Event log strategy
October's feature on SIM entitled Get It Together correctly highlighted the fact that many tools on the market tout themselves as panaceas for compliance. The reality is that no tool could effectively address all needs across different regulations and network configurations. Yes, buyers should be wary of any tool that promises quick compliance plus laundry service, the dishes and vacuuming. Instead, they should look for tools modular enough to synthesize into whatever organizational approach is decided upon for compliance.
Also, buyers should be aware that SIM is a multi-phase process. In fact, SEM is one of those phases, or perhaps more accurately, a subset of SIM. Event logs -- not just the security log -- provide the granular data or intelligence for an effective SIM strategy. Managing these logs is itself a big job, and true log "management" should be interpreted as monitoring, collecting, auditing and reporting. Only when the data is interpreted and a security incident defined or identified can that incident be correctly managed.
Event Archiver, a component of such a management strategy, was inaccurately named in the article as a tool that "track[s] changes made to Microsoft Windows' Active Directory user-profile service." Event Archiver is instead a tool that collects and centralizes log data for future auditing and reporting purposes. Acting alongside our Event Alarm and Event Analyst tools, both event logs and syslogs can be collected, reported against and used for response to and management of security incidents.
Robert A. Milford, chief software architect, Dorian Software Creations, Inc.
Need credit fraud plan
I read your October issue and very much enjoyed the article, Tactics, strategy and the CSO. Davidson made some excellent points about perimeter defense. There is no "in" or "out" anymore, and anyone who places complete faith in them does so at their own peril. If you question this statement then read "Zotob's Day" or "Taking the pain out of patching." If firewalls and perimeter security are so effective then why is there a mad rush to patch internal network servers when vulnerabilities come out? The perimeter is very permeable and declining in its effectiveness.
I then read your cover story, How Visa made a safer internet. The first of their 12 commandments is "Install and maintain a firewall configuration," with the rest having to do with policy and enforcement. Am I missing something here? VISA is essentially saying, "Stay the course and continue to rely on technology which is clearly being shown to be declining in its effectiveness."
This is just my opinion, but it is ridiculous to put VISA or any other credit card company on a pedestal as being forward thinking as far as security is concerned. Although the credit card industry more or less dismisses fraud statistics based on the small percentage of total transactions it represents, it's still a very large number. What is the correlation between credit card fraud and identity theft? Which came first?
Fraud has been brewing and growing for sometime now and the credit card industry has had an enormous amount of time to come up with an effective plan to combat it. Yet it takes Card Systems to jolt them, and what do they come up with, "maintain a firewall configuration." The credit card companies don't necessarily try to stop fraud; they just try to stop it as quickly as possible once it has started.
Lance Edelman, ceo, Identity Verification Systems
Portability breeds leaks
Remote working is a reality. Taking files home has also become commonplace. This is potentially great news for productivity, but raises a number of serious security issues. There has been much talk in the press of data theft within companies. Frequently untraceable, it has often been attributed to the downloading of corporate files onto portable media devices.
Therefore, in the area of home working -- the transfer of data in and out of the corporate network -- there are significant flaws. Over two million home workers could equate to over two million corporate information leaks. It is vital that firms have a policy to control, access and manage devices, particularly for those users who work from home.
By implementing a concrete set of guidelines, businesses can take advantage of the home working revolution and avoid any potential security disaster.
Matt Fisher, vp, EMEA, Centennial Software Ltd.
In your October issue, the mobile encryption product group test seems to take as a given that a third party product is both necessary and adequate to secure the data held on a laptop. The test report devotes little to the level of protection afforded by the product or needed by the user.
Windows XP Pro includes the integral Encrypted File System feature. is your tester's view that it would not be as secure as the reviewed products - if so, on what basis?
How owould the reviewed products rate against EFS as a baseline - twice as secure, a hundred times as secure, etc?
Chris Broughton, by email