In the last couple of weeks we have seen two major outages of large internet behemoths.  One was the mammoth Amazon EC2 Cloud services environment, which experienced a significant outage last week that was attributed to a “network glitch”.  The other has been the extended outage and subsequent rebuild of the Sony PlayStation Network. In the latter case, the network was a victim and target of what is now reported to be a serious exposure of private consumer information affecting a countless number of people.  In  Amazon’s case, their outage has proven to be quite the embarrassment, since that the services cater to enterprise clients and surely even brief interruptions can be revenue-impacting events.  Amazon’s incredible capacity has been said to be impossible to bring down, and as recently as December 2010, an effort by the group Anonymous tried to take the service down unsuccessfully.  Adding to Amazon’s woes is a breaking report that some of Amazon’s client data has been permanently destroyed. A common thread between these services is that they represent high-value targets of information that the worst of the “dark cloud”, hacking groups, foreign organizations, and other nefarious entities will continue to attack. Many of the reasons for the sustained and growing number and complexity of these attacks are not difficult to understand.   As I alluded to in a previous post here at Silicon Angle, threats are increasing at an increasing volume and varied nature. 

Some of the key challenges in these computing environments can be summed as follows:

Emerging vulnerabilities – Each and every day the security community is faced with some evolution of existing vulnerabilities along with new ones.  Maintaining and overseeing the volume of systems that run these environments to address these is a voluminous task

Network complexities – Large clouds of decentralized information throughout the country pose a significant obstacle for the security community.  Provisioning and security for the wide spans of network and system environments falls on the expert abilities of a few and requires more work to deploy than most entities can provide to this task.

New tools – Hackers, intruders, cyber-espionage and the sort are constantly evolving and deploying new tools for their purposes.  In the case of recent “hacktivist” groups, such as Anonymous, it is relatively very easy to singularly and collectively launch very sophisticated and often overwhelming attacks using very easily distributed tools.  These tools are often shared via file trading networks.  Another vector is the “zombienets” that are created and propagate through various malware to thousands if not millions of systems on the internet and can be turned against a target of value.

Cyber-enforcement- Adding to these problems are the limited resources to discover, investigate, and prosecute offenders.  Entities of this sort are very hard to discover and their methods of obfuscation are quite often sophisticated.

Methodology and Error – In the case of Amazon’s outage, the cause of this issue is this unspecific error.  Be it human or other error, this perfectly illustrates the potential danger and risk that is constantly present.   This alludes to resources, both technological and personnel and also methodology.  Examples of methodology are process, validation, monitoring, amongst several others.

Unfortunately, because of the vast complexities involved with regulations, a good deal of time in the security space is dedicated to compliance, auditing, and policy.  While these are altogether amongst the most pressing needs in computing environments today, the scope of security continues to expand exponentially beyond the traditional computing model.  The genie is out of the box in terms of increasing models and platforms for mobility and a return to thin-client, cloud computing models as well as application delivery.  As the enterprise landscape shifts, a fundamental change in focus in the enterprise security industry is taking place that is centered around data protection.  Basic security for systems, endpoint protection, IDS, IPS, malware and all those things that are traditionally considered in the security realm should be a given.  It should be already done.  Today’s security needs to go beyond that.  Many organizations are struggling to prioritize and balance these elements of security, when in reality it must all be practiced, lest the lifeblood, reputation and intellectual property be compromised.

I recently had a discussion around these events with Bill Roth, Chief Marketing Officer (and technical evangelist) at LogLogic, of San Jose, CA. LogLogic is a specialist in the field of log management and SIEM.  Their flexible suite of products are geared towards enterprises and evolving needs across the spectrum of enterprise security.  Their products are able to provide accurate, rapid identification and alert on compliance violations, policy breaches, cyber-attacks, and insider threats.  In the world of Security Information and Event Management (SIEM), relevant analysis of data is one of the most important features required for an effective security strategy. Roth states :

“ In all of these incidents, when it comes to forensics- one of the most significant tasks is asking “How can they be sure of what happened and what is going on right now?”  “How can we ensure that data has not been lost?” – Time after time we see stories of compromises, the result of hacking efforts and “computer mischief”.   That’s where intelligent logging systems provide a vital tool for the enterprise to deal with these questions.”

This week the company announced their endorsement of the Seventh Annual SANS Log management Survey. Within the survey were several key findings.  Among these was a statistic that 89% of organizations now collect data in one form or another for purposes of security, forensics, or compliance business drivers.  Another interesting point was that only 10% reported collection as their most significant problem.  This confirms the evolution of a formerly cumbersome issue where  organizations dealt with the volume and proper analysis of collected data.  Organizations in the enterprise continue to enjoy significant value from log systems and the dynamic ability to search and analyze these sources of information.  Along the spectrum a number of tools actually provide valuable troubleshooting assistance, which a number of organizations are starting to employ, according to the survey.   Information from across a variety of endpoints such as network equipment, computers, mobility, servers, databases and much more are logged, searchable, indexed, and archived. Systems such as LogLogic provides add a needed and significant tool in the infrastructure of any enterprise with data to protect.

Within the enterprise and as cloud adoption increases, the risks are ever greater and the basic tenets of security are more important than ever before.  Add to that a responsibility of organizations to protect corporate data as well as that of the consumer, and we have an overwhelming mountain of challenges in computing today.  Dynamic, intelligent tools for analysis, trending, and forensic operations such as SIEM systems add a powerful tool to the arsenal of the enterprise today.  If computing has any presence in the cloud, or on the net in any form,  organizations must consider all of the above, be ready to adapt to emerging threats with resources, and continue to ensure the integrity of information in order to survive these increasing challenges.  We will find out more about what happened and how this affects both Sony and Amazon in the near future.