By: Bob Tarzey, Service Director, Quocirca
Published: 20th August 2012
Copyright Quocirca © 2012
During a speech in June 2012, Jonathan Evans, the chief of the UK’s home security agency MI5, stated that it was “fighting 'astonishing' levels of cyber-attacks”. The worry is not just about the number, but the sophistication and the degree of targeting of individual people and organisations. This is making it harder and harder to detect and stop such attacks with conventional cyber security defences.
As a consequence, many are evaluating advanced tools that supplement point security products such as anti-virus, firewalls and intrusion prevention systems (IPS). This includes deploying what some are calling advanced security intelligence (ASI). ASI is the ability to look at a wide range of information sources in real time and spot that something anomalous is going on; this could be an attack or dangerous or undesirable user behaviour, another risk that needs to be mitigated.
ASI builds on existing technology such as log management and SIEM (security information and event management) tools. The vendors involved, which include LogRhythm, IBM (via its Q1 Labs acquisition) and McAfee (via its Nitro Security acquisition), are souping their products up, in particular their SIEM tools, to provide ASI capabilities. Some are using the term NG-SIEM (next generation SIEM).
Here are some examples of where ASI may succeed where point security products have failed:
ASI tools can make use of many sources of IT intelligence data in real time. They also have central policy engines which allow customers to write their own rules as well as including a wide range of out-of-the-box rules (e.g. flagging suspicious activity, such as multiple machines simultaneously attempting connections to unauthorised IP addresses outside of a given network).
For businesses, there is no end to the struggle to get the upper hand over cyber-criminals. For governments, the situation is arguably even worse, as cyber-space becomes the 5th theatre for warfare (after land, sea, air and space) and terrorists see cyber-space as a way to go after critical infrastructure. All have to keep upping the ante, to avoid falling too far behind, or perhaps even get ahead, turning cyber security into an offensive rather than defensive act.
Quocirca’s report Advanced Cyber Security Intelligence is freely available here.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: electronicdawn Ltd.