About Brandie

  • Website: https://www.busymakingplans.com
  • Email: email
  • Biography: I am a Geek Working Mom, sometimes a bit cranky, sometimes brilliant, sometimes not (I have many blond moments), trying to make sense of life. :)

Posts by Brandie:

0

Cloud “shiny rocks” and your SOC

Posted by Brandie on March 20, 2016 in Information Security |

Original post for HPE Security Research Blog 5/4/2015

I love the cloud. What could be better than access to my data from a beach, my phone in Las Vegas, or just between work and home without the need for a massive laptop hard drive? What’s not to love?

Until someone mentions cloud security and reality crashes the party. Working with security operations centers (SOCs ) and SIEM implementations, companies call saying, “we are moving (some mission-critical corporate asset) to the cloud; do you know a good security provider for that?” Yes —  you. Who cares more about your data than you? We know your CISO went to a meeting, and a great cloud-SOC shiny rock distracted him. But you must be strong; you’ve got this.

At RSA last month, Mark Russinovich, the CTO of Microsoft’s Azure cloud offering, gave a presentation on cloud security, citing real examples from internal users of Azure. His first example highlighted the good and the bad possibilities with cloud implementations. In the incident he described, a company VM that was compromised. Once the customer was contacted and they reviewed logs, it was discovered that the A/V  had been disabled from  the VM and the logs were coming into the company butnot fed into their SIEM. This oversight was why they did not notice the A/V disable event.

My focus here is on the logs and your SIEM. Most major cloud providers have mechanisms to return logs to the customer from their services. You do not need a special cloud version of a SOC; these are logs, the same logs you deal with all day, every day. Bring them into your infrastructure and feed them into your SIEM. The difference may be in your asset tagging, as the IPs may have a different destination; the source IPs, however, should be identical to current threat traffic. Once an event is identified as cloud, you may wish to manually change the event prioritization based on the cloud data type or service criticality.

What I have seen too many times is a situation in which  a cloud solution chosen because it is expected to be faster and easier to implement than the on-premises solution. The danger in these deployments points to the earlier example miss. In the breakneck pace at which cloud applications are deployed, someone remembered to involve security and get the logs ported back inside. However, no one followed up with the SIEM team or the SOC to ensure someone was actively monitoring the deployment. A good cloud deployment project plan must include security steps all the way through SOC monitoring to avoid these scenarios.

A good deployment project plan for any service deployment or sensitive data should include security steps through SOC monitoring — but today is about the cloud. With new cloud directives and obvious public threat vectors, it is vital to get log monitoring buy-in. Use Mark’s example in your next cloud deployment meeting and give the SIEM  a chance to right past log gathering and monitoring wrongs. I believe in a SOC/SIEM renaissance with the cloud; this is our time to shine.

Tags: , ,

0

Think like a bad guy: Know your environment

Posted by Brandie on March 20, 2016 in Information Security |

Original post for HPE Security Research Blog 7/29/2015 Security teams often lament the lack of support from IT or application owners in identifying critical assets. The logic statement goes something like this: if we don’t know what is important, we don’t know what to protect. This frustration is an example of the buzzword context. Without […]

Tags: , , ,

0

If you build it, will it be the Security Operations Center (SOC) you need?

Posted by Brandie on March 20, 2016 in Information Security |

Original post for HPE Security Research Blog 9/1/2015 Growing up, my mom used to tell me, “You get the guy you think you deserve.” Luckily, I found one who is better than I deserve, but the same principle applies to many aspects of life. During a conversation at Black Hat, an insurance organization security manager […]

Tags: , ,

0

Geeks and Cooking

Posted by Brandie on September 23, 2011 in Technology |

It is kind of funny to see how geeks approach cooking. I tend to follow the recipe, just like an install, step 1, then 2 etc. If you do the steps out of order, it might work, but why take the chance. I grabbed yet another cookbook the other day, Cooking for Geeks which is a […]

Tags: , ,

0

Up-day down-day eating

Posted by Brandie on September 21, 2011 in General Drivel |

Those of you that know me might say I can be a bit fanatical. Focusing on something, getting completely absorbed, etc. I am on a new diet and I have to say I love it. (Disclaimer one…Obviously I am not advocating everyone try it, and before you start any diet please consult your physician- isn’t […]

Tags: , ,

0

Geek Post Alert: LulzSec aka Hacker group of the month

Posted by Brandie on June 27, 2011 in Information Security |

I have been pretty quiet on the whole LulzSec fiasco. Mostly because I feel like the traffic cop shouting “Nothing to see here, move along…” This is the hacking group du jour. That’s it, nothing special. They claim they have done some things that should set them apart (did they really hack the CIA)? Here […]

0

Birthday thoughts

Posted by Brandie on June 15, 2011 in General Drivel |

I would be the first to admit I have been floundering and way behind on posting anything. To that end, I decided, if you don’t consider a birthday, kind of a watershed moment much like New Year’s Eve we would only get to right our deficiencies once a year. Now, I don’t know about you but my […]

0

Geek Post Alert: Security Info for Consumers

Posted by Brandie on May 19, 2011 in Information Security |

In the last couple of weeks several things have come out that directly apply to consumers. So I thought I would point out a few of them for your awareness. 1) iPhone  iOS Update: A couple of weeks ago Apple released an update for your iPhones. One of the fixes is the location tracking item I […]

0

Entertainment & Netflix

Posted by Brandie on May 17, 2011 in General Drivel, Technology |

My hairdresser is famous. Ok, well, maybe famous is pushing it. He has done work in Hollywood for many years, including on my favorite TV series as the principle hair stylist. I only tell you this to set the stage (haha get it). 😉 He was working on my hair Sunday, yes he works Sundays […]

0

Have you seen these?

Posted by Brandie on May 12, 2011 in General Drivel |

I live under a rock. Really. Those Geico people are my neighbors and if it doesn’t have something to do with technology or infosec or recently cooking then I haven’t heard. CNN needs a service where they text you stuff going on, new slang words, the latest designers with links to their logos so if you […]

Copyright © 2011-2024 Busy Making Plans All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.