September 07, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« QuickTime Patches From Apple | Main | New Shield Protects the Internet »

March 08, 2007
Podcast: Too Much Information is a Security Risk - Q1 Labs' Solution



Download file

Introduction

In the following discussion with Brendan Hannigan, the Chief Operating Officer of Q1 Labs, Hannigan details how Q1 Labs utilizes the resources of New Brunswick University students to gather security information and engage in attack simulations that helps companies find out where they are at risk and exactly what to do if an attack occurs.

Q1 Labs' Partnership with New Brunswick University

Q1 Labs was founded out of the University of New Brunswick and have a lot of folks in the company who have been hired from the University as they graduate and then we continue to work with the academic department. In particular, the computer science department and very specifically Ali Ghorbani (Professor & Assistant Dean Faculty of Computer Science, UNB).

As we’ve been working with each other relative to recruiting etcetera, we both realized that while Q1 Labs is very innovative at developing security management products, there were some key areas in the security domain where some fundamental research would really help. We approached the Canadian Government with a proposal and based on that we all agreed that we could form this center of excellence around the whole area of security, research in the area of security, and then taking that research and applying it to commercial product particular of course to the Q1 Lab’s family of products which are security management products.

Current Student Focus

Anomaly Detection – Research in the area of behavior analysis and anomaly detection in networks. Understanding when unusual activity happens – how can we use algorithm to detect and automatically see that unusual activity.

Gathering Information to Enable Modeling and Simulation – Gathering information on security posture from a lot of different sources and then using that to do modeling and simulation of what might happen if an attack occurred of a particular type in a particular place; what might happen in the infrastructure so we can help companies get ahead of the security problem rather than constantly being reactive. And of course, to do that, there’s a lot of fundamental research on data collection techniques and algorithms to understand the whole problem and how to predict these types of attacks.

3 Key Emerging Threats

The nature of security is that it is always changing – there is always a threat here and a threat there, but there are three very important greater trends.

1. Companies have deployed many specific products to solve a specific problem. In some ways they have exasperated the problem by basically creating these very complex environments where there are many different products, there are many different sources of information, and they are becoming overwhelmed. That in and of itself has become a source of risk because it is so complex, threats are getting missed in the noise of all this information.

2. Very specific targeted attacks and threats. In the past somebody released a worm and it went crazy all over the and it went crazy in companies and caused downtime and it was vandalism. Now companies are releasing very targeted, specific pieces of software trying to collect specific pieces of information. We have helped our customers detect problems like botnets, sending information to countries that they really shouldn’t be sending information to. And we’ve detected other very insidious types of attacks which are targeted at getting information and quite frankly at making money.

3. Insider type activity, which is what’s happening inside a corporation as opposed to attacks coming from outside. That’s not necessarily watching what employees are doing, it is really watching what the computers are doing. These computers are very powerful and they can become infected, so what are they doing inside the company that may be of great concern.

Reasons for an Attack Simulation

What you really want to do is capture the security posture of an organization now. So gather information about what type of activity is going on in the network, what type of protections are in place, where these protections are and how are particular assets protected, and how vulnerable are they to different types of threats.

The big concern is that when an attack occurs or something happens, and a particular asset gets compromised, there is obviously a question about type of information and type of ability that asset has. The even bigger question is that, now that that asset is compromised, how further inside the organization can that asset now be used to attack other parts in the organization.

One of the key areas of this research is to look at how can you gather all this information, understand the exposure if a particular asset is compromised. Understand what else it can do, because now I understand what’s going on in the environment and how it’s configured. These assets are highly sensitive because if they do become compromised they open up the entire business.

One of the key cornerstones of the research is determining what if something happens to this asset, and what is the impact.

Q1 Labs’ Security Solution

Q1 Labs aggregates information up from the entire infrastructure and Q1 Labs is unique in this regard. Bringing information in from the network to gather user activity on the network. Who is communication to whom for what. Q1 Labs also aggregates up security information as in: what events are being alarmed from the different security devices, and then Q1 Labs applies algorithms on top of the information so they can distill down the important items that must be acted upon.

What that boils down to is, for one financial institution, that means in one 24 hour period Q1 Labs gathered 770 million events related to user activity, 16 million events related to security activity and security notifications, alarms, and status, and we boiled that down to 5 high priority things that enterprise customers need to look at and take action on.

Summary

Q1 Labs provides a security command-and-control consol, a network security management solution that helps companies detect threats they would otherwise miss, a solution that really reduces the amount of information that companies need to look at, one that helps companies comply with industry policies and regulations, and lastly, Q1 just helps enterprises save money through more efficient operations.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1516

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
The Future of Application Servers in the Enterprise & IBM WebSphere Application Server V7
Date: Sep 10, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
How to Get a BPM Initiative off the Ground
Date: Sep 16, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map

Live Chat