September 2010 Archives

Procrastinators never cease to amaze them. They seem to have a ready excuse (no matter how lame) for every inaction and delay. Having taught in universities for many years, I found that procrastination ran high among students. I in particular remember days on which term assignments were due and how so many bedraggled-looking students would come to turn them in and then take a seat and fall asleep. Procrastination does indeed have some serious downsides.

Procrastinators can be found everywhere, not just in university settings. In the information security arena they are professionals who delay planning and starting sorely needed initiatives and projects. They may also have an excellent security architecture, but may for various reasons have been slow in implementing critical elements within this architecture. Funny thing--so often one of the missing elements is Security Information and Event Management (SIEM) technology.

In previous blogs I have described what I believe to be the major advantages of using SIEM technology. Despite all these advantages and also considering the sorry current state of intrusion detection and intrusion prevention (with a few notable exceptions, of course), one would think that information security professionals would be lined up to purchase SIEM tools. Instead, somehow they have reasoned that SIEM technology will have to wait another year, and then when that year goes by, that it will have to wait still another year.

SIEM technology is just too critical to be pushed aside year-after-year. As I have said before, the subtle nature of so many of today's attacks has pushed event correlation technology to the forefront of detective controls. Intrusion detection and prevention tools, firewalls, personal firewalls and logging daemons may be capable of detecting pieces of attacks, but each one in and of itself is generally not capable of "seeing" a whole train of events. The result is that major attacks continue to go unnoticed for surprisingly long periods of time, with TJX's delay of 18 months in noticing the massive wave of credit card data theft that it experienced being what is probably an all-time record. (Should records of this nature also be included in the Guiness Book of Records?)

Frankly, if I had a choice between buying an intrusion detection tool and a SIEM tool, I would not have to think very hard. The same would be true if I had to decide between buying an intrusion prevention tool or a SIEM tool.

Unfortunately, not every SIEM tool is capable of performing thorough and accurate event correlation, either. Were I still a CISO, I would consider buying and using only a select few of these tools for operational purposes. A few vendors seem to have caught on to what it takes to design and implement strong event correlation capability, but, lamentably, most have not.

Procrastinators will continue to sit on the proverbial fence, but procrastinating when it comes to buying and implementing SIEM technology is just plain old every day unwise. I honestly do not understand how a CISO could possibly claim that that person's information security practice is a best practice, or even a good practice, unless SIEM technology were a big part of the security technology. It is time for us to wake up to the fact that situational awareness is now more critical to information security practices than ever before, and thus that the need for SIEM technology is today, not a sometime in the future.

This workshop being held in Denmark on Sept. 26th, 2010 on Digital Object Memories.
at the Ubiquitous Computing Conference
The integration between biological technology and nano-technology should be interesting imagine trees with the ability to store memories of it's life and times and the things around them. Sounds like science fiction doesn't it? But does the Internet of Things include biological objects? Human Memory Access probably brings up all sorts of privacy and legal issues internationally. How will all this be collected and correlated for data mining and forensics?

The primary goal of the workshop is to bring together technical experts, artists, designers, and possible end-users of Digital Object Memories in order to discuss technical, social, privacy, and legal implications of object memory systems, to establish a common view on requirements to digital memories, and to leverage cooperation in future activities. The workshop will combine traditional presentations and discussion with a practice-based experimentation.

Digital Objects Memories in the Internet of Things

Possible workshop topics include (but are not limited to):

* Architectures: General architectures and middleware approaches which allow for the realization of item memory functionality.
* Memory Content Representation and Modeling: Formats and methods for the representation and exchange of object memory content.
* Memory Creation: Technologies and concepts for the manual, semi-automatic, or automatic creation/capturing of memory content.
* Memory Mining: Algorithms to derive higher-order information like interaction patterns or state anomalies from object memories.
* Human Memory Access: Technologies, concepts, and interaction metaphors that make the content of object memories accessible to human users.
* Applications and Experiences: Application scenarios and existing implementations of digital object memory systems.
* Privacy and Legal Aspects: Discussion of topics like ownership of recorded data, access control, trustworthiness, or duration of storage.
* Social Implications: Discussion and studies related to possible implications of object memory systems on human relations to objects and other humans.