Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Thursday, December 16, 2010

On the Benefits of Combining Security Analytics with SIEM Solutions

In previous posts of mine I discussed the importance of Security Information and Event Management (SIEM) solutions in providing organisations with compliance and assurance capabilities, hence improving organisation’s situational awareness.

I often referred to these solutions as based on a bottom-up approach, i.e. starting from the collection of data, correlations and subsequent deductions of alarms, trends and analysis of organisation’s risk exposure.

In other posts I compared and contrasted this approach against the top-down approach provided by Security analytics (in particular in the IAM space – “HP Labs Identity Analytics – What is this all about?”), where models and simulations are used to provide strategic decision support. These models need to be grounded by using empirical data.

I actually believe that these two approaches can be combined to get greater benefits:

  • A key part of Security Analytics activities, is to identify the most relevant parameters, measures and metrics relevant to assess risks, provide suitable decision support and what-if analysis. Now, this information can be used to drive the configuration of SIEM solutions, by recommending which measures and metrics to focus on and their impact in enabling risk assessment and deductions;
  • SIEM solutions can collect, aggregate and process large amounts of data. This capability can be used to provide up-to-date empirical data to fuel Security Analytics models;
  • Finally, Security Analytics can be used to provide strategic decision support in the area of event and incident management, situational awareness compliance. By modelling and simulating processes related to the collection and manipulation of data, correlation of information, deduction, incident and change management, it is possible to explore the presence of potential weaknesses, faults and check for the appropriateness of the allocated resources. This would help to inform security policies and investments


Related to the third point, Security Analytics can enable the exploration of questions such as: “Are the current SIEM investments and related processes appropriate?”; “Am I focusing on the collection of the relevant data? Are my processes adequate to detect and handle specific threats?”; “What are the consequences of changing some of the processes/investing more in specific solutions and resources?”


I indeed believe that an interesting R&D area to work on is exploring how to leverage and combine these two approaches.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

HP Information Security, Security Analytics and IAM

As mentioned in a previous post, HP Information Security has been recently launched.

Security Analytics is one of the new services provided in the context of Business Ready Security Innovation.

Aspects of the work done by HP Labs in the space of Identity Analytics - i.e. applying Security Analytics to the Identity and Access Management space - have been factored in this service:

“By combining our research and practical experience in information security, we are able to offer repeatable, short-term engagements that help you address the people, process, policy, and technology involved in your security management. These engagements cover two key areas:

  • Vulnerability and threat management (VTM)
  • Identity and access management (IAM)

Through these consultations, we’ll explore your (VTM or IAM) system, with prediction and “what-if” capabilities, get a shared multi-stakeholder understanding of the business and security trade-offs, and give you the analytics you need for justified decision-making.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Launch of HP Information Security and Security Innovation.

HP Information Security has been recently launched. It includes security consulting, security technology, security outsourcing and security innovation.
Some more details about HP Information Security’s “Security Innovation”:
“Together with HP Labs, we lead the market for security innovation, helping you gain competitive advantage and improve service quality through the innovative application of technology.
HP Information Security solutions offer you innovations that are business ready—that we know will deliver significant financial and operational benefits to help move your business forward. Thanks to our unique pedigree in innovation, we’re able to identify future information security issues and create resolutions today. That way, our solutions can spend months being tested and improved before they are ever needed by you.
We're driving information security innovation every day through initiatives like our Chief Information Security Officer (CISO) Club, Information Security Leaders event and our security benchmark research projects.
In conjunction with HP Labs and our clients, we use our insight to deliver relevant research and development that can then be fully incubated across a variety of clients before it is deemed Business Ready Security Innovation. Examples include:


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Digital Risk Report – Managing Digital Risks: Trends, Issues and Implications

Produced by Lloyd's and HP labs, this report suggests that companies are facing a wide range of sophisticated attacks: http://www.lloyds.com/News-and-Insight/360-Risk-Insight/Digital-Risk
“With technology changing rapidly and increasingly sophisticated attackers adapting quickly to the new digital environment, the cyber threats facing business are becoming more complex and growing every day. Companies need to take action now to tackle this threat and make digital risk a board-level concern.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---