Skip navigation

Whiteboard

3 Posts authored by: katebrew

"Hey Grandpa, tell me again the story about how you had to remember 53 passwords and they were all supposed to be different, and you were supposed to change them every 90 days.  That's a funny story!  I think you're making it up!"

 

 

I was just at an ISSA Austin meeting where Mark Thames of Toopher presented.  Great preso enjoyed by 125 atttendees.  So Mark asks the audience of security practitioners, "Who thinks passwords will be gone in 5 years?"  Maybe 3 people raise their hands.  Passwords are so ingrained in everything digital.  We are definitely not laughing yet.  


Mark had an interesting truism in his slides:  "Easy-to-remember passwords are bad passwords.  Hard-to-remember passwords are bad passwords."  So we not only have 53 passwords that should be unique, they should all be really tricky to guess.  That also makes them tricky to remember.


Sure, there are all kinds of solutions security vendors offer right now, like SSO.  SSO has got to be one of the most complicated simple solutions ever.  Every app demanding authentication, it's still scary hard to satisfy them all, including those legacy apps who had their own ideas about passwords.  Then there's the old "keys to the kingdom" issue, where with SSO if the bad guy compromises the SSO password they get into everything.


At the most basic level, authentication is about proving you are who you say you are.  Given human frailties at remembering 53 complex and unique passwords, second factor authentication becomes attractive.  Traditional second factor authentication, where you have to provide two proof points, can include something you know, like a password, something you are, like a fingerprint or retinal scan, and something you have, like a token.  With the second factor, the risk of a weak password is reduced, making the game almost tolerable for a human.  You can probably get away with a password you can actually remember with second factor authentication backing it up.


It's a good thing young, smart companies like Toopher are trying to fix this mess.   Computer authentication, at this point, remains tedious at best.  Personally, I'm looking forward to griping about how hard we had it back in the day, trudging 3 miles in the snow to the computer and then being challenged to prove I am who I say I am by every Tom. Dick and Harry application I happen to want to use.  Jeez.

trudging through the snow.jpg


On a more serious note, bad guys are doing a pretty good job with various tools and social engineering to pirate user passwords.  You might want to look at a SIEM solution for your business to watch for remote access attempts and failed access attempts. which are correlated with other anomalous behavior across the network, systems and apps to defeat the bad guys.  If that's the case, check out our Log & Event Manager product for 30 days free.




The New York Times is attributing the advanced persistent attack they experienced for the past four months to the Chinese government in this great article.  While the implications of the attribution are interesting, I found it more interesting that many companies are still thinking they are secure. They're thinking that anti-virus and firewalls are all you need for security.  The NYT deserves credit for their transparency on the issue, and it highlights the need to think differently about security.  This applies to every organization that owns a computer and considers their data and applications of business value.

 

NYT.jpg

In a CSO blog, Antone Gonsalves  writes, “There is no one technology to combat a sophisticated attack like the one against the media company – so think layers, say security experts.”

 

Security layers – it’s a way of thinking about security that does not involve relying on just endpoint security and firewalls.  10 years ago, maybe AV and perimeter firewalls, with a dash of user training might have sufficed.  Now, apparently, that’s not the case.

 

In his CSO blog, Antone points out several technologies to help address new corporate security needs. One of these is Security Information and Event Management (SIEM). He makes the point that capturing and analyzing logs from IT to flag abnormalities may be helpful in addressing these new, sophisticated attacks.  SolarWinds has an SIEM product in it’s portfolio – Log & Event Manager (LEM)

 

Despite LEM’s understated name, it is a full function SIEM product, including log collection, storage, analysis, real-time correlation and automated responses.  It includes over 700 rules and filters for security and compliance best practices, as well as over 300 pre-packaged rules.

 

It’s time to think security layers, and an SIEM may be a good next layer for you to consider.  Even if you are not currently in the position of having angry foreign countries crawling through your sensitive information, there are plenty of other security and compliance reasons to consider an SIEM.

failure.jpgFirst, buy SIEM software that is over-priced, blowing your budget for other business needs.   Focus on esoteric features that the vendor hypes, but that you do not need.  Select software that is extremely hard to use, configure and maintain.

 

Next, make sure the SIEM solution requires an entire team of security professionals to operate, eliminating any possibility of you sleeping or enjoying life.  The difficulty of the software must make rollout painful for your entire organization, and guarantee slower time-to-value.   Do not buy an SIEM that comes packaged with built-in rules and intelligence to help you.

 

If the SIEM vendor is counting on services revenue to bail you out after you buy it, that’s even better. Or, you can engage a third party – either way your budget will be sucked dry for years to come.


Finally, set up management with high expectations after all of these expenses.  Be sure to get a SIEM that makes management reporting painful for everyone involved, so that management has no idea about the value of the SIEM and develops a negative attitude about the project and you..

 

If you don’t like this scenario

Please consider a free trial of a sensible SIEM offered by SolarWinds – Log & Event Manager. It’s an understated SIEM that offers all the real time monitoring capabilities you need, pre-built security and compliance intelligence and easy reporting features.  It covers you “soup to nuts” – not just your network, but your apps, data and endpoints.  Try it and see if you don’t agree – it’s pretty darned easy, compared with your alternatives – unless you don’t like sleeping or enjoying life.


The trick is ignoring the hype, marketing and sales tactics vendors often use, and instead focusing on your business realities and needs.   When it comes to SIEM, this is critically important. 


Download a free 30 day license for Solarwinds Log & Event Manager


Graphic courtesy of :How to Become a Total Failure - The Ten Rules of Highly Unsuccessful People

Filter Blog

By date: By tag: