Everything you ever wanted to know about Situational Awareness… [but were afraid to ask!]
Most security professionals will, by now, be aware of the term Situational Awareness – but how many understand what it actually is? How many understand how to deliver it within their organization? Situational Awareness has become one of the big buzzwords of the security industry in the last 12 months and, as the company that coined the term within our industry AND the first to offer a working platform, we thought it was time to clarify much of the confusion that exists around the term.
“Proactive Threat Discovery and Risk Mitigation Demands Situational Awareness,” is an eIQnetworks webinar, featuring Gartner analyst John Pescatore, which aims to answer many of the questions we’ve been asked by security professionals in recent months. The webinar also explains how situational awareness delivers key competencies that cannot be achieved using existing SIEM and SIEM Plus tools and how it provides security analysts with the ability to effectively protect large distributed networks effectively and efficiently in a way they cannot do with traditional point tools.
You can view the video here
If you have a question that is not included in our webinar then please let us know and we’ll be happy to answer it for you.
Cybersecurity: what’s the point?
Last week the FBI claimed that cybersecurity posed an “existential” threat to American corporations, “meaning it could eliminate whole companies”. Despite this, it said, many consumers and commercial organizations are “still not taking the threat serious, claiming, “either they don’t recognize it, they don’t understand it or they don’t care”. I wonder what Sartre or Camus would have to say on the matter?
I’m have no doubt they would have Read more…
Less Turtle, More Awareness
Catching up on some reading this week, I came across this piece in Security Week, written by Chris Poulin, Chief Security Officer at Q1 Labs, talking about how a childhood experience can help the modern information security professional. Chris makes some good points, such as the need for continuous monitoring, and using all available tools to capture multiple data points in order to enable you to pinpoint the vector of advanced persistent threats (and slow moving box turtles).
This is certainly all good advice – although we contend that the average cyber or insider attack moves slightly quicker than the average box turtle. There are, however, some major problems with Chris’ piece. Read more…
Situational Awareness: It’s not a Technology; it’s a Way of Life
Recently, CSO Magazine published a story on the efforts to secure the new Freedom Tower and other buildings that are being built at the site of the new World Trade Center in New York. Throughout the article, Louis Barani – the former U.S. Naval Officer who is developing the security technologies for the new facility – frequently uses the term “situational awareness” to describe his team’s efforts to ensure the security of the Freedom Tower and other buildings.
What’s most interesting is how Mr. Barani talks about situational awareness not as a product, but as a capability. While much of his interest is in physical security — as opposed to information security, which is where eIQnetworks and SecureVue reside — he identifies all the different types of security-related information that are required to achieve situational awareness: physical access control and logs; CCTV feeds and data; HVAC systems; elevator controls; and many, many more. His team will be using a platform designed to bring together the physical security data from all these different sources into a single platform that facilitates situational awareness.
So what’s the point? First, that situational awareness isn’t just a tool or a technology — it’s a way of life that requires continuous, real-time evaluation of the environment (whether the goal is system operations, physical security, information security, or otherwise), correlation of different types of events and other data together, and the ability to act on abnormalities right away. Second, to make all of these things happen, you need the right tools to facilitate — not automate – situational awareness. In the information security world, that means collecting all security-related data, whether that data is encapsulated in events, asset state, network traffic, system performance, or any other piece of information. Once you have the data, the other critical capability is correlation: are unusual network traffic, an abnormal performance metric, and an unauthorized change on a server related? If so, how?
Just like in physical security systems, in the world of information security there are plenty of assets generating security data: events from host OS’s, devices, applications and databases; point security tools like IDS/IPS and anti-malware; performance data; network traffic; the current operating state of systems; and so much more.
Like the architects of physical security at Freedom Tower, delivering situational awareness for information security requires the ability to bring all of this data together into a single location, and correlate this data to find abnormalities — the hallmark of situational awareness. Unfortunately, there aren’t many solutions available today that really do this for information security: SIEMs have limited data collection capabilities, and treat everything like an event (which is decidedly not situational awareness); configuration management tools have no visibility into events or what’s happening at the network layer; and NBA and network monitoring tools lack visibility into system state. So, like a CCTV system, or an HVAC controller, or an elevator system, each of these information security tools provides visibility into a limited — but critical – wedge of data. You still need something to bring all the data together, and facilitate true situational awareness. Fortunately, we know exactly where you can find a product that does this.
Forget End-of-Year Predictions… We Have End-of-the-World Predictions!
As we officially kickoff “prediction week” – where virtually every security vendor, journalist and pundit gazes into their crystal ball and prognosticates about the next twelve months – we at eIQ have decided to up the proverbial ante. Our predictions aren’t just about the next year… they’re about the end of the world.
How’s that, you might ask? Well, it all starts – or rather, ends – with our favorite pre-Columbian civilization, the Mayans. Ah, the Maya… ask anyone on the street today about them, and the first thing you’re likely to hear about is the Mayan calendar. Like other Mesoamerican civilizations such as the Aztecs and Inca, the Maya very much believed that time operated in cycles. The Maya “long count” calendar – the longest individual cycle – is currently scheduled to complete on December 21, 2012.
The Mayans themselves would simply start a new cycle (called b’ak’tun) on December 22; but in our clever world, that’s not good enough for many. Unfortunately, the end of the “long count” cycle this year has been misinterpreted by some as “the end of the world” – often by people who are looking to make a quick buck. Rest assured that just as Y2K, the IRS tax deadline of April 15th, and other critical dates have been the focus of phishing and other scam activity in the past, so too will December 21, 2012.
It’s only a matter of time before we start seeing it: “Click here to download the PDF [which is infected] / program [which is trojaned] / website link [which is XSS’d to malware] that shows you why the Mayans were right about the end of the world!” Like any other scam, these emails and web ads will play to people’s worst fears, and doubtless some of them will succeed in facilitating identity theft, illegal transfer of funds, or even worse. People are fascinated by doom, and the idea that someone might have “secret knowledge” will cause many unsuspecting people to be drawn into these scams. We saw this happen endlessly during Y2K, over ten years ago when the term phishing hadn’t even been coined yet. With the advent of new methods to reach people – no longer just e-mail, but text messages, social media sites, embedded links in documents, and so many more – the amount of fraud that will be perpetrated from end-of-the-world scare tactics will be extreme.
So remember, you heard it here first… and if we’re all still around on December 22, 2012, we’ll see if we at eIQ were right. 
If Containment is the New Prevention…
A couple of weeks ago, Websense published its cybersecurity predictions for 2012. One in particular prediction caught our eye: that containment will become the new prevention. We’re assuming that Websense’ prediction is that the focus for many organizations will shift from preventing external and insider attacks, data breaches, and other incidents, to containment (rather than being something that many aspire to, but very few have yet to attain, by the way…)
We’ve been saying the same thing for a number of years. 2011 has demonstrated that, Read more…
“…there will be a catastrophic attack on the United States within the next 12 months”. Are you ready?!
Vendors, particularly those working in the security space, are often criticized for what many see as spreading fear, uncertainty and doubt [otherwise known as FUD] as a marketing tactic – using the prospect of a terrible event as a lever to persuade organizations they need a product or service. But, when somebody like Rep “Dutch” Ruppersberger, a member of the House Intelligence Committee says it, surely everybody should take notice?
We’ll let you judge for your selves… Read more…
Get Situational Awareness Today… No Strings Attached!
Today we are pleased to make available SecureVue Express, a no-cost version of our award-winning SecureVue, the industry’s first unified situational awareness platform. SecureVue Express is available as a Read more…
From Russia with Malice
Three weeks ago a pump at a water treatment facility in Illinois was damaged by a malicious attack launched by an attacker using a computer based in Russia. Or maybe it wasn’t. Perhaps the pump was destroyed, but the attacker wasn’t based in Russia. Maybe nothing happened at all… in fact, the DHS is now denying that a hack even occurred; yet the FBI has, according to reports, launched an investigation.
If we’re honest, there is no consensus on what did, or did not, happen in Illinois – not whether the attack (if indeed an attack took place) was based in Russia, or any other country. The purpose of this post is not to speculate one way or another. The confusion is, however, Read more…
The first casualties of cyber war.
In his latest post for AOL Government eIQnetworks’s John Linkous explores how, in our increasingly networked society, it is only a matter of time before we see the first casualties from advanced persistent cyber attacks. He also asks what can be done to mitigate the risk of virtual attacks affecting the physical world.
You can read John’s post in full at http://ow.ly/8H5uB