Over the past 18 months, there’s been a clear increase in the volume and types of security threats for businesses with internet-facing activities. Many of these are directed at individual users through techniques like phishing, but we’re increasingly seeing bad actors targeting service providers as a way to maximise their attack potential and reduce the effort that it takes to be able to compromise large volumes of users.
We’ve noticed that many large organisations or government departments have security and privacy policies, but no protocols in place to actively monitor and respond to understand their areas of vulnerability, and no way to actively identify, monitor and respond to the security threats that continue to proliferate.
Apart from the way a breach would affect any of our clients’ perceived trustworthiness, there are also serious consequences for Australian organisations who don’t comply with privacy laws or who are found to have mismanaged credit card payments. Breach reporting is mandatory in Australia, however many organisations don’t even know they’ve had a breach until their data turns up on the internet, or they’re the subject of an embarrassing news story.
Some of our clients think that they’re maintaining adequate security because they have in-house IT staff, firewalls and they do a regular compliance audit. However, their staff can only be effective when they have a method to actively detect and respond to threats, firewalls are a blunt instrument to keep people out or allow them through, but which don’t give you information about attempted access or unauthorised activities, and compliance audits done after the fact will detect any breaches too late.
We’ve been using AlienVault at Symbiote to identify and monitor all of the security vulnerabilities that could threaten our clients’ web-facing environments. Since we’re intimately acquainted with the entire architecture of our clients’ set-ups, and we use open-source tools like Silverstripe, AlienVault is the best tool we’ve found for providing live reporting on threats, so attacks or any unusual behaviour can be managed by the client’s own IT team. If there is a breach, AlienVault immediately provides essential information to block the attack and identify what was accessed. We can also set up automated rules to deal with similar kinds of threats in future.
To sum it up, these are the features we like most about AlienVault:
AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.
We think it’s an enormous advantage that AlienVault is backed by AT&T, as this means that they’ve got the money to keep up their development effort and ensure that their product remains a front-runner when it comes to detecting and managing all kinds of contemporary threats.