Security

How effective is your security monitoring?

Can you police the policing?

Jon Collins Mon 26 Jul 2010 // 10:03 UTC

Workshop Poll For many organisations, the litmus test for IT security effectiveness is whether or not security breaches are reduced as a result. Security monitoring should help, but modern environments are complex and multi-faceted, and it can be difficult to determine how much is down to the tools, and how much is down to other factors such as policy.

In this quick poll, we want to get to the bottom of the effectiveness question, both in terms of monitoring itself, and whether resulting environments are any more or less secure. It's mostly tick-and-bash so grab a virtual pen and it should take no more than five minutes of your time, we'll feed your responses into the mill and have the results back to you in no time!

READER POLL: HOW EFFECTIVE IS YOUR SECURITY MONITORING?

1. To what level do you monitor and/or detect security breaches in relation to any of the following?

	Via ad hoc manual checks	Via regular manual checks	Via automated analysis (post event)	Via automated alerting (real time)	No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

2. To what level do you monitor unsuccessful attacks on such systems?

	Via ad hoc manual checks	Via regular manual checks	Via automated analysis (post event)	Via automated alerting (real time)	No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

3. Where do you predominantly run the following systems/apps?

	Predominantly run in-house	Predominantly hosted by a third party	Roughly 50:50 split between the two	N/A
Desktop systems
Email systems
Corporate website
Core business apps

4. Do you specifically monitor and keep track of any of the following user related exposures as opposed to simply dealing with issues as they arise and then forgetting about them? (Please tick all that apply)

Losing laptops/mobile equipment provided by IT dept
Losing personal laptops/mobile equipment
Losing removable storage devices e.g. USB sticks, data cards etc provided by IT dept
Losing personal storage devices e.g. USB sticks, data cards etc
Sending confidential info out of the organisation via email
Taking confidential info out of the organisation via removable storage devices/CDs etc
Accessing dodgy websites
Connecting to unknown or insecure WiFi hotspots
Other (please specify)

5. How happy are you that your monitoring capability provides adequate protection for the organisation in the following areas?

	Very happy 5	4	3	2	Not at all happy 1
Desktop
Email
Mobile equipment
Corporate website
Core business apps
User related exposures
Other (please specify)

6. Do you have policies in place to deal with user related security issues in the following areas? (Please tick all that apply)

Safe use of mobile devices
Safe use of the Web
Safe use of email
Handling and storage of electronic data
Privacy assurance and identity protection

7. Which of the following do you have in place to investigate security issues when they occur? (Please tick all that apply)

Formally defined policies & procedures within IT
Formally defined policies & procedures within the business
Comprehensive logs of system related activity
Forensic tools for investigating systems related activity
Disciplinary procedures for irresponsible employee behaviour
Other (please specify)

8. How much is compliance a driver for implementing monitoring capabilities?

	Major driver 5	4	3	2	Not a driver at all 1

9. To what degree have the following been an issue over the past 6 months?

	Major issue 5	4	3	2	Not an issue at all 1
Application downtime
Low level security issues e.g. spam
High level of desktop support requests
External security breaches
Internal security breaches (including data leakage)
Accidental data loss
Accidental data leakage
Other (please specify)

10. In terms of investment what priority is given to IT security monitoring and management spend in your organisation?

One of the highest priorities
Important, but second to many other investments
Minor importance, fairly low down the list of priorities
Unsure
N/A – Invested heavily in the past

11. Which of the following criteria do you take into account when making procurement decisions about security tools? (Please tick all that apply)

Vendor stability
Third party certification
High marks in comparison reports
Industry analyst endorsement
Functional assessment
Third party opinion
Media/online reviews
Other (Please specify)

12. Finally, do you have any advice that you can give with respect to monitoring security solutions?

BEFORE YOU GO

13. Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 50 employees
50 to 250 employees
250 to 1,000 employees
1,000 to 5,000 employees
5,000 to 10,000 employees
Over 10,000 employees

14. Which of the following best describes your organisation?

Energy & Utilities
Financial Services
Healthcare
Hi-Tech
Manufacturing
Oil & Gas
Pharmaceuticals
Central/Local Government
Retail & wholesale
Professional services
Telecommunications
Travel & Transportation
Other (please specify)

Narrower topics

Corrections Send us news

Other stories you might like

Cisco EVP: We need to lift everyone above the cybersecurity poverty line

It's going to become a human-rights issue, Jeetu Patel tells The Register

Jessica Lyons Hardcastle Mon 6 Jun 2022 // 22:50 UTC

RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.
"It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote.
"This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said.

Continue reading
What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm

The next wave of security maturity is measuring effectiveness, she told The Register

Jessica Lyons Hardcastle Thu 9 Jun 2022 // 23:00 UTC

RSA Conference When Sandra Joyce, EVP of Mandiant Intelligence, describes the current threat landscape, it sounds like the perfect storm.
The threat intelligence firm, which is being acquired by Google Cloud, made its annual cybersecurity predictions for the year ahead. And this year, they all materialized at once.
"We predicted supply-chain attacks four years ago," Joyce said, in an interview with The Register at the RSA Conference. "We predicted deployment of wipers during wartime. And now we're watching all of these things happen at the same time, and in amounts that are greater than ever and at frequencies of scale that are more than ever."

Continue reading
Intel offers 'server on a card' reference design for network security

OEMs thrown a NetSec Accelerator that plugs into server PCIe slots

Dan Robinson Wed 8 Jun 2022 // 13:30 UTC

RSA Conference Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.
The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.
According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

Continue reading

Makers of ad blockers and browser privacy extensions fear the end is near

Overhaul of Chrome add-ons set for January, Google says it's for all our own good

Thomas Claburn in San Francisco Wed 8 Jun 2022 // 06:26 UTC

Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.
Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.
The anticipated result will be fewer extensions and less innovation, according to several extension developers.

Continue reading
Apple gets lawsuit over Meltdown and Spectre dismissed

Judge finds security is not a central feature of iDevices

Thomas Claburn in San Francisco Thu 9 Jun 2022 // 20:30 UTC

A California District Court judge has dismissed a proposed class action complaint against Apple for allegedly selling iPhones and iPads containing Arm-based chips with known flaws.
The lawsuit was initially filed on January 8, 2018, six days after The Register revealed the Intel CPU architecture vulnerabilities that would later come to be known as Meltdown and Spectre and would affect Arm and AMD chips, among others, to varying degrees.
Amended in June, 2018 the complaint [PDF] charges that the Arm-based Apple processors in Cupertino's devices at the time suffered from a design defect that exposed sensitive data and that customers "paid more for their iDevices than they were worth because Apple knowingly omitted the defect."

Continue reading
Threat and risk specialists signal post-COVID conference season is back on

Well, we'll see in a week or so

Iain Thomson in San Francisco Fri 10 Jun 2022 // 19:25 UTC

RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.
The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.
The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it's a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

Continue reading

US cyber chiefs: Moving to Shields Down isn't gonna happen

Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'

Jessica Lyons Hardcastle Wed 8 Jun 2022 // 06:58 UTC

RSA Conference A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added.
"There'll never be a time when we don't defend ourselves –— especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal.
"Now, we all know that we can't sustain the highest level of alert for an extensive period of time, which is why we're thinking about, number one, what's that relationship that government needs to have with the private sector," Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.

Continue reading
Feeling highly stressed about your job? You must be a CISO

'The attack surface has expanded exponentially' during the work-from-home pandemic, says one

Jessica Lyons Hardcastle Sat 4 Jun 2022 // 07:49 UTC

Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.
For its annual Voice of SecOps Report, the endpoint security biz commissioned a poll of 1,000 senior-level security professionals in the US, UK, Germany and France.
It found that although 91 percent of those surveyed experience at least a low-degree of work-related stress, and almost half (46 percent) of those professionals claimed their stress levels had risen over the past 12 months, their root causes differed based on their jobs. While six percent of all professionals claim to be "highly stressed" due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent.

Continue reading
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence

One option: Take the thing offline until Friday patch applied

Simon Sharwood, APAC Editor Fri 3 Jun 2022 // 00:28 UTC

Updated Atlassian has warned users of its Confluence collaboration tool that they should either restrict internet access to the software, or disable it, in light of a critical-rated unauthenticated remote-code-execution flaw in the product that is actively under attack.
An advisory dated June 2, 1300 PT (2000 UTC), does not describe the nature of the flaw, and reveals "current active exploitation" has been detected. No patch is available.
The flaw is present in version 7.18 of Confluence Server, which is under attack, as well as potentially versions 7.4 and higher of Confluence Server and Confluence Data Center. Version 7.4 is a long-term support edition.

Continue reading
World Economic Forum wants a global map of online crime

Will cyber crimes shrug off Atlas Initiative? Objectively, yes

Jessica Lyons Hardcastle Fri 10 Jun 2022 // 21:27 UTC

RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.
The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.
This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers.

Continue reading

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Do not sell my personal information Cookies Privacy Ts&Cs

Topics

Vendor Voice

Resources