224 ◾ Security Strategy: From Requirements to Reality
Lifecycle (SDL), detention and alerting mechanisms, and a Common Collection and Dispatch
(CCD) architecture supporting the commonality of data formats, transport protocols, and storage
technologies.
SDL promises improved application security through the use of a set of development practices
designed to reduce or eliminate exploitable vulnerabilities. However, the industry is just beginning
to adopt it. e results from the use of SDL at Microsoft have been impressive. However, SDL
does have to overcome some challenges: First, it has substantial start-up costs, and second, existing
SDL standards don’t address the application functionality needed for generating evidentiary audit
trails, or the active detection of malicious activity at the application level. Without this functional-
ity, our ability to respond to incidents in a timely manner is seriously hampered, as is evidenced by
the number and extent of breaches.
Most existing responses to application-level attacks are based on passive detection (the review
of application logs); this is ineff ective because it is based on after-the-fact information. e attacker
has a prolonged period of time to cause damages. Applications need to be updated to support
active detection, so responses can be in real time; this is the most eff ective way to limit damages.
is may be some time in coming; in the interim, the real-time scanning of application logs for
malicious activity is a way to improve response times. Response is also hampered by a lack of
commonality in data formats, transfer protocols, and storage technology. We have proposed a
conceptual architecture (CCD) to address this issue. CCD facilitates security responses by collect-
ing data, making it conform to a standard format, and storing it on a common platform. CCD
enhances the responder’s ability to understand events and direct accurate responses. CCD also
enhances security reporting capabilities to management and customers.
Response is a fi rst principle in security tactics. e ability to respond to and resolve security
incidents rapidly is essential to eff ective security management. Most organizations have an orga-
nized incident response capability. But response is only as eff ective as the detection and alert-
ing mechanisms that drive it and the quality of information that is being provided to it. Rapid
response must be one of your key security strategies for two simple reasons: It is a fi rst principle
of security, and it is the most visible function that security provides. When security controls work
well, nothing bad happens, and it is hard to show value based on nothing! Response is the one
component of security that is very visible. If done well, it’s one of the best demonstrations of the
value security brings to the organization.
TAF-K11348-10-0301-C011.indd 224TAF-K11348-10-0301-C011.indd 224 8/18/10 3:11:05 PM8/18/10 3:11:05 PM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.