SlideShare ist ein Scribd-Unternehmen logo

Audit Log Protection: Avoiding a False Sense of Security

N
Nbukhari

Evolving digital evidence laws, the changing IT landscape and the reliance on audit log data has the is causing financial losses and a false sense of security for organisations

Technologie
1 von 14
Audit Trail Protection: Avoiding a False Sense of Security Nadeem Bukhari CISSP, CISM VP of Product Strategy Kinamik Data Integrity S.L. Tel Mobile: +34 628 629 322 Tel Office: +34 931 835 814 Email: nbukhari@kinamik.com Website: http://www.kinamik.com
- 2 - Data Integrity  Data integrity is data that has a complete or whole structure. All characteristics of the data including business rules, rules for how pieces of data relate, dates, definitions and lineage must be correct for data to be complete http://en.wikipedia.org/wiki/Data_inte grity  integrity - the property of safeguarding the accuracy and completeness of assets [ISO/IEC 13335-1:2004] Data QualityData Security
- 3 - Audit Trails Evolution  Audit trail collection, preservation and reporting regulatory and compliance demands  e.g. PCI DSS, FISMA, FDA 21 CRF Part 11, EU DRD, SoX, SEC 14a, ISO27001,..  Audit logs are company records.  SIEM & Log Management Market  Worldwide revenue for SIEM was $663.3 million in 2008 and is expected to grow to $1.4 billion in 2013” IDC  Estimated growth of audit trails  average overall data volume growth rate reported is just over 30% per year. Aberdeen  Mobile market data growth exponential Credit for image: jscreationzs
- 4 - Audit Trails Issues  Which audit trails to collect?  Over collection  Too Many Alerts  Evolving attack signatures  Inconsistent data formats  Developers need to know the audience i.e. security, compliance, LOB...  Differing retention requirements  Excessive storage costs  Liabilities
- 5 - Audit Trails Security  Changing audit trails knowledge is in the mainstream  Security perimeter to the data element  NOT near real-time protection false sense of security  “system logs need to be protected, because if the data can be modified or data in them deleted, their existence may create a false sense of security.” ISO27001
- 6 - Audit Trails Preservation  Digital Evidence  American Express Travel Related Services Co. Inc. vs Vee Vinhee  Lorraine v. Markel American Insurance Company  California v Khaled  BS10008 – Evidential Weight and Legal Admissibility of Electronic Information  NIST SP 800-92 - Guide to Computer Security Log Management  “In cases where logs may be needed as evidence, organizations may wish to acquire copies of the original log files”
- 7 - Audit Trails and the Cloud  High value target  The service provider admins have access?  You cannot control below the hypervisor  Service Provider Developers  Focus on Service first  Do not know the entire audience  Access to logs contain Multi-tenant information  Incident Response/ Forensics  Can you gather evidence?  Will the audit log data’s authenticity be provable?
- 8 - The Depth of Secure Logging  M.Bellare and B.Yee – Forward integrity for secure audit logs (1997)  Bruce Schneier/ John Kelsey - Secure Audit Logs to Support Computer Forensics (1999)  J.Holt – Logcrypt: Forward security and public verification for secure audit logs (2006)  Rafael Accorsi – Safekeeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges (2009)  Transmission Phase - Origin authentication, message confidentiality, message integrity, message uniqueness, reliable delivery  Storage Phase - Entry accountability, entry integrity, entry confidentiality  Jeff Jonas (IBM Chief Scientist) / Markle Foundation - Implementing a Trusted Information Sharing Environment: Using Immutable Audit Logs to Increase Security, Trust, and Accountability (2006)  “Immutable audit logs (IALs) will be a critical component for the information sharing environment” #MAC DATA + Metadata #MAC= #MAC DATA + Metadata #MAC= #MAC DATA + Metadata #MAC= DATA + Metadata #MAC= …
- 9 - Audit Trails Integrity – Things to consider  Batching audit trails (e.g. file)  windows of opportunity for undetectable manipulation  Single change = maximal loss  Near real-time protection  Makes undetectable tampering very difficult  Sequential (chronology) – Great for digital evidence  Key´s protection – What if they are compromised?  Overheads  Performance  Storage  Broken Crypto Algorithms – Tool need to be able to change
- 10 - Audit Trails Availability  Retention period by audit trail needs to be definable  Tiered storage – Online only gets expensive  Degradation/ de-commissioned
- 11 - Audit Trails Confidentiality Issues  Access Control  Vulnerable to privileged accounts  Segregation  Collusion  Encryption  Only for confidentiality
- 12 - Non-Repudation  Not possible to - deny the truth or validity of something  “A service that provides proof of the integrity and origin of data”  “An authentication that with high assurance can be asserted to be genuine.”  Identity Assurance + Assured event  End to end trust/ Chain of custody  Ethics – Non-repudation is inevitable, use the technology to support privacy policy
- 13 - Conclusion  Audit trail evolution brings greater reliance  Digit Evidence evolution brings doubt in current authenticity controls  Granular/ real time data Integrity protection brings data centricity Controls  Cloud computing environments thrive with data centric protection
- 14 - Nadeem Bukhari CISSP, CISM VP of Product Strategy Kinamik Data Integrity S.L. Tel Mobile: +34 628 629 322 Tel Office: +34 931 835 814 Email: nbukhari@kinamik.com Website: http://www.kinamik.com

Empfohlen

Certificate Locker.docx
Certificate Locker.docxCertificate Locker.docx
Certificate Locker.docxAnbuShare
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
How Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsHow Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsWSO2
 
Block Chain Record Management
Block Chain Record ManagementBlock Chain Record Management
Block Chain Record ManagementCharles Moore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
What Is "Secure"?
What Is "Secure"?What Is "Secure"?
What Is "Secure"?Peter Coffee
 

Empfohlen

Certificate Locker.docx
Certificate Locker.docxCertificate Locker.docx
Certificate Locker.docxAnbuShare
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
How Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsHow Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsWSO2
 
Block Chain Record Management
Block Chain Record ManagementBlock Chain Record Management
Block Chain Record ManagementCharles Moore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
What Is "Secure"?
What Is "Secure"?What Is "Secure"?
What Is "Secure"?Peter Coffee
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
Uganda Cloud Computing Panel
Uganda Cloud Computing PanelUganda Cloud Computing Panel
Uganda Cloud Computing PanelCommonwealth Telecommunications Organisation
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Seclore
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationRichard Blech
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreSeclore
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
Bloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009Ulf Mattsson
 
Oregon Approves Ethics Opinion on Cloud Computing
Oregon Approves Ethics Opinion on Cloud ComputingOregon Approves Ethics Opinion on Cloud Computing
Oregon Approves Ethics Opinion on Cloud ComputingOregon Law Practice Management
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security Seclore
 
Block chain health record
Block chain health recordBlock chain health record
Block chain health recordCharles Moore
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for TitusSeclore
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustrySeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 
MCA certificate
MCA certificateMCA certificate
MCA certificateNarasingarao Battalapalli
 
MROGERS QUAL 109 CERT
MROGERS QUAL 109 CERTMROGERS QUAL 109 CERT
MROGERS QUAL 109 CERTMisty Rogers
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Seclore
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationRichard Blech
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreSeclore
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
Bloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009Ulf Mattsson
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security Seclore
 
Block chain health record
Block chain health recordBlock chain health record
Block chain health recordCharles Moore
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for TitusSeclore
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustrySeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 

Was ist angesagt? (20)

Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
Uganda Cloud Computing Panel
Uganda Cloud Computing PanelUganda Cloud Computing Panel
Uganda Cloud Computing Panel
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
 
Bloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sbBloombase storage-protection-entrust-hsm-sb
Bloombase storage-protection-entrust-hsm-sb
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data Protection
 
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
New York Metro ISSA - PCI DSS Compliance - Ulf Mattsson 2009
 
Oregon Approves Ethics Opinion on Cloud Computing
Oregon Approves Ethics Opinion on Cloud ComputingOregon Approves Ethics Opinion on Cloud Computing
Oregon Approves Ethics Opinion on Cloud Computing
 
NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security NIST Compliance & Data Centric Security
NIST Compliance & Data Centric Security
 
Block chain health record
Block chain health recordBlock chain health record
Block chain health record
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for Titus
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical Industry
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
 

Andere mochten auch

MROGERS QUAL 109 CERT
MROGERS QUAL 109 CERTMROGERS QUAL 109 CERT
MROGERS QUAL 109 CERTMisty Rogers
 
RIWC_PARA_A037 National Grid and Employability
RIWC_PARA_A037 National Grid and Employability RIWC_PARA_A037 National Grid and Employability
RIWC_PARA_A037 National Grid and Employability Marco Muscroft
 
Ali al matri vct
Ali al matri vctAli al matri vct
Ali al matri vctibri4ever
 
Science work samuel madison & q
Science work samuel madison & qScience work samuel madison & q
Science work samuel madison & qsonicgood3
 
1.juniper_ss16 photoshoot campaign
1.juniper_ss16 photoshoot campaign1.juniper_ss16 photoshoot campaign
1.juniper_ss16 photoshoot campaignAditi Mishra
 
الإبتلاء
الإبتلاءالإبتلاء
الإبتلاءTaha Rabea
 
Roommatefax Inc. Pitch Deck
Roommatefax Inc. Pitch DeckRoommatefax Inc. Pitch Deck
Roommatefax Inc. Pitch DeckSteve Wolf
 
Изменена подведомственность ряда ГУПов Ставропольского края
Изменена подведомственность ряда ГУПов Ставропольского края Изменена подведомственность ряда ГУПов Ставропольского края
Изменена подведомственность ряда ГУПов Ставропольского края Анатолий Крячко
 
wasim UAE BSAK project ex.wates
wasim UAE BSAK project ex.wateswasim UAE BSAK project ex.wates
wasim UAE BSAK project ex.watesWASIM AKHTAR
 
Leadership Lessons from Antarctic Expedition
Leadership Lessons from Antarctic ExpeditionLeadership Lessons from Antarctic Expedition
Leadership Lessons from Antarctic ExpeditionTathagat Varma
 
From Continuous Integration to Continuous Delivery and DevOps
From Continuous Integration to Continuous Delivery and DevOpsFrom Continuous Integration to Continuous Delivery and DevOps
From Continuous Integration to Continuous Delivery and DevOpsLuca Minudel
 
Εισαγωγή στη Δραματική Ποίηση
Εισαγωγή στη Δραματική ΠοίησηΕισαγωγή στη Δραματική Ποίηση
Εισαγωγή στη Δραματική Ποίησηmvourtsian
 

Andere mochten auch (19)

MCA certificate
MCA certificateMCA certificate
MCA certificate
 
MROGERS QUAL 109 CERT
MROGERS QUAL 109 CERTMROGERS QUAL 109 CERT
MROGERS QUAL 109 CERT
 
Certificate of Training
Certificate of TrainingCertificate of Training
Certificate of Training
 
Drake
Drake Drake
Drake
 
La era digital en la unión europea
La era digital en la unión europeaLa era digital en la unión europea
La era digital en la unión europea
 
RIWC_PARA_A037 National Grid and Employability
RIWC_PARA_A037 National Grid and Employability RIWC_PARA_A037 National Grid and Employability
RIWC_PARA_A037 National Grid and Employability
 
Jeep 8.28.49 am
Jeep 8.28.49 amJeep 8.28.49 am
Jeep 8.28.49 am
 
Ali al matri vct
Ali al matri vctAli al matri vct
Ali al matri vct
 
Science work samuel madison & q
Science work samuel madison & qScience work samuel madison & q
Science work samuel madison & q
 
1.juniper_ss16 photoshoot campaign
1.juniper_ss16 photoshoot campaign1.juniper_ss16 photoshoot campaign
1.juniper_ss16 photoshoot campaign
 
الإبتلاء
الإبتلاءالإبتلاء
الإبتلاء
 
Decreto 014 de 2015
Decreto 014 de 2015Decreto 014 de 2015
Decreto 014 de 2015
 
Anexos informe final
Anexos informe finalAnexos informe final
Anexos informe final
 
Roommatefax Inc. Pitch Deck
Roommatefax Inc. Pitch DeckRoommatefax Inc. Pitch Deck
Roommatefax Inc. Pitch Deck
 
Изменена подведомственность ряда ГУПов Ставропольского края
Изменена подведомственность ряда ГУПов Ставропольского края Изменена подведомственность ряда ГУПов Ставропольского края
Изменена подведомственность ряда ГУПов Ставропольского края
 
wasim UAE BSAK project ex.wates
wasim UAE BSAK project ex.wateswasim UAE BSAK project ex.wates
wasim UAE BSAK project ex.wates
 
Leadership Lessons from Antarctic Expedition
Leadership Lessons from Antarctic ExpeditionLeadership Lessons from Antarctic Expedition
Leadership Lessons from Antarctic Expedition
 
From Continuous Integration to Continuous Delivery and DevOps
From Continuous Integration to Continuous Delivery and DevOpsFrom Continuous Integration to Continuous Delivery and DevOps
From Continuous Integration to Continuous Delivery and DevOps
 
Εισαγωγή στη Δραματική Ποίηση
Εισαγωγή στη Δραματική ΠοίησηΕισαγωγή στη Δραματική Ποίηση
Εισαγωγή στη Δραματική Ποίηση
 

Ähnlich wie Audit Log Protection: Avoiding a False Sense of Security

Kinamik Cloud Governance
Kinamik Cloud GovernanceKinamik Cloud Governance
Kinamik Cloud GovernanceNbukhari
 
Martin Vliem (Microsoft): Met vertrouwen naar de cloud
Martin Vliem (Microsoft): Met vertrouwen naar de cloudMartin Vliem (Microsoft): Met vertrouwen naar de cloud
Martin Vliem (Microsoft): Met vertrouwen naar de cloudContent Guru Benelux
 
Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?loglogic
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
7-Software_Development_Security.pptx
7-Software_Development_Security.pptx7-Software_Development_Security.pptx
7-Software_Development_Security.pptxVijayalakshmiSudarsa
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyUlf Mattsson
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-DataHatime Araki
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 

Ähnlich wie Audit Log Protection: Avoiding a False Sense of Security (20)

Kinamik Cloud Governance
Kinamik Cloud GovernanceKinamik Cloud Governance
Kinamik Cloud Governance
 
Martin Vliem (Microsoft): Met vertrouwen naar de cloud
Martin Vliem (Microsoft): Met vertrouwen naar de cloudMartin Vliem (Microsoft): Met vertrouwen naar de cloud
Martin Vliem (Microsoft): Met vertrouwen naar de cloud
 
Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?
 
Security audit
Security auditSecurity audit
Security audit
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
7-Software_Development_Security.pptx
7-Software_Development_Security.pptx7-Software_Development_Security.pptx
7-Software_Development_Security.pptx
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-Data
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 

Kürzlich hochgeladen

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Kürzlich hochgeladen (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Audit Log Protection: Avoiding a False Sense of Security

  • 1. Audit Trail Protection: Avoiding a False Sense of Security Nadeem Bukhari CISSP, CISM VP of Product Strategy Kinamik Data Integrity S.L. Tel Mobile: +34 628 629 322 Tel Office: +34 931 835 814 Email: nbukhari@kinamik.com Website: http://www.kinamik.com
  • 2. - 2 - Data Integrity  Data integrity is data that has a complete or whole structure. All characteristics of the data including business rules, rules for how pieces of data relate, dates, definitions and lineage must be correct for data to be complete http://en.wikipedia.org/wiki/Data_inte grity  integrity - the property of safeguarding the accuracy and completeness of assets [ISO/IEC 13335-1:2004] Data QualityData Security
  • 3. - 3 - Audit Trails Evolution  Audit trail collection, preservation and reporting regulatory and compliance demands  e.g. PCI DSS, FISMA, FDA 21 CRF Part 11, EU DRD, SoX, SEC 14a, ISO27001,..  Audit logs are company records.  SIEM & Log Management Market  Worldwide revenue for SIEM was $663.3 million in 2008 and is expected to grow to $1.4 billion in 2013” IDC  Estimated growth of audit trails  average overall data volume growth rate reported is just over 30% per year. Aberdeen  Mobile market data growth exponential Credit for image: jscreationzs
  • 4. - 4 - Audit Trails Issues  Which audit trails to collect?  Over collection  Too Many Alerts  Evolving attack signatures  Inconsistent data formats  Developers need to know the audience i.e. security, compliance, LOB...  Differing retention requirements  Excessive storage costs  Liabilities
  • 5. - 5 - Audit Trails Security  Changing audit trails knowledge is in the mainstream  Security perimeter to the data element  NOT near real-time protection false sense of security  “system logs need to be protected, because if the data can be modified or data in them deleted, their existence may create a false sense of security.” ISO27001
  • 6. - 6 - Audit Trails Preservation  Digital Evidence  American Express Travel Related Services Co. Inc. vs Vee Vinhee  Lorraine v. Markel American Insurance Company  California v Khaled  BS10008 – Evidential Weight and Legal Admissibility of Electronic Information  NIST SP 800-92 - Guide to Computer Security Log Management  “In cases where logs may be needed as evidence, organizations may wish to acquire copies of the original log files”
  • 7. - 7 - Audit Trails and the Cloud  High value target  The service provider admins have access?  You cannot control below the hypervisor  Service Provider Developers  Focus on Service first  Do not know the entire audience  Access to logs contain Multi-tenant information  Incident Response/ Forensics  Can you gather evidence?  Will the audit log data’s authenticity be provable?
  • 8. - 8 - The Depth of Secure Logging  M.Bellare and B.Yee – Forward integrity for secure audit logs (1997)  Bruce Schneier/ John Kelsey - Secure Audit Logs to Support Computer Forensics (1999)  J.Holt – Logcrypt: Forward security and public verification for secure audit logs (2006)  Rafael Accorsi – Safekeeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges (2009)  Transmission Phase - Origin authentication, message confidentiality, message integrity, message uniqueness, reliable delivery  Storage Phase - Entry accountability, entry integrity, entry confidentiality  Jeff Jonas (IBM Chief Scientist) / Markle Foundation - Implementing a Trusted Information Sharing Environment: Using Immutable Audit Logs to Increase Security, Trust, and Accountability (2006)  “Immutable audit logs (IALs) will be a critical component for the information sharing environment” #MAC DATA + Metadata #MAC= #MAC DATA + Metadata #MAC= #MAC DATA + Metadata #MAC= DATA + Metadata #MAC= …
  • 9. - 9 - Audit Trails Integrity – Things to consider  Batching audit trails (e.g. file)  windows of opportunity for undetectable manipulation  Single change = maximal loss  Near real-time protection  Makes undetectable tampering very difficult  Sequential (chronology) – Great for digital evidence  Key´s protection – What if they are compromised?  Overheads  Performance  Storage  Broken Crypto Algorithms – Tool need to be able to change
  • 10. - 10 - Audit Trails Availability  Retention period by audit trail needs to be definable  Tiered storage – Online only gets expensive  Degradation/ de-commissioned
  • 11. - 11 - Audit Trails Confidentiality Issues  Access Control  Vulnerable to privileged accounts  Segregation  Collusion  Encryption  Only for confidentiality
  • 12. - 12 - Non-Repudation  Not possible to - deny the truth or validity of something  “A service that provides proof of the integrity and origin of data”  “An authentication that with high assurance can be asserted to be genuine.”  Identity Assurance + Assured event  End to end trust/ Chain of custody  Ethics – Non-repudation is inevitable, use the technology to support privacy policy
  • 13. - 13 - Conclusion  Audit trail evolution brings greater reliance  Digit Evidence evolution brings doubt in current authenticity controls  Granular/ real time data Integrity protection brings data centricity Controls  Cloud computing environments thrive with data centric protection
  • 14. - 14 - Nadeem Bukhari CISSP, CISM VP of Product Strategy Kinamik Data Integrity S.L. Tel Mobile: +34 628 629 322 Tel Office: +34 931 835 814 Email: nbukhari@kinamik.com Website: http://www.kinamik.com