What’cha Reading? Three Must-Buys for Every Organization

Featured

457877853It’s that time of year again.

The kids are back in school – well, at least they are here in the South – and we all have our sights set on Labor Day, and the last hurrah of summer. (If only Atlanta weather would acknowledge this day, and temperatures would miraculously drop on September 2.)

So, how was your summer? How did you do on your reading list?

While I did better than last year, I still didn’t make a dent in my list. I read 3 “for fun” books and 2 “for work” books (with 1 more in progress). And that’s without a trip to the beach. Six books in essentially six weeks… not too shabby (for me).

However, like this summer’s lineup of lackluster movies, the “for fun” books I read didn’t come close to living up to their reviews either. Continue reading

Heidi Biggar

Heidi Biggar

Marketing and IT Consultant, Data Protection and Availability Division at EMC Corporation
I’m often asked how a political science major at Tufts wound up in the IT world, covering backup, storage, virtualization and cloud of all things. Truth is, it’s really a love for learning, a need to understand the “bigger picture” and a desire to share that view with others that’s steered my path over the past 20 years, from campaign manager to editor, analyst and marketer. After hours, you’ll find me hanging with family, running 10ks through Peachtree City’s 90 miles of cart paths, watching football or reading. I’m a New England transplant enjoying life in the South. In my previous life, I also blogged for ComputerWorld, Enterprise Strategy Group and Hitachi Data Systems, but The Backup Window is my baby. It's been great watching it evolve.

The Right Ingredients For Staying Ahead of The Bad Guys

shutterstock_180545660

One of the common threads you hear about in major data breaches these days is that the victim’s security team had alerts or events that should have clued them into the fact an attack was underway. In today’s complex security infrastructures it’s not unusual to have security operators/analysts receiving tens of thousands of alerts per day! Security monitoring and incident response need to transition from a basic rules-driven eyes-on-glass SIEM capability to a big data and data science solution. I frequently speak with customers about how IT Security needs to be able to handle a lot more information than current SIEM tools can support, and one question that always comes up is “what information needs to be collected and why?”, so here we go.

To start with you still need to collect all of those alerts and events from your existing security tools. While maintaining eyes-on-glass analysis of each individual alert from every tool isn’t feasible, a security analytics tool can analyze and correlate those events into a group of related activities that can help an analyst understand the potential impact of a sequence of related events instead of having to slice and dice the events manually.

The second type of information is infrastructure context – what’s in the environment, how’s it’s configured, how it’s all related and what is its impact? The analytics system needs to understand what applications are running on what servers connected to which network and what storage. By having access to these relationships the analytics tool can identify the broad-based impact of an attack on a file server by understanding all of the applications that access that file server and weight the alert accordingly. Which brings up another critical point – assets need to be classified based on their potential impact to the organization (aka security classification). If the tool identifies suspicious sequences of activity on both a SharePoint site used to exchange recipes and an Oracle database containing credit card numbers but doesn’t understand the relative value of each impacted asset it can only present both alerts as being of equal impact and let the operator decide which one to handle first. So a consolidated, accurate, up-to-date and classified system of record view your environment is critical.

Events event logs from all of those infrastructure components are the 3rd type of information; not just security events but ‘normal’ activities events as well. This means all possible event logs from operating systems, databases, applications, storage arrays, etc. Given that targeted attacks today can almost always succeed in getting into your infrastructure, these logs can help the analytics tool identify suspicious types of activities that may be occurring inside your infrastructure, even if the events don’t fall into the traditional bucket of security events. Here’s an example – a storage administrator makes an unscheduled snapshot of a LUN containing a database with sensitive data on a storage array, then mounts it on an unsecured server and proceeds to dump the contents of the LUN onto a USB device. The storage array logs show that someone made an unauthorized complete copy of all of your sensitive data, but if you weren’t collecting and analyzing the logs from that storage array you would never know it happened.

The fourth type of information a security analytics tool needs is threat intelligence – what are the bad guys doing in the world outside of your environment. A comprehensive threat intelligence feed into the security analytics tool will allow it to identify attempted communications with known command and control systems or drop sites, new attack tools and techniques, recently identified zero-day vulnerabilities, compromised identities and a host of other information that is potentially relevant. A subscription-based solution is a great solution to this.

The final type of information an analytics tool needs are network packets. Being able to identify a sequence of events that points to an infected server is only the first step – the analyst then needs to determine when the infection occurred and go back and replay the network session that initiated the infection to identify exactly what happened. Think in terms of a crime investigation – with a lot of effort and time the CSIs may be able to partially piece together what occurred based on individual clues, but being able to view a detailed replay of the network activities that led up to the infection is like having a complete video recording of the crime while it happened. Again the goal is to provide the analyst and incident responder with complete information when the alert is raised instead of the having to spend hours manually digging for individual bits.

The volume of information and amount of effort necessary to quickly identify and respond to security incidents in today’s environment is huge, which is why big-data and data science-based tools are absolutely critical to staying ahead of the bad guys.

 

John McDonald
John McDonald is a Senior Architect in EMC's Trust Solutions Group, where he is responsible for developing and communicating trust-based solutions that encompass all of EMC's, RSA's and VMware's products. He has over 30 years of experience in the IT industry in general and IT Security in particular, and has worked extensively as a consultant, developer and evangelist across all industries and virtually all major areas of IT and security technology. He has spoken at dozens of industry and vendor IT and Security events, and has written over 20 whitepapers for EMC and RSA. John is also a CISSP and has held certifications in several other areas, including disaster recovery, Microsoft technology and project management.

IT’s New Dirty Little Secret

170443549
A colleague of mine recently came across an article I wrote when I was doing some consulting work for a data protection company nearly 10 years ago.

While it feels more than a lifetime ago that I wrote that piece, as I read through it, it struck me just how little some things have changed. It’s as if time has stood still… creating a pocket of inertia.

In fact, with only a few product/technology updates, a new title and a July 2014 time stamp, the piece could run today, likely without even an eyebrow raised. Heck, I’d go so far as to wager that if the article were to run, more than a few would chime in on the tape versus disk theme that runs through it.
Continue reading

Heidi Biggar

Heidi Biggar

Marketing and IT Consultant, Data Protection and Availability Division at EMC Corporation
I’m often asked how a political science major at Tufts wound up in the IT world, covering backup, storage, virtualization and cloud of all things. Truth is, it’s really a love for learning, a need to understand the “bigger picture” and a desire to share that view with others that’s steered my path over the past 20 years, from campaign manager to editor, analyst and marketer. After hours, you’ll find me hanging with family, running 10ks through Peachtree City’s 90 miles of cart paths, watching football or reading. I’m a New England transplant enjoying life in the South. In my previous life, I also blogged for ComputerWorld, Enterprise Strategy Group and Hitachi Data Systems, but The Backup Window is my baby. It's been great watching it evolve.

Shaking “IT” Up

Cocktail Shaker

In the event that you find yourself propping up a bar after a long, arduous day, you may have certain expectations of the service to be provided. Fast comes to mind, as does friendly, interactive, personalized and, ultimately, satisfying in the form of a well-crafted quality beverage. Ahhhhhh, that’s better!

When it comes to serving IT customers, today’s IT “bartender” is faced with some challenging orders. Patrons are too busy and don’t have time to wait. Or they’re on the move and are willing to forego the personal touch for a faster self-service solution. Orders for the “classic cocktail” are being replaced by demand for a custom blend of specialty ingredients.

So what is the recipe for meeting today’s technology needs and tomorrow’s technology wishes? In the world of artisan cocktails and IT services, there is no one-size-fits-all approach, so how do you select the perfect blend of ingredients to satisfy every taste?

Meet the professional mixologist. He/she is a maestro in the art and craft of mixing. An expert in the classics and a student of the new and exotic, he pushes the limits of the classic cocktail by experimenting with new ingredients and new combinations. The result is a product that is both crowd-pleasing and profitable for the business.

On a side note, my husband is a practicing mixologist (note the term “practice”) and likes to tempt me with subtle and not so subtle executions of his latest concoction. The results range from “wow” to “not now” and the perfect blend is still in the making.

I like to think of today’s IT professional as a technology mixologist. He needs to have intimate knowledge of his ingredients and know exactly what role each plays in an IT strategy or service. He needs to know how much to use, what it’s going to cost, how one interacts with another, how to store and protect the individual components, and the best way to guarantee a satisfied customer and a successful business outcome.

So what are the ingredients for a 100 proof data protection solution for today’s IT customer?

  • A full bar – breadth of technology and resources
  • Full service – coverage of data across applications, platforms and locations
  • Open all hours – provision for all service levels – from continuous availability to replication, snapshots, backup and archive
  • Self-service – optional levels of data protection delivered as a service
  • Customer-focused – delivering maximum business benefits based on customer needs
  • Progressive – deploying disruptive technologies to reduce cost and complexity
  • Shaken not stirred – tighter integration with data sources and tools

This robust blend will ensure that your data protection strategy is not on the rocks. See you at the bar … or maybe the pub!

Lesley MacDonald
Data protection is my new gig, and I’m digging it! Prior to joining EMC’s DPAD marketing team, my past life was focused on elevating the voice of brands, ranging from Unix operating systems to bagged lettuce and a motley collection of cross-industry products and services. Now inspired by EMC’s vision and thought leadership, my blogger persona is salivating at the prospect of the “next big thing,” and the opportunity to watch things unfold through EMC’s market strategy and positioning.