Verizon’s versionon the 1, the 2 and the 3
Verizon’s version on the 1, the 2 and the 3
March/April Edition, 2008: One of the many dangers being pointed out in the world of security these days is employees and how they can inadvertently trigger an avalanche of problems should they put a foot wrong by mistake. IDM investigates Verizon’s version of the three pillars of security.
Mark Goudie, Principal Security Architect at Verizon Business believes any remediation or preventative program needs to incorporate the three pillars of security; that being people, process and technology. Having users who don’t know what they’re doing and don’t know how to act in a certain situation is a serious threat.
“Having a system admin crawl all over the scene of a cyber-crime is like the police having their forensics team come to a crime scene where someone’s has shot mum and the kids and you’ve had the whole neighborhood walk through the place,” says Goudie.
When this happens there’s no chance of picking up any evidence. In a similar vein, Verizon tries to tell customers to minimise the amount of interaction they have with the systems so a team can be quickly sent on site to validate if there was an incident or not and then start the ball rolling on a proper investigation.
One of the many questions organisations are asking is what to do once you have a full security suite installed, Goudie believes it’s important to think back to the three pillars and make sure there’s a balance. This often means looking at monitoring and access control, while paying close attention to response times.
“Organisations need to have good monitoring systems that are actively being watched for attacks. If they don’t then it’s akin to having a security system at home that’s not plugged in, or a back to base alarm system that doesn’t have a speaker, you can find out afterwards that someone broke in but it doesn’t prevent the robbery.”
Failure to monitor effectively comes with a hefty price tag, particularly in Australia where Verizon has been observing a rise in targeted attacks. This is an interesting development because traditionally these attacks have been landing on US and European shores, though considering how interconnected most business models are it was only a matter of time.
Another potential threat area Goudie believes is sure to occur eventually is the lucrative cluster of targets created by virtualisation. Virtual Machines (VM) are vulnerable to infection like your standard server, though no threats have yet emerged that can successfully infect the VM manager software and open the door to infecting the entire cluster.
“I’m sure there are people trying to work out ways of doing it right now, there is a substantial payoff if peoplecan compromise the manager software,” says Goudie.
Thankfully though no successful attack of this nature has yet been recorded, though Goudie believes the approach is like putting all of your eggs in one basket and is sure to betargeted eventually.