A Situational Problem Requires a Situational Solution

Wednesday, March 07, 2012

John Linkous

39728eff8ac87a48cfb050f0df29ceaa

A quote posted to Twitter about one of the presentations at the recent Security BSides conference in San Francisco struck a chord and I wanted to comment on it. 

It went something like this, ‘Information Security is situational – and as a result it is very difficult to generalize about the best way to protect an organization against it. “

This quote encapsulates the challenge faced by security professionals every day – and provides an insight into the best way for large organizations to address it. 

There is no one – or event fifty – cookie-cutter cyber or insider attacks – each one is deliberately designed by the perpetrator to use an infrastructure against its owner and to enable the attacker to get as quickly as possible to the intended target and get out again undetected. 

The days of signature-based attacks are over. So, if the problem is situational then if figures that the solution needs to be situational also. 

Rather than looking in all of the ‘usual’ places for the signs of an attack the key is to collect data from all parts of the network, correlate it in real-time and identify any anomalous activity. 

This approach is called Situational Awareness.

Situational Awareness is already being used in a range of industries, from EMS to air traffic control and on the battlefield.  The time has come for it to become an accepted practice for those charged with securing large corporate networks.

Cross posted from The Situational Room

Possibly Related Articles:
5514
Network->General
Information Security
Security Strategies Best Practices Data Loss Prevention Attacks Network Security Security BSides IDS/IPS Situational Awareness BSidesSF
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.