Vulnerability, security and compliance
Owen Windsor, Symbiote’s Managing Director, explains that it’s possible and necessary to actively identify, monitor and respond to security threats across your systems.
There’s been a clear increase in the volume and types of security threats for businesses with internet-facing activities. Many of these are directed at individual users through techniques like phishing, but we’re increasingly seeing bad actors targeting service providers as a way to maximise their attack potential and reduce the effort that it takes to be able to compromise large volumes of users.
Security policies are one thing, but you also need protocols for active monitoring and response to threats
We’ve noticed that many large organisations or government departments have security and privacy policies, but no protocols in place to actively monitor and respond to understand their areas of vulnerability, and no way to actively identify, monitor and respond to the security threats that continue to proliferate.
Clients understand that ransomware, trojans, data exfiltration and identity theft are real threats, but they often don’t understand the myriad potential points in their systems where attacks could take place undetected. They need a tool to identify where they’re vulnerable, then to ensure that those vulnerable points are monitored and secure.
Breaches are serious – firewalls and compliance audits don’t provide anywhere near enough protection
Apart from the way a breach would affect any of our clients’ perceived trustworthiness, there are also serious consequences for Australian organisations who don’t comply with privacy laws or who are found to have mismanaged credit card payments. Breach reporting is mandatory in Australia, however many organisations don’t even know they’ve had a breach until their data turns up on the internet, or they’re the subject of an embarrassing news story.
Some of our clients think that they’re maintaining adequate security because they have in-house IT staff, firewalls and they do a regular compliance audit. However, their staff can only be effective when they have a method to actively detect and respond to threats, firewalls are a blunt instrument to keep people out or allow them through, but which don’t give you information about attempted access or unauthorised activities, and compliance audits done after the fact will detect any breaches too late.
Compliance audits only pick up problems after they’ve occurred. Real compliance involves ensuring you have full, real-time visibility of the security of your system and information.
We use AlienVault for live reporting and response to security threats
We’ve been using AlienVault at Symbiote to identify and monitor all of the security vulnerabilities that could threaten our clients’ web-facing environments. Since we’re intimately acquainted with the entire architecture of our clients’ set-ups, and we use open-source tools like Silverstripe, AlienVault is the best tool we’ve found for providing live reporting on threats, so attacks or any unusual behaviour can be managed by the client’s own IT team. If there is a breach, AlienVault immediately provides essential information to block the attack and identify what was accessed. We can also set up automated rules to deal with similar kinds of threats in future.
To sum it up, these are the features we like most about AlienVault:
Enables live vulnerability assessment, identification and reporting
Identifies security threats, unusual activities and active attacks
Detects data breaches
Monitors file integrity
Allows automation or event-trigger rules to be set up – saving security experts a significant amount of time
Discovers new assets and their points of vulnerability when they’re added to cloud hosting solutions
Provides confidence that security is actively being monitored and nothing’s being missed, while keeping you apprised of any new kinds of threats to your system
Manages compliance in real time, not in retrospect via an audit.
About AlienVault
AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides a feature-rich open source SIEM complete with event collection, normalisation and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: an SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.
We think it’s an enormous advantage that AlienVault is backed by AT&T, as this means that they’ve got the money to keep up their development effort and ensure that their product remains a front-runner when it comes to detecting and managing all kinds of contemporary threats.