Security Comprehension

Too much information is a persistent problem in the world of information security. We’re buried under threat intelligence feeds, noisy alert systems, not to mention the steady drumbeat of news on the latest breach or exploit. Add to this the requirements to understand locations of increasing large caches of dispersed data on rapidly evolving and shifting systems, and it is easy to understand why the typical Information Security function is buried under a torrent of information.

Of course there is a long line of vendors offering solutions to all of the aforementioned issues. These usually boil down to visualization tools such as dashboards, and automation tools providing some sort of information filtering capabilities. Some of these are very good, but what is missing is a tool that allows us to start organizing ourselves holistically in such a way that anyone on a security team can walk into an environment and quickly understand what is going on.

In a world in which we are suffering information overload, most of what we do is reading and interpreting what is going on, not actually fixing things. We’re visual creatures, we can make sense of changes and patterns intuitively. We need tools that take advantage of that evolutionary trait by displaying a real-time survey of our environment, allowing us to find an opportunity to improve, make the improvement, watch its effects on the environment and do it all in real time.

With this kind of tool you can deliver security continuously, adaptively and reliably, but you’ll never reach that kind of productivity unless there is an easy way to grasp the global structure of our protection mechanisms and locations of our sensitive data. Unfortunately our security tools are based on specialization where we compartmentalize our tasks and dependencies to some siloed process.

Without proper vizualization of the entire environment we are left relying on things to continue working the way they always have and are at the mercy of unanticipated changes. To combat information overload we need a virtuous cycle where the effects of small adjustments and enhancements are immediately known to the entire security team. Watching the effects of changes gradually causes one to learn an environment’s internals and dependancies, and this learning empowers one with the confidence to make critical changes on a short time-scale.

A tool to keep track of our inputs, new signatures, new connections, new alerts to suspicious activity, new hardware, matched with intersections with our sensitive data, and the flow of that data are the things we need to be able to visualize in its entirety. This might sound like science fiction but given our overwhelming torrent of incoming information, without it we are going to continue to lose the war.


Now read this

Running Psycopg2 and Python on OSX 10.6.8

I just wasted my weekend getting psycopg2 running on OSX 10.6.8. These things always seem easy at first but rarely work out that way. There are lots of posts pointing to a similar problems to the one I experienced but none offered a... Continue →