Skip to content

Call of Duty – Transparent Disclosure [Part 2]

May 3, 2011

This morning Sony acknowledged that another network breach, related to the first one, has been identified.  This time it involves Sony Online Entertainment (SOE).

From what we know so far it isn’t a separate attack, but a second breach that occurred during the first attack.  While details are still vague it’s reported that it involves 12,700 credit card numbers – Sony has not confirmed this.  That takes the total user records compromised by the attack on both the SOE and PSN, Qriocity attack to around 100 million.

The question most journalists, analysts and commentators will be asking is how did this happen?  Any CISO or Enterprise Security Analyst in charge of a large distributed network will understand how it could have taken 15 days for this second breach to come to light. Unless Sony has a platform that enables it to capture, correlate and analyze the millions of data security records on its network, in all formats via a single console, the process of identifying the source, target and scale of the attack will involve multiple systems and reports and require days of grueling manual analysis by Sony’s security analysts.

There are those who questions Sony’s transparency – personally I see an imperfect process.  After all, having spent yesterday apologizing to customers it’s unlikely the company would want to lose any more face unless it absolutely had to.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: