Skip to content

“The RSA breach wasn’t advanced; what happened afterwards was…”

March 30, 2012

At our Washington DC Executive Briefing on Wednesday, we were lucky enough to be treated to a keynote by former White House CIO Theresa Payton, who talked about the issues facing Federal security professionals as they battle to protect the nation’s critical infrastructure and sensitive data.  Over the coming days we’ll be sharing some of the points that she made with you, as well as a full transcript of Theresa’s presentation.

One of the most interesting – and thought-provoking – things that Theresa said was around APTs (Advanced Persistent Threats).  She made the point that the term has been used and abused – and in many cases is misunderstood.  She used the RSA breach of 2011 as an example, saying that the breach itself wasn’t all that advanced, but what happened after the environment had been compromised, was.

The problem is that often all that security analysts see is the breach (at the point of entry into the environment) and the damage done to the intended target (often the removal of data).  They don’t see the complexity of what happened between those two points because their systems don’t allow them to. Why? Because traditional point tools collect one piece of data, and send them to a traditional SIEM tool that turns them all into log and event data.  All the analyst sees is a lot of logs and events – they never see, for example, configuration changes as the state-based data that it is, or network traffic as a unique and highly different data type than server logs.  Similarly, the correlation between these different types of data in their native formats and even the best forensic analysis tools will only provide a low-resolution image of the true scale of an attack using log and event data.  Perhaps it’s easiest to think of SIEM as old-fashioned televisions that are only able to provide black and white images, when what security analysts really need is a full 1080p, high-definition color picture with Dolby Surround Sound.

Wouldn’t it be great if you could see your network in high definition?

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: