lightework design

Category: Uncategorized

  • What is a SIEM tool?

    What is a SIEM tool?

    A Security Information and Event Management System (SIEM) combines the security management of information and events into dashboard graphical user interfaces which display an aggregation of data, including anomalies and alerts within the system (Gillis & Rosencrance, 2022). Beyond a SIEM tool’s detection capability, it can also take reasonable action based on events or notify other controls to change status after a suspicious event. SIEM tools collect data from logs of many different host systems which can then be viewed in a navigable graphical user interface, processes and events can be correlated with timestamps and alerts, suspicious activity can be quickly detected based on preset parameters. SIEM tools streamline the data analysis process that large companies face by drawing attention to only the most important alerts, events, and problems; and automating some of the resolution processes so that a security solution can be expedited.

    SIEM are helpful tools for organizing security defense and cyber responses for corporations because they provide a centralized perspective that is built by continuously analyzing the data associated with all users, business assets, events, and interactions (“What Is Security Information…,” 2022). Security teams in corporations can have the most relevant and conclusive information about their network operations in a convenient, “single pane of glass” display. SIEM alerts allow corporate management to become aware of time-sensitive anomalies within the network that could be potentially dangerous and costly if not immediately handled appropriately with the aid of an aggregation of relevant information involved in the decision-making processes. SIEM tools’ interfaces allow a flexible range of customization that can suit many purposes of managing assets within a corporation. User behavior patterns can be analyzed in forensic investigations or audits, which is equally useful to corporate management as real-time monitoring and legal or regulatory compliance.

    An example of a SIEM is SolarWinds SIEM made by SolarWinds (“SIEM Tools,” n.d.). The application’s primary purpose is to provide a centralized point of access for logging, threat analysis, response, and reporting. The price of a SolarWinds SIEM subscription starts at $2,877; the company also offers a fully functional 30-day trial of the software. The capabilities of this SIEM software are log collection, the ability to quickly find and focus on relevant information, and to assist in creating an improvement to reaction time to identifying suspicious behavior. SIEM software such as SolarWinds SIEM allows a broad scope of an organization’s security posture to be visualized and studied in a real-time graphical user interface environment so that an organization can mitigate security threats, improve compliance, and optimize their defense strategy. SIEM tools can help distinguish between data and and external threats, make updated decisions based on past data, and automate many processes that save valuable time in each stage of an effective cyber security strategy.

    References

    SIEM Tools. SolarWinds. https://www.solarwinds.com/security-event-manager/siem-tools

    Gillis, Alexander S.; Rosencrance, Linda. (2022, December). Security Information and Event Management (SIEM). TechTarget.https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM

    (2022, August 1). What Is Security Information and Event Management (SIEM)? Splunk.https://www.splunk.com/en_us/data-insider/what-is-siem.html

  • Why Organizations Use Risk Management Frameworks

    Organizations want to implement a risk management framework for the same reason that they would want to have insurance coverage or a security system. There are many different types of risks for which an organization can be liable, including hazard risk, financial risk, operational risk, and strategic risk. A risk management framework can provide a structured way to assess, organize, prioritize, and control risk, providing structured processes and contextual insight to organizations.

    The benefits of implementing a risk management framework include the ability to make more informed decisions, reduce costs by reducing the likelihood of incidents, and understand the potential threats that can affect the organization. A risk management framework can give an organization an advantage due to being designed to address regulatory compliance within the specific industry, as well as provide stakeholders with additional confidence and understanding of risk tolerance.

    The downsides of implementing a risk management framework include the need for an organization to interact with a high level of complexity, which also require large amounts of resources to be properly managed. Convincing an organization to adopt a risk management framework can be difficult to provide an accurate figure of return on investment that would clearly outweigh the difficulty and resource cost of adopting the framework.

    References

    Marker, Andy. (2021). Enterprise Risk Management Frameworks and Models. Smartsheet. https://www.smartsheet.com/content/enterprise-risk-management-framework-model

  • Quantum Computing & Cybersecurity

    What is quantum computing?

    Quantum computing represents the third era of computing hardware which emerged after analog and digital computers, and which applies the laws of quantum mechanics to the world of computer science. Instead of using a digital bit to store a binary state, a quantum computer uses a quantum bit (qubit) to store binary and indefinite states within the subatomic particle of the qubit. Quantum computers utilize laws of quantum mechanics such as quantum entanglement, using the probability of entangled particles being in a certain state at a specific moment in time to quickly solve complex problems that contain many possible solutions (Smith, 2021).

    Does quantum computing present a cybersecurity threat? If yes, why? If no, why not?

    The capabilities of a fully developed quantum computer would theoretically pose a massive cybersecurity threat to our current infrastructure. The quantum mechanical properties of the sub-atomic particles within a quantum computer allow for many possible solutions to a problem to be considered simultaneously, which leads to solving some types of complex problems much faster than is possible with classical computers. One of the most discussed ramifications of a fully functional quantum computer is the ability to quickly determine the two prime factors of large numbers because determining those key pairs would crack the types of public key encryption systems currently utilized by the world wide web (Denning, 2019). Once a quantum computer can reliably surpass the performance of classical supercomputers, the current methods of encryption will essentially begin to prove obsolete against an advanced quantum computer. Essentially, all current encryption algorithms can be solved by a computer given a long enough period but the keys that take classical computers years to crack can potentially be solved by quantum computers in a fraction of the time. Researchers are currently working to create new algorithms and forms of cryptography that can resist the potential attacks of quantum computers; as well as new forms of key exchange based on quantum hardware.

    What role would quantum computing have on cryptography?

    The role that quantum computing takes in cryptography involves its ability to consider the many possible solutions to a problem in parallel instead of one at a time (Evans, 2019). In a brute force attack, considering all possible solutions simultaneously would theoretically provide a solution exponentially faster. These game changing effects of quantum computers on offensive cyber security presently creates a pre-emptive need for quantum resistant encryption algorithms to combat the inevitable emergence of quantum powered brute force attacks in the coming quantum era of computing.

    One defensive solution that provides some peace of mind against quantum attacks is to simply use longer keys (Denning, 2019). Denning writes in American Scientist that a 128-bit key has the same protection against a classical computing attack as a 256-bit key has against a quantum computing attack utilizing Grover’s algorithm.

    What country is winning the quantum computing arms race?

    According to Smith (2021), the United States and China are headlining a race to fully develop the capability of quantum computing and be the first nation with the ability to bypass information security as we know it. Each of these world superpowers is supported by several companies that are pushing the leading edge of quantum computing technology by developing a variety of quantum computing solutions and hardware. China has already achieved some major milestones in quantum computing such as the first cloud-native quantum computing platform, obtaining a solution in a fraction of a single percent of the time that it would take the fastest supercomputer in the world to obtain, and combining quantum computing with artificial intelligence. The key to winning the quantum computing arms race is likely to reside in the amount of collaboration and funding between government organizations and private companies. Regardless of what nation wins the quantum computing arms race, there is an expectation to allow developing nations to access the power of quantum computing through a cloud service, thus providing a global benefit.

    What national security implications would quantum computing present to the US if China beats them?

    If China can beat the United States in the race to quantum supremacy, all US intellectual property as well as possibly some classified government level data could potentially be quickly compromised and leveraged toward the disadvantage of the United States’ government, businesses, and citizens (Schappert, 2023). The winner of the quantum computer race would also have the earliest access to further applications of quantum computing such as developments in medicine, physics, artificial intelligence, and machine learning.

    References

    Denning, D. (2019). Is Quantum Computing a Cybersecurity Threat? American Scientist. https://www.americanscientist.org/article/is-quantum-computing-a-cybersecurity-threat

    Evans, A. (2019). Managing Cyber Risk. Taylor & Francis. https://online.vitalsource.com/books/9780429614262

    Schappert, S. (2023). Quantum computing race explained: fast and furious. Cybernews. https://cybernews.com/editorial/quantum-computing-race-explained/

    Smith, C. (2021). Competing Visions Underpin China’s Quantum Computer Race Alibaba builds their own qubits, Baidu remains quantum hardware-agnostic. IEEE Spectrum. https://spectrum.ieee.org/alibaba-baidu-quantum-computer-race