a team of experts armed with forensic and other investigative tools provides response.
Admittedly, the above picture is a grand simplification, but the separation between prevention, detection and
response is still artificial to a large degree. Firewalls greatly help in detection by providing logs of allowed
and denied connections, IDS can be configured to respond to incidents automatically and security
professionals are at the core of all three components.
The above complex interplay between prevention detection and response is further complicated by the
continuous decision making process: 'what to respond to?', 'how to prevent catastrophic loss?', ‘do I care
about this thing I just detected’, etc. Such decisions are based on the information provided by the security
infrastructure components. Paradoxically, the more technical security defenses one deploys, the more
firewalls are blocking messages, the more detection systems are sending alerts, the harder it is to make the
right decisions about how to react. Volume and obscurity of the information emanated by the security
infrastructure contribute to such difficulties. And at some moment, the question of trying to predict what fire
will flare next (or, “being proactive” in marketspeak) will come up.
What are the common options for optimizing the security decisions made by the company security decision-
makers? The security information flow needs to be converted into a decision. The attempts to create a fully
automated solution for making such a decision, some even based on artificial intelligence, have not yet
reached a commercially viable stage. The problem is thus to create a system to reduce the information
deluge sufficiently and then to provide some guidance to the system's human operators in order to make the
right security decision. Notice, that does not preclude a certain degree of automation.
In addition to facilitating decision-making in case of a security event (defined as a single communication
instance from a security device) or an incident (defined as a confirmed attempted intrusion or other attack or
discovered abuse), reducing the information flow is required for implementing security benchmarks and
metrics. Assessing the effectiveness of deployed security controls is an extremely valuable part of an
organization security program. Such an assessment can be used to calculate a security Return On
Investment (ROI or ROSI) and to enable other methods for marrying security and business needs.
2. The commonly utilized scenarios that occur can be loosely categorized as such:
• install-and-forget, don’t look at the information, avoid decisions (unfortunately, all too common),
• manual data reduction or, reliance on a particular person to extract and analyze the meaningful audit
records
• in-house automation tools such as scripts and utilities aimed at processing the information flow
Let us briefly look at advantages and disadvantages of the above methods.
Is there a chance that that the first approach - deploying and leaving the security infrastructure unsupervised
- has a business justification? Indeed, some people do drive their cars without mandatory car insurance, but
companies are unlikely to be moved by the same reasons that motivate the reckless drivers. Most of the CSI
members have probably heard that 'Having a firewall does not provide 100% security' many times. In fact, 0-
day (i.e. previously unpublished and unknown to software vendor) exploits and new vulnerabilities are
overall less of a threat, than the company own employees. Technology solutions are rarely effective against
social and human problems, such as malicious insiders or those duped by social engineering attacks.
Advanced firewalls can probably be made to mitigate the threat from new exploits, but not from the firewall
administrators' mistakes and deliberate tampering from the inside of the protected perimeter. In addition,
total lack of feedback on security technology performance will prevent a company from taking a proactive
stance against new threats and adjusting its defenses against the flood of attacks hitting its bastions.
Security metrics will also be largely non-existent under such circumstances.
Does relying on human experts to understand your security information and to provide effective response
guidelines based on the gathered evidence constitutes a viable alternative to doing nothing? Specifically,
two approaches to the problem are common in this scenario. First, a security professional can study the
evidence AFTER the incident. Careful examination of evidence collected by various security devices will
certainly shed the light on the incident and will likely help to figure out what happened as well as draw
lessons from it to prevent the recurrence. However, in case extensive damage is done to the organization, it
is already too late and prevention of future incidents of the same kind will not return the stolen intellectual
property or disappointed business partners. Expert response after-the-fact has a good chance to be “too
little, too late” in the age of fast automated attack tools and worms. The second option is to review the
accumulated audit trail data periodically. A simple calculation is in order. A single border router will produce
hundreds of log messages per second on a busy network, and so will the firewall. Adding host messages
from even several servers will increase the flow to hundreds more per second. Now if one is to scale this to
an average large company network infrastructure, the information flow will increase hundredfold. No human
expert or a team will be able to review, let along analyze, the incoming flood of signals.
But what if a security professional chooses to automate the task by writing a script or a program to alert him
or her on the significant events? Such program may help with data collection (centralized syslog server or a
database) and alerting (email, pager, voice mail). However, a series of important questions arises. Collected
data will greatly help with an incident investigation, but what about the timeliness of the response?
Separating meaningful events from mere chaff is not a trivial task, especially in a large multi-vendor
environment. Moreover, even devices sold by a single vendor might have various event prioritization
schemes and protocols. Thus designing the right data reduction and analysis scheme that optimizes security
decision process might require significant time and capital investment and still not reach the set goals due to
a lack of the specific analysis expertise.
In addition, alerting on raw event data (such as 'if you see a specific IDS signature, send an email') will
quickly turn into the "boy that cried wolf" story with pagers screaming for attention and not getting it. In light
of the above problems with prioritization, simply alerting on "high-priority" events is not an effective solution.
Indeed, IDS systems can be tuned to provide less alerts, but to effectively tune the system one needs
access to the whole feedback provided by the security infrastructure and not just to raw IDS logs. For
example, outside and inside firewall logs are very useful for tuning the IDS deployed in the DMZ.
Overall, it appears that simply investing in more and more security devices does not create more security.
One needs to keep in close touch with the deployed devices, and the only way to do it is by using special-
3. purpose automated tools to analyze all the information they produce, correlate the results and to draw
meaningful conclusions aimed to optimize the effectiveness of the IT defenses. While having internal staff
write code to help accumulate data and map it might be acceptable in immediate term situations in small
environments, the maintenance, scalability and continued justification for such systems likely has a very low
ROI. In fact, it caused the birth of Security Information Management (SIM) products that have, as their
primary focus, the collection and correlation of this data in order to optimize security decision making as well
as act automatically in select circumstances.
ABOUT THE AUTHOR:
This is an updated author bio, added to the paper at the time of reposting in 2009.
Dr. Anton Chuvakin (http://www.chuvakin.org) is a recognized security expert in the field of
log management and PCI DSS compliance. He is an author of books "Security Warrior"
and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security
Management Handbook" and others. Anton has published dozens of papers on log
management, correlation, data analysis, PCI DSS, security management (see list
www.info-secure.org) . His blog http://www.securitywarrior.org is one of the most popular
in the industry.
In addition, Anton teaches classes and presents at many security conferences across the
world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia
and other countries. He works on emerging security standards and serves on the
advisory boards of several security start-ups.
Currently, Anton is developing his security consulting practice, focusing on logging and
PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton
Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously,
Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world
about the importance of logging for security, compliance and operations. Before LogLogic,
Anton was employed by a security vendor in a strategic product management role. Anton
earned his Ph.D. degree from Stony Brook University.