Breaches are Inevitable
Posted by: Andy Alsop in Breaches, Links to articles, NetFlow for Security, tags: Alerts, Flow, Logs, netflow, network securityDon’t believe me? Just ask TJX or Monster.com or The Department of Homeland Security or Salesforce or TD Ameritrade or…..still don’t believe me? Well, check out what Sal Iannuzzi, CEO of Monster.com had to say (he agrees with me):
“I wish I could say…there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no Internet company can.” 08/29/07, Reuters
If you still don’t believe me then feel free to move on. If you do, then read on.
Let’s reflect back on the past 12 months to perform that so-called “rocking chair test.” It certainly was a busy year! In fact, the Threats Watch Blog even went as far as to call 2007 “The Year of the Data Breaches.” Additionally, CSO magazine has a excellent summation of the past year in their article: The Top 10 Data Breaches of 2007.”
So, what can we learn from this past year? Three things:
- Breaches are Inevitable.
- Organization can no longer rely solely on Protection (Firewalls, IPS, etc) & Detection (IDS, Event correlation, Alerting) for security.
- Organizations must have a comprehensive breach recovery plan in place.
Will your organization experience a breach today, tomorrow or next week? Maybe, maybe not. What you can be sure of, particularly if the data on your network is of high value, is that not one but many, many individuals are trying to get at your data both from inside and outside your network. While obviously, organizations can’t stop investing in protection and detection to stop these types of threats it is critical for organizations to understand that a comprehensive IT security plan includes Protection, Detection AND Recovery.
One of the best ways to create the foundation for a solid recovery plan is to develop an extensive data store of all of your organizations Flow data, Alerts and Network logs. That is certainly a positive step but then you have to ask, what do you do with all that data? To really create that powerful foundation you’ll need a solution to perform very fast searches over all of that data so that when you get a network alert you can “dig deep” and definitively determine the extent of an alert, potentially saving your organization from disaster.
In the coming months we will explore just how to create that solid recovery plan (the third leg of the stool, if you will). Start on that New Year’s Resolution and start collecting that Network Data, particularly your NetFlow data. My partner Ben describes ways to do this in Collecting NetFlow Data.
Entries (RSS)