Vulnerability, security and compliance

Security
Written By Owen Windsor

Owen Windsor, Symbiote’s Managing Director, explains that it’s possible and necessary to actively identify, monitor and respond to security threats across your systems.

There’s been a clear increase in the volume and types of security threats for businesses with internet-facing activities. Many of these are directed at individual users through techniques like phishing, but we’re increasingly seeing bad actors targeting service providers as a way to maximise their attack potential and reduce the effort that it takes to be able to compromise large volumes of users.

 

Security policies are one thing, but you also need protocols for active monitoring and response to threats

We’ve noticed that many large organisations or government departments have security and privacy policies, but no protocols in place to actively monitor and respond to understand their areas of vulnerability, and no way to actively identify, monitor and respond to the security threats that continue to proliferate.

Clients understand that ransomware, trojans, data exfiltration and identity theft are real threats, but they often don’t understand the myriad potential points in their systems where attacks could take place undetected. They need a tool to identify where they’re vulnerable, then to ensure that those vulnerable points are monitored and secure.

 

Breaches are serious – firewalls and compliance audits don’t provide anywhere near enough protection

Apart from the way a breach would affect any of our clients’ perceived trustworthiness, there are also serious consequences for Australian organisations who don’t comply with privacy laws or who are found to have mismanaged credit card payments. Breach reporting is mandatory in Australia, however many organisations don’t even know they’ve had a breach until their data turns up on the internet, or they’re the subject of an embarrassing news story.

Some of our clients think that they’re maintaining adequate security because they have in-house IT staff, firewalls and they do a regular compliance audit. However, their staff can only be effective when they have a method to actively detect and respond to threats, firewalls are a blunt instrument to keep people out or allow them through, but which don’t give you information about attempted access or unauthorised activities, and compliance audits done after the fact will detect any breaches too late.

Compliance audits only pick up problems after they’ve occurred. Real compliance involves ensuring you have full, real-time visibility of the security of your system and information.

 

We use AlienVault for live reporting and response to security threats

We’ve been using AlienVault at Symbiote to identify and monitor all of the security vulnerabilities that could threaten our clients’ web-facing environments. Since we’re intimately acquainted with the entire architecture of our clients’ set-ups, and we use open-source tools like Silverstripe, AlienVault is the best tool we’ve found for providing live reporting on threats, so attacks or any unusual behaviour can be managed by the client’s own IT team. If there is a breach, AlienVault immediately provides essential information to block the attack and identify what was accessed. We can also set up automated rules to deal with similar kinds of threats in future.

To sum it up, these are the features we like most about AlienVault:

  • Enables live vulnerability assessment, identification and reporting

  • Identifies security threats, unusual activities and active attacks

  • Detects data breaches

  • Monitors file integrity

  • Allows automation or event-trigger rules to be set up – saving security experts a significant amount of time

  • Discovers new assets and their points of vulnerability when they’re added to cloud hosting solutions

  • Provides confidence that security is actively being monitored and nothing’s being missed, while keeping you apprised of any new kinds of threats to your system.

  • Manages compliance in real time, not in retrospect via an audit.

 

About AlienVault

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides a feature-rich open source SIEM complete with event collection, normalisation and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: an SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

We think it’s an enormous advantage that AlienVault is backed by AT&T, as this means that they’ve got the money to keep up their development effort and ensure that their product remains a front-runner when it comes to detecting and managing all kinds of contemporary threats.

Owen Windsor

Previous

Sharing job-seeker assistance software makes sense for government departments
Next

Bug catching is an important part of application support