Forgot your password?

+ - Why is security so hard? Really bad reports.->

Submitted by
chicksdaddy writes "Our understanding of threats improves with each day. The tools we use to secure our systems have also improved over time – antivirus software, firewalls, application firewalls, intrusion detection, data leak prevention, and so on. And yet, when we look at the data, there’s not much evidence that better understanding and better tools are leading to better security. Why?

How about 'bad reporting?" In a conversation with The Security Ledger, Grier, the founder of Grier Forensics, said that, despite a wealth of security data, the security industry’s approach to analyzing it is immature. A respected forensics expert who presented a technique on using stochastic forensics to spot insider data theft at the 2012 Black Hat Briefings, Grier's latest project is developing a notion he calls “security paintings:” a way to distill disparate security metrics into easy to digest information.

He says classical data reports often fall into the same traps. “High level data is interesting, but low-level data is credible,” Grier said. “We need both, but we don't seem to be able to reconcile the two.” At a minimum, reports should draw the reader’s attention to the information that’s the most important to them. Humans have evolved to look for anomalies in their environment and to focus on them, but reports often fail to identify patterns in the data flag anomalies, he said.

One problem may be that its the developers, themselves, who design reports, rather than the users who are the audience. “The developers--the people who are the most familiar with the tables and data and database schema --are developing the reports. Tthey develop reports based on what they’re thinking about. Their perspective is ‘I’m a developer. I’m storing the data in this table. Let me show this table to you!’ They’re not thinking about it from the perspective of a security professional which is ‘I want to know X. What is the best way for me to present it to you?’"

Good security reports should be like "bouquets" Grier said — taking low level events (the flowers) and assembling them into mid- and then high level groupings that are easy on the eyes. If nothing else, reports should do the job of making data understandable and easy to act on. “The whole point of a report is to get a human involved,” he said. “One of the basic observations I made is that, for any kind of security control, if its obvious enough for a computer to make a decision about it, you don’t need a report,” Grier said."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Why is security so hard? Really bad reports.

Comments Filter:

If you're not part of the solution, you're part of the precipitate.