Skip to content

A situational problem requires a situational solution!

March 3, 2012

A quote posted to Twitter about one of the presentations at the Security BSides conference earlier in the week in San Francisco struck a chord and I wanted to comment on it.  It went something like this, ‘Information Security is situational – and as a result it is very difficult to generalize about the best way to protect an organization against it. ”

This quote encapsulates the challenge faced by security professionals every day – and provides an insight into the best way for large organizations to address it.  There is no one – or event fifty – cookie-cutter cyber or insider attacks – each one is deliberately designed by the perpetrator to use an infrastructure against its owner and to enable the attacker to get as quickly as possible to the intended target and get out again undetected.  The days of signature-based attacks are over.

So, if the problem is situational then if figures that the solution needs to be situational also.  Rather than looking in all of the ‘usual’ places for the signs of an attack the key is to collect data from all parts of the network, correlate it in real-time and identify any anomalous activity.  This approach is called Situational Awareness.

Situational Awareness is already being used in a range of industries, from EMS to air traffic control and on the battlefield.  Its time has come for information security professionals.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: