Intellitactics

Gordon Anthony, GASystems Managing Director explains their success: “We are known as a client focused organization and customers trust us to understand their business and provide the best of available technology to solve their problems.”

Brent Davidson, Intellitactics VP International Sales welcomes GASystems "We believe we have a winning relationship with GASystems. They are professional, enthusiastic and committed to finding the right solution for each client.”

Read more about other Intellitactics partners and see for yourself why Intellitactics SAFE is the most capable SIEM solution with the lowest cost of ownership. 

A couple of weeks ago we introduced you to Rob Ayoub from Frost & Sullivan. He was a guest author on “What’s New in Information Security?” and wrote a series on the new forensics.

We also reviewed new standards for federal agencies – the Consensus Audit Guidelines. These are part of new guidance to federal government agencies which suggest that “offense must inform defense” meaning that knowledge of actual attacks that have compromised systems provides the essential foundation on which to construct effective defenses.

What better way to “know” the offense than performing forensic investigation without having to spend time on traditional, and often expensive, forensic investigation.

Intellitactics believes that forensics is another benefit of using a SIEM solution like Intellitactics SAFE or Intellitactics Security Manager. These SIEM solutions allow for easy monitoring of sensitive data and can provide critical data at the fingertips of an incident response team or law enforcement should a breach be criminal in nature.

So we asked Matt Schnarr, a senior security field engineer, to put together a short presentation on using Intellitactics SAFE as a forensic toolto perform preliminary investigations – a fast way to “know” an attack and to discover details to confirm or corroborate. See Matt’s presentation called Forensics on a Dime and then see for yourself how easy it is to use SAFE.

However, complying with PCI DSS should not be considered a silver bullet for protecting information and battling fraud. Consider that many of the companies victimized by data breaches in the past several years were, in fact, found to be PCI-compliant prior to the breach. (e-Commerce News, January 22, 2010). When the breach occurred, however, they had unwittingly fallen out of compliance. This puts companies at risk for a breach or an audit resulting in hefty fines that could bring them to their knees. Unfortunately, most find out the hard way.

A complete PCI DSS Compliance solution requires more than logging. Automated continuous monitoring of security events keep merchants compliant between the assessments.

Intellitactics SAFE (SAFE) is a fully capable appliance that is simple to deploy and easy to use. There are several ways to experience the benefits of SAFE: you can collect and keep all the logs locally and collaborate with a security service provider for 24x7 security event monitoring. Or you can define a service level agreement that covers logging and event monitoring and get your reports from a portal or dashboard. Or you can do it ALL on site. Most important you can do it ALL with SAFE!! 

See for yourself then set up a time to speak with any of our customers or service provider partners.

We love Google, we use Google. It's part of our lexicon - it's become a verb - like "google it" or "I was googling.. . ." where googling equates with searching. In fact the other day someone said "I was on BING googling about the weight of a cubic foot of snow . . .". This post is about the international impact of Google's business practices. We've commented on other Google shennanigans in previous posts. This time Warren Axelrod shares more Google stories and his opinion on Google's global responsibilities. 

From the desk of Warren Axelrod: Consider the position presented by Eric Pfanner in the New York Times article “In Europe, Challenges for Google on Privacy and Copyright Protection”, (February 2, 2010 issue of The New York Times, Section B). Privacy issues aren’t new to Google. In the town of Molfsee in Germany they resented Google’s app Street View taking pictures of the streets in their town. The German minister of justice accuses Google of “tearing down privacy protections.” Now the Italian government “has proposed a law making online video services … liable for invasions of privacy, copyright and other transgressions that occur in user-generated content.” The article further reports that four Google executives are on trial in Italy, having been “charged with defamation and privacy violations in a case involving videos posted on a Google Web site that showed the bullying of a boy with autism.” The article goes on to list other issues in Italy, Switzerland and Germany.

 I think you can see the irony when comparing and contrasting Google fighting to protect users’ email privacy in China while also fighting to violate perceived privacy rights in other countries. Is Google guilty of establishing a double standard?

As a multi-national company based in the US,  I believe that Google has a responsibility for doing business in foreign countries according to the laws in that country. There was no popular vote in the US conveying power to Google to force our Bill of Rights or Constitution on other governments.

 I continue to question why Google appears to have been allowed to run roughshod over the privacy and property-ownership rights of individuals in the US.  My personal view is that the legal and regulatory systems throughout the world move at a far slower pace than does Google in its introduction of new features. The former are always playing catch-up, usually after the damage has already been done.

I think it is time that we saw more privacy and property rights protection laws on the books, which anticipate technology innovations and advances, and enforcement that nips potential violations in the bud. Once something is released onto the Internet, it cannot be retrieved or revoked. And, thanks to technologies like Google and others, there are ready searches of prior publications where these remain accessible forever.

In my opinion, it is damaging to our National credibility and reputation to be represented by Google in this way. I also think that Google needs to take on greater responsibility for proactively protecting personal privacy and other rights and for rolling back the features, services and capabilities that threaten to compromise those rights as they are recognized in this or other countries. This should apply to whichever side of the fence Google finds itself.

A couple of weeks ago, one security vendor had a product announcement that made me LOL. Their BIG news was that they were integrating their EVENT management with their LOG management. I checked the date on the article to make sure this wasn’t a Google hiccup.

Hello! Intellitactics SIEM solutions have offered LOG PLUS EVENT management for SIX YEARS!

This vendor, with a name that looks like an explosive, was exploding into the news with the details of how they are now integrating two distinct functions in their product line – log management and event management.

What really made me ROFL was the explanation for WHY they were integrating these two functions and here it is verbatim: “. . . it’s a compromise created by the industry to prevent systems failing from too much data. Compliance requirements lead to massive logs. . . which can easily outstrip the capacity of a legacy SIEM in a short time.”

Where has this guy been? Intellitactics Security Manager and Intellitactics SAFE offer SIEM solutions with a product architecture that handles massive amounts of logs and with the same strength handles peak events during attacks while correlating events and delivering reports against summarized data. At Intellitactics we took the SIEM definition seriously – security information AND event management in one fully integrated SIEM solution.

Their spokesperson went on to say: “Everyone claims they have an integrated system – but it’s brand level integration, or two entirely separate products.”  I guess that’s what they’ve been offering until this BIG announcement that they are really integrating the two functions.

Intellitactics customers are managing up to 7 BILLION events per month – 220 MILLION events per day – collecting logs, correlating events and running reports with ONE fully integrated SIEM solution.

In fact, we never had TWO separately branded products for logging and event management because you should never collect logs without knowing that you can do more with the logs. Intellitactics SIEM enables you to collect logs, then transforms them into a fewer number of actionable events. With a SIEM solution like ours, false positives are a memory and security analysts are able to be proactive when responding to alerts. And all of this from the SAME SIEM solution that provides audit worthy reports for auditors and assessors.

Yes, in the words of our worthy competitor – “it is nice to know who is hacking you”. Intellitactics SIEM solution offers the history and experience of an integrated SIM and SEM starting at $25,000. OMG!

Protecting information assets and critical infrastructure is increasingly challenging. There is no silver bullet and we've written several times about the role a SIEM solution can pay in defending against attacks. Everyone in the security community agrees that proactive applications of new technology and processes is essential to strengthening cyberdefense. 

I wanted to share a comprehensive research report sponsored by McAfee. You know that 
Intellitactics SAFE is a McAfee compatible SIEM featuring bi-directional integration with McAfee ePO. This research exposes some startling facts and gives you access to leading edge strategies to protecting critical infrastructure.

The survey data paints for the first time a detailed picture of the way those charged with the defense of critical IT networks are responding to cyber attacks, attempting to secure their systems and working with governments.

Highlights from the report include:

* Sixty-one percent of attacks on critical infrastructure include service disruption
* One in five critical infrastructure entities reported being the victim of extortion
* Nearly a third of those interviewed suffer large scale DDOS attacks multiple times each month, and nearly two thirds of those attacks impact operations

Download this report and then see how Intellitactics as a McAfee ePO partner can improve security effectiveness and the efficiency of security providers.


 

I find that most enterprises do not think about SIEM as a forensics tool. They think of it as a log aggregator or as a compliance engine and yet, given the increase in data issues we have today (which is only the tip of the iceberg), enterprises need to find a way to be smarter about their own internal investigations before they bring in law enforcement or pay costly consulting fees. 

It turns that that some SIEM solutions enable an enterprise to do all the precursor of an investigation without making its employees feel like they're being watched and without the hassle and time of an intensive forensics process. By setting appropriate policies, a SIEM device could easily help an enterprise determine if inappropriate behavior is going on. An employee could be monitored until reasonable evidence existed and then if necessary the machine could be commandeered.

Frost & Sullivan believes that a solution like Intellitactics ISM provides enough flexibility in its policy creation engine to allow enterprises of all sizes perform the kind of preliminary investigations needed to determine if a next step is necessary. Intellitactics has the ability to tie user identity to actions allowing for easy monitoring of sensitive data and can provide critical data at the fingertips of an incident response team or law enforcement should a breach be criminal in nature.

In the highly electronic world we live in today, the ability to conduct initial investigation is going to become second nature to enterprises. There’s too much data to try and run to law enforcement at every suspected infraction. SIEM will prove an invaluable tool in the initial evaluation of actions or an incident – helping to determine whether an incident occurred and if the corrective action is a human resources issue or a criminal one.

For more about the New Forensics listen to Rob's podcast!
Tell us if you're using your SIEM for forensic investigation. Comment NOW!

Fully capable SIEM solutions play many roles in enterprise security management. Rob Ayoub with Frost & Sullivan thinks there's a role for your SIEM solution during preliminary investigation.  

WELCOME ROB AYOUB - GUEST BLOGGER!

From the desk of Rob Ayoub:  A recent conversation at an ISSA meeting went something like this
 
“Rob, I don’t know what to do. I have a guy that might be stealing my customer lists and reselling them but I don’t really know.  Part of me wants to grab his computer and image the drive, but my guys aren’t really trained to do a real forensic investigation. Also, I’m afraid that if I imaged his machine, it would leak out and our employees would suspect that we were watching their every move.” 

Wow!  Talk about a situation with no easy solution. I think that many enterprises, especially mid-size ones are struggling with similar issues these days. 

Do you grab an employee’s computer one night and use a tool like EnCase to try and find the information? Maybe you just grab the computer and tell the employee they’re under investigation – raising alarm amongst all employees that they’re being monitored. How do you justify the time needed to perform an investigation. What if you’re wrong and the employee is innocent?

One of my favorite books is Cliff Stole’s classic novel The Cuckoo’s Egg. That was an unquestionable example of an intrusion that required a full-blown investigation and intervention by authorities. However, you don't want to subject your organization to something like that unless absolutely necessary.

Digital forensics used to be solely the realm of the FBI and other government agencies. Even today, most forensics tools focus on cleanup and investigation. It’s a lengthy process:

•         Traditional forensic tools require imaging a hard drive. In addition to that, the exploratory process is complex and finding information is analogous to finding a needle in a stack of needles.  

•         If a forensic investigation turns into a legal proceeding, then the investigation comes into question. This means that IT needs to be trained on the proper handling of a forensics investigation.

•         Many enterprises just want the flag raised, alerting them to possible problems. They don’t want to dive into employees personal machines. 
 

PCI DSS compliance is largely concerned with who has what access to cardholder data. Dom explains the steps they take with clients to ensure clarity on access and how to manage access.

Dom gives you practical advice - like narrowing the scope of the technical environment by using segmentation, administratvie access controls and levels of authentication and permissions within applications.

Listen to 56 Words on PCI Compliance featuring STI Group and Dom Genzano. Read about Everyday Compliance  and what you can do with Intellitactics SAFE.

Experienced emergency relief and humanitarian agencies caution that after the initial outpouring of support for Haiti from all over the world the challenge is sustaining interest and support in the long term rebuilding of Haiti. So much to do! Returning to some semblance of normalcy, rebuilding an infrastructure to support the Haitian people – one can only hope that post earthquake Haiti will be better . Warren Axelrod, a frequent contributor to What’s New In Information Security sent us this post.

From the desk of Warren Axelrod: The top priority in Haiti is to save lives. But once the heroic efforts of the first responders are over, the enormous task of rebuilding the country structures and infrastructure for the survivors will begin. There will be the clearing of debris and rebuilding homes, places of business and government infrastructure – a slow return to normalcy.

Thousands will be buried anonymously, leaving families and government entities without confirmation of their identities Millions of records may have been irretrievably destroyed; the task of recovering and reconstituting public and personal records will be next to impossible.

Like others I am donating and praying for the lives of the Haitians. But, I can’t push entirely from my mind the ramifications and repercussions that result when we fail to protect information assets like personal records. Prisoners have most likely escaped and will quickly assume new identities. Health records, insurance records, proof of ownership as it applies to real estate and personal property are gone leaving the living in a difficult position to prove who they are, what they own. Leaving Haiti for other countries will be impossible without personal identification.

From the perspective of enterprise security management I think we can agree that  contingency  planning for catastrophes is entirely different from regular continuity and recovery planning. It is necessary to think out of the box and to establish procedures to protect sensitive information, which account for the types of losses sustained by the citizens, businesses and government agencies in New Orleans, Indonesia, Kobe, and now Port-au-Prince.

As history has shown, catastrophes hit random places at random times. It’s impossible to predict where or when they will strike.- the one thing we can count on is that disasters happen. So some measure of preparation iis in order.

Should there be some mammoth repository for electronic copies of vital information for everyone on the planet? It would be a monumental task not to mention the security and privacy issues. But the project is worth considering. The database would be enormous … it might be an interesting challenge for “the Cloud”!

Join us and donate to the American Red Cross or consider making a donation to LIONS Clubs International Fund. The LIONS donate more money to disaster recovery than any other philanthropy in the world.

Brought to you by SANS:  SANS, the largest most trusted source of information security training and certification in the world, created the SANS Analysts Program in which SANS instructors and analysts create comprehensive industry reports on critical IT security topics.

If you thought your IT budget was under attack it wasn't your imagination. Couldn't find the budget for a SIEM solution or PCI-DSS compliance solution? There was a decline in IT spending of 8.2% in the US and 8.9% worldwide according to Forrester Research. But there is GOOD NEWS for 2010: IT spending in 2010 should increase 6.6% in the US and 8.9% globally. The percent increase equates to $1.6 trillion!! That’s a lot of software and hardware. 

Forrester says the rebound in IT spending is based on "smart computing" in which more aware technology is combined with advanced analytics. Smart computing includes virtualization and unified communications. Andrew Bartels, principal analyst with Forrester, predicts that “. . .smart computing will kick off a six or seven year cycle of IT growth, investment and innovation. . . " and “. . . marks the beginning of this next phase of technological advancement.”

Spending on IT outsourcing is expected to grow 7.1% and spending on software is expected to grow 9.7%.  Regionally Forrester is predicting 11.2% rise in technology purchases in Western and Central Europe with purchases in Canada growing 9.9%.

We hope you’re expecting the same good news for spending in your organizations. In 2009, we talked to many of you who lost funding for special security projects; lost headcount that limited your ability to put new safeguards into place.

If PCI DSS compliance is at the top of your priority list for 2010 - here’s some good news! With our partner Quest Systems, for as little as $1500 a month, you can have an enterprise class PCI DSS Compliance solution like Intellitactics SAFE on premise and have the same operational control as organizations with a 24x7 SOC.   You get the reports you need and dashboard views of key compliance measures. Intellitactics SAFE not only improves assessment readiness, it provides you the essential capabilities to improve security efficacy and reduce the cost of compliance.

How close are the Forrester predictions to your 2010 budget – comment now. Learn how to get more from your SIEM solution – read  Everyday Compliance.

There’s been a lot of predicting going on with the advent of 2010. Right after the terrible earthquake in Haiti- a lab in California predicted that there’s a 99.5% of an earthquake with a 6.5 magnitude along the San Andreas Fault in southern California. That’s a pretty safe prediction – based on history and science. This prediction is different from predicting that an earthquake would destroy Pittsburgh, PA – where I don’t think there’s ever been an earthquake of any note before.

I’ve been following the predictions about security. One prediction important to a SIEM solution vendor like Intellitactics is the prediction made by the 451 Group that many of the security activities in 2010 will be defined by regulatory mandates such as PCI DSS, HIPAA/HITECH and others. This means that from the smallest to the largest organizations there will continue to be preoccupation with compliance. I wish we could predict that everyone will embrace PCI DSS compliance software to finally move beyond assessment readiness to remediation of assessment findings – but I’m not that bold!  

Nobody is predicting that energy around PCI DSS compliance will evaporate. What we see is that those organizations that were paying very little attention to security are now doing it ONLY because of PCI. In fact it seems that some organizations are basing their entire security strategy on PCI DSS instead of ISO, ITIL or some other best practice framework. We make this a little easier by aligning best practice controls to regulatory standards. It’s like putting a serving of vegetables in Manwich or fruit juice. If you don’t like the taste of the framework – you get your daily allowance whether you like it or not.

PCI DSS compliance may equal security for more organizations by the end of 2010 – there’s a prediction similar to an earthquake in southern California in the next 30 years.

Curious about PCI DSS Compliance software? Check out Intellitactics SAFE. Do you have a prediction for 2010 or beyond – share it here.