IT Security Rewind – Week of September 19
September 23, 2011 | Uncategorized | CyberArk
by Josh Arrington
It was another interesting week for IT security professionals, with numerous developments, breaking stories and breaches to follow. But before we dig in to this week’s Rewind—we wanted to wish a warm farewell to Dave Kearns, who wrote one of final pieces for the penultimate edition of the Network World Identity Management newsletter. We wish Dave well with his analyst role at Kuppinger-Cole—where he’ll continue to provide us with keen security insights!
APT: In Review – It’s never easy to put together a “lessons learned” type of piece when it involves a sensitive and well-documented security attack, but Pacific Northwest National Laboratory CIO Jerry Johnson did a great job at the recent InformationWeek 500 conference. Johnson developed a presentation that described the APT attack against his company with such details as “when the intruders tried to recreate and elevate account privileges, this action triggered an alarm, alerting the lab’s cybersecurity team…” It’s information like this that can help all security professionals better prepare themselves and anticipate vulnerabilities.
Is “SIEM dead as claimed?”—To no surprise, questions like these usually provoke responses of all types. As Computerworld reported, a recent survey “conducted with senior security professionals at Global 5000 and federal organizations” found that “SIEM has joined signature-based technologies on the ash heap of IT history.” However, advocates for SIEM, like Dr. Anton Chuvakin of Gartner disagree—stating that while SIEM is not a tool that should be used primarily to prevent attacks, it’s still an important monitoring technology.
Access Rules –InfoSecurity provided more background on the $2.3 billion UBS fraud case this week. While details are still swirling, it’s clear that this is another example of a trader acting beyond authorization in a highly regulated market. While the article delves deeper, calling for tighter monitoring and controls, the question remains: If access and risk management controls and processes were in place, how were the traders able to circumvent them?
Anything we missed? What stories have you been following? Let us know!