Skip to content

RSA and The “New Normal” of Cybersecurity – Part 4

March 25, 2011

Near-Real Time Visibility to Make Effective Decisions.

by John Linkous

Last week, RSA announced that a successful advanced persistent threat (APT) attack against the company’s infrastructure has resulted in the exfiltration of data that could potentially be used to reduce the effectiveness of RSA’s wildly popular SecurID two-factor authentication products.  While we don’t yet know what was compromised (A token seeding database? Future product design data? We may never know…) or who conducted the attack (China? The Anonymous group?), we do know one thing: the perception of the effectiveness of “secure” authentication and encryption has been deeply shaken.  The fallout from this compromise will likely be swift, and significant.

In my previous post I offered three things that organizations can do to mitigate these complex, advanced threats.

Having Access to All Security Data

Knowing How All the Security Data is Related

Near-Real Time Visibility to Make Effective Decisions.

In this final post I want to look at achieving near-real-time visibility of your security position to aide effective decision-making.

Recently, I spoke with with a global financial services firm that discussed how they were bringing together all of their security data (both event-based, and non-event based) into a single database platform, front-ended with a business intelligence (BI) tool to run queries and analysis.  Certainly, there’s nothing wrong with that; however, that approach is not the same thing as situational awareness.  Why?  Because it doesn’t provide the ability to make decisions in real-time.  It cannot help you if you’re in the process of experiencing an APT attack; it can only help you discover the attack pattern after-the-fact… and after critical data has been exfiltrated from your environment.  A true situational awareness solution requires real-time (or very near real-time) correlation and analysis of all security data, and needs facilities such as pattern/behavior recognition, live monitoring, and alerting — as well as backward-looking forensic analysis.

Do you have near-real-time visibility of your security position?  Could you make a decision based on up-to-date security data if your network came under attack?

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: