Live From GalaxZ 16: The Link Between Monitoring and Security

Jason Anderson, Director of Engineering Services at Datalink, gave a great presentation that illustrates one of the many concepts outlined in Brian Kelly’s Keynote, addressed in my earlier blog: “Live From GalaxZ 16: Complexity Is The Enemy of Security”.

Jason started by using a metaphor around aviation’s dependence on meteorology. During the 70s and 80s, 40% of airline crashes were due to microbursts. Airliners had radar and other meteorological sensors, but were unaware of the dangers of microbursts until 1985 when an airliner crashed at DFW. The sensor data finally showed the relationship and the NTSB quickly took action to prevent crashes due to microbursts.

Now, you may be asking “How does this relate back to monitoring and security?” Well, in this metaphor, the aviation experts are your security team. They have plenty of sensors, radar and other devices they use to watch for threats. The meteorology team is your monitoring team. Meteorology understands the weather patterns and can see potential microburst scenarios. Similarly, your monitoring team understands the system and service architecture, the workloads used, and keeps the monitoring up to date with auto discovery of new devices.

With this information, the monitoring team can provide real-time information on various threats and patterns that the security team needs, but may not have been aware of. For example:

  • Unplanned server reboots often indicate and are part of a security breach
  • Increased discards on security device interfaces can indicate a potential breach
  • Increased activity on edge interfaces may indicate a potential DDOS attack
  • Increased traffic on file servers could be a malicious attack and could be a target for ransom-ware
  • Detection of critical security service failures such as firewalls and IDS
  • URL testing on Web Content Filters from different locations to continuously verify the working status

These are just some examples of how monitoring can serve security with information to tighten down the dynamic perimeter of services delivered from private and public clouds.

 

Please provide your email address below to subscribe and enjoy reading updates right from your inbox!