Conrad Constantine, Research Team Engineer, AlienVault
Why is everyone so hyped over Big Data?
Possibly it’s because people are now realizing the power of Big Data.
The security industry has realized that log data is an incredibly rich source of information for detecting security intrusions, and has since developed a taste for more and more logs.
Log Correlation has since then followed as IT professionals realised that individual log entries by themselves meant very little, but when placed into context against one another illustrated more than just system-level events. They illustrated behavioral context — clusters of individual log lines which could be translated into records of human-readable actions.
Security is still in the early days of this science and practice of event correlation: Methods and results are rarely shared with the community, the target for what is effective keeps moving, and yet we’re already talking about Big Data.
Terror and Possibility
This is of course, the intersection of terror and possibility, as we transition from our first fumbling attempts to boil the ocean into a land populated by people who have been doing this stuff for a long time before us.
Vast databases of information being mined for emergent patterns and used to process simulations over and over are hardly new to the world — the finance, medical and aerospace industries have spent years in this realm. How is it, then, that the security world has not previously tapped into this pool of expertise before now to help us glean the knowledge lying dormant within our vast supplies of data? Quite simply, it’s because we still don’t know what questions to ask in the first place.
What’s Out There?
It’s worth performing a short recap on emerging Big Data technologies out there and why they differ from being just “large databases.” Although there are many implementations of these technologies, they all derive from two core functions: NoSQL and MapReduce.
NoSQL is a difficult beast to define even among the experts in that field. What you need to know up front as a security practitioner, however, is that NoSQL can be defined by:
- Lack of strongly structured schemas. Unlike an RDBMS, where the schema must we well-defined before data is stored and changes to that schema when live data is present becomes increasingly more unfeasible, NoSQL data stores may freely adapt the nature of the records they store over time.
- They are optimized for rapid retrieval of information at the possible expense of consistency of data (they do not comply to ACID). To wit, they are excellent systems with which to do analytical work but have inherent issues if treated as the authoritative repository.
Accordingly for the same audience, MapReduce’s key features are:
- The ability to perform information retrieval and calculation over a widely distributed data storage. A practical example would be that if individual devices had their log storage implemented in a MapReduce-capable manner, then a centralized log storage mechanism may no longer be required — a single query could be performed across all logs on all devices simultaneously.
- Inversely, a centralized storage may still exist but spread out over a computing grid of commodity hardware (indeed, this was the reason for Google’s (Nasdaq: GOOG) creation of MapReduce).
- Generally speaking, there is comparatively little need for the end-user to optimize their query sets to take advantage of MapReduce’s distributed nature.
So, we can immediately see some of the reasons these two technologies have raised excitement and promise to the information security world:
- Increased speed on complex queries across large quantities of data is a vital force-multiplier for security analysts; the ability to query every machine that has accessed a particular URI in the last 90 days in minutes (not hours or even days) cannot be overlooked.
- The flexibility to bring additional data to supplement existing records works in lockstep with the inherent nature of security information: that it is comparatively a domain of unstructured data. Freedom from data schemas that fail to take into account the information that is vital to the organization we are trying to defend will allow us to make better correlations and ask better questions from our data.
Between these two factors, we can see where the excitement comes from, and yet we still have to return back to the same issues we’ve struggled with before the advent of Big Data.
What Do You Want to Know?
We still aren’t very good at asking the right questions from our data.
In security analytics, it’s often the relations between the data (not the data itself) that is important. Just as detective work is a matter of “connecting the dots,” so are the relations between our data points for the true information (Log Correlation itself is about looking for and exposing those relations).
As IT professionals, we share a particular reticence to trust anything we didn’t do hands-on ourselves; as security professionals, this trait becomes magnified. Perhaps the fact that the concepts we are looking for (exposures, risks, threat surfaces) are so difficult to define that we are still stuck in the stone ages of bar charts and keyword searches when it comes to data analytics.
No amount of Big Data is going to save us until we can learn to formulate better questions for that data. Perhaps it’s time that we accepted that the problems we’re approaching now (trying to boil an ocean of data points into digestible information) is not unique to us. Information security as a discipline may have much to learn from other technology fields. It’s a tough pill to swallow when you think of how much we collectively berate the rest of IT as being the source of all our issues in the first place.
I’ll cut to the chase here: BioInformatics.
Bioinformatics places emphasis on discovering the nature of interactions and relations between their points of data, since this is intrinsic to how biology operates too. It won’t take long before you find a plethora of advanced (and aesthetically pleasing) visualization techniques being used to present and explore data relations, like the CIRCOS system.
BioInformatics has made great strides in distilling down complex data relationships into advanced visualization techniques that maximize the ability of human pattern recognition abilities to discern inferences that are difficult to make programmatically.
Ask better questions, discover relationships, create hypotheses and test them against more data; rinse, repeat — the scientific method.
Big Data will not magically enable us to discern better answers until we come up with better questions to explore the relationships between our data more thoroughly.
The field of log correlation could make great strides if were we to establish an open format for exchanging ideas for correlations in a vendor-neutral manner and collectively discuss what is effective within the field instead of how we operate today.
Information security is evolving into areas well explored within other fields. Our issues with discovering relations and implications from our oceans of unstructured data are at the heart of the field of complex event processing.
We’re moving into territory where we are not as alone as we think; if we are going to reap the benefits that Big Data promises and not let this become another failed fad, then we have to start overcoming our isolationist attitude and start inviting experts from other disciplines to join us and teach us how to use this new toolset.
Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution
SunTec’s GCC VAT compliance solution to help Ahli Bank automate end-to-end VAT compliance process, manage regulatory changes, and seamlessly integrate it with the existing IT ecosystem
SunTec, the world’s #1 relationship-based pricing and billing company and the provider of #1 GST and VAT compliance solution for Banks and Financial Services in GCC and India, has partnered with Ahli Bank, Oman, to provide its GCC VAT compliance solution.
The win is a landmark one for SunTec as it marks the 50th customer for its indirect taxation solution. SunTec has garnered 24 customers in India and this is the 26th customer in the Middle East to acquire the solution.
VAT is likely to be introduced in Oman in early 2021 and Ahli Bank has taken the proactive step of adopting a VAT compliance solution to ensure operational efficiency, enhance revenue, and augment customer experience.
Amit Dua, President – Client Facing Groups, SunTec, said, “We are delighted to partner with Ahli Bank, Oman in what marks a historic win, in their journey to ensure VAT compliance. We understand that the VAT landscape is evolving within the GCC, and therefore, our solution offers agility to respond to these changing regulatory requirements. With the Xelerate platform and GCC VAT compliance solution, Ahli Bank can digitize the entire VAT compliance process and comply with least number of changes to their existing technology infrastructure.”
He added, “VAT is a crucial step that the GCC countries have taken to implement tax regimes. It is imperative for banks and financial institutions to have a robust and scalable solution to accommodate their specific needs. Ahli Bank joins the list of more than 20 banks who have adopted our GCC VAT Compliance solution. I’m proud to say that approximately 3 billion transactions per annum are processed through our GCC VAT/ GST compliance solution across our client base.”
Said Abdullah Al Hatmi, CEO at Ahli Bank, added: “It is extremely crucial for us to be ready for VAT compliance. We are very happy to partner with SunTec to deploy GCC VAT compliance solution. With SunTec we will have a single solution in place covering all aspects of VAT compliance and we will be future-proofed given that any future regulatory changes will be handled by the solution with ease.”
SunTec’s GCC VAT compliance solution based on the Xelerate platform will enable the bank to smoothly comply with GCC VAT regulations and manage potential regulatory changes with ease. The single end-to-end solution helps automate the entire VAT compliance process including centralized rule-based tax determination, input tax recovery, tax invoice, reconciliation, corrections, adjustments, statements, and regulatory reporting.
SunTec GCC VAT Compliance solution is architected to meet the unique needs of banks and financial services firms and can easily integrate with existing IT systems. The solution is designed to process all taxable transactions across business lines and applications, reduce cost of compliance, mitigate potential risk of compliance violations, penalties, and reputational risk.
Securing Digital Transformation in Financial Services
By Bindu Sundaresan, Director, AT&T Cybersecurity
In the last year, financial services organizations have been pushed to speed up their digitization strategies faster than they could have ever anticipated. The COVID pandemic has closed the doors of many physical banks, forced them to move many interactions with customers to digital and introduce new measures so employees can carry out their jobs from home.
The uptake of digital banking has been immense with a recent report from World Retail Banking revealing that 57 percent of consumers prefer internet banking in the Covid-19 era. Today, connected consumers expect near-real-time online transactions at their own convenience, 24X7, and they expect banks, credit card providers, and stockbrokers to provide uninterrupted web services wherever they are in the world.
However, while this digitization has enabled banks to fully serve their customers during the pandemic, it has raised the security stakes considerably.
All around the world, while financial services organizations are adapting and taking advantage of digital technology to make consumer banking and payments safer, faster and more convenient, cyber criminals have been looking at ways to exploit these new initiatives.
What are the best ways financial organizations can embrace digital transformation, without compromising on security?
Embracing Digital Transformation Security
Financial institutions have long been a top target for cyber criminals and as these organizations broaden their digital footprint, their risk profiles change, and their attack surface widens.
In fact, a recent report from AT&T Business revealed that many organizations have noted an increase in malicious activity and cyber-related fraud against themselves and their customers, since the coronavirus pandemic struck. The attacks on institutions are typically happening through malware or social engineering campaigns, while customers are especially vulnerable to phishing with cyber criminals sending out fake COVID-related emails disguised as if coming from banks.
To help understand and manage these risks, financial organizations need to be proactive with their cybersecurity. One of the most important steps they can take is embedding security into new services from the very beginning. This will enable business leaders to make informed decisions, allocate resources efficiently, and understand the value of systems and information.
Banks and other financial institutions handle some of the most sensitive information for their customers and business – Personally Identifiable Information (PII), credit card numbers, and account information. However, as access points to reach this information increases, security should be embedded into systems earlier in the development process. To help achieve this, security teams need to work more closely with developer teams at the beginning of development stages when new technology is being introduced, rather than security being bolted on at the end, which is something that has traditionally happened.
Building a security-conscious culture is also essential, particularly as employees today are more frequently working from home. Employees need to be educated about the most current fraud and phishing scams and how to avoid them. They should be instructed to access sensitive data from a secure network, using their company device, and through the prescribed channels—not by clicking a link in a newly received e-mail. Employees should not open unexpected e-mail attachments and should report suspicious e-mails to the company’s IT department.
Since external IT services are ubiquitous in today’s business environment, it is imperative that as financial services organizations assess technology providers to provide that these services do not pose an immediate impact, while also strategizing how best to fortify resilience against third-party challenges. Many third-party services are critical to an organization’s success, including technical support, cloud-based financial applications, security monitoring, email and data backup solutions. Vendor management is a complex and time-intensive task which many organizations do not, and in many cases, cannot dedicate the time and resources to managing. For companies with a small number of vendors, this can be manageable, but most organizations will need additional support to create and implement these programs effectively. By dedicating resources to developing a program, organizations can begin to understand and eliminate the threats posed by third parties.
Financial institutions should also consider implementing a Zero-Trust approach within their security strategy. Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed. The protocols for a Zero Trust network outline specific rules in place to govern the amount of access granted to users, based upon the type of user, their location, and how they are accessing the network. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default.
Since the beginning of the pandemic, financial organizations have been forced to change the way they operate. Employees are now working more frequently from home and many banking services can now be done online. While these steps have been vital to keep the finance industry moving during the pandemic, they have introduced new security challenges.
As these organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workloads to third parties, they are also expanding their cyber risk. Cyber has become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership must correlate all of this to stay ahead of the adversary and help protect the organization’s most valuable assets.
Financial institutions therefore must be increasingly vigilant, and increasingly well-equipped technologically, to protect themselves from sophisticated attacks. In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today—and a critical resource for solving it.
Using technology to optimise your finance
By Mark Pullen, CEO, Xledger
Covid-19 restrictions and ongoing uncertainty have prompted a fundamental switch in mindset across a multitude of different sectors. Many organisations have begun to recognise that outsourcing their finance can make them more agile and give them the competitive edge they need to compete and scale effectively in today’s market.
Solving the pain points
Inefficient processes are prone to causing delays and errors which can have a huge impact on the bottom line when viewed at scale. They can also negatively impact the client experience, causing frustration with missed deadlines and mounting uncompleted tasks.
New finance technology is automating many of the daily, monotonous back office functions such as bank reconciliation and invoice entry, meaning that the nature of the work that a finance professional provides will change. This presents a huge opportunity as it gives these employees the opportunity to be involved in higher-level work. Technology can also provide a resource that gives real time insight, allowing for better strategic decision making, which is so key in the current climate.
Optimising your finance function
Outsourcing high-value services within the finance function can improve workflow by implementing a defined and transparent process which streamlines operations. For a finance department, this can speed up areas that require internal controls such as expense reporting and cash release, but it can also speed up the full lifecycle of a project; from time tracking and resource to accounting and billing.
There is also a cost efficiency benefit when outsourcing, as management bandwidth is effectively increased by eliminating the need to be involved in many of the day to day processes. Instead this time can be focused on other business priorities and planning for future growth.
Outsourcing accounting functions to bespoke and standardised technologies means using data led processes that can be measured, optimised and benchmarked against in-house requirements. These processes can also be undertaken remotely, boosting the resilience of your business in these uncertain times.
Case study box-out: RPC Tyche
RPC Tyche is a global insurance software supplier with offices in London, Paris, and the USA. Initially a division of award-winning law firm RPC, but now a stand-alone entity, RPC Tyche’s main software offerings support capital modelling, and pricing commercial insurance and reinsurance.
As part of a restructuring process following the de-coupling with the law firm RPC, RPC Tyche had to separate its back-office processes. They remained under the umbrella of the law firm while the changes were taking place, so initially had some flexibility with the shared finance system, but time was running out to separate the two entities cleanly. As a stand-alone company, RPC Tyche now needed its own financial system; one that could align with its new business processes and that could be implemented quickly to deliver the organisation’s business objectives. Furthermore, they needed a new finance solution that could help them grow exponentially, facilitate a globally diverse group structure, and still maintain efficiency when operating as a small team.
Gavin Dilley, Chief Finance Officer for RPC Tyche commented, “Following an initial discussion with a third-party advisor regarding Xero and Quickbooks, we were recommended Xledger because we required a swift and scalable solution. After contacting Xledger, their tried and tested implementation methodology ultimately assured us that we would achieve the fast-paced implementation needed for our go-live objective. We also really liked that Xledger was a multi-tenanted, true cloud solution with its scalability setting it apart from the competitors.”
Implementation and training
Following conversations with Xledger, RPC Tyche created a project management team to keep everything on track on their side, an arrangement that Gavin emphasised “worked really well.” He said that “as a small project team, the flexibility to undergo substantial configuration during the training sessions with the Xledger consultants brought focus and enabled us to dedicate sufficient time to the system without distractions.”
Although the implementation was expected to take three months, RPC Tyche experienced hold-ups owing to the separating of back-office processes, so they were pleased when it was mutually agreed to facilitate a one-month delay.
“The implementation process was highly effective, and we’re very happy with the results,” said Gavin. “Since implementing the Xledger solution, we’ve been so pleased we haven’t had to dip back into the old system as the transfer of historic data has been particularly successful.” RPC Tyche had a large volume of historic data and transactions, including timesheets and work in progress reports that were all successfully migrated to Xledger during implementation. “We’re particularly happy with how easy it has been to onboard our new Finance Controller, due to flexible training and the system being so intuitive.”
Gavin added, “Since implementing Xledger, we have far greater reporting flexibility, better distribution of skills within the finance team and are naturally more self-sufficient because we can make amendments to the system without relying on the software provider.
The system is easy to use, and the purchase order functionalities, integrated workflows and automation of processes have enabled us to be highly efficient, even as a small finance team. Not to mention that the Xledger support team are incredibly responsive, so we can continually maintain productivity.”
SH Capital Ltd launches in Dubai to support SMEs with global banking services
Fintech provider to reconnect businesses with international banking services, digital treasury management solutions, risk management and cash investment products A...
Why CMOs Should Care About Customer IAM
By Darshana Gunawardana, Associate Director/Architect at WSO2 The surge to move online in 2020, in turn, has driven demand for...
Volkswagen faces EU fine for missing 2020 emissions targets
BERLIN (Reuters) – Volkswagen faces a fine of more than 100 million euros ($121 million) for missing EU targets on...
Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution
SunTec’s GCC VAT compliance solution to help Ahli Bank automate end-to-end VAT compliance process, manage regulatory changes, and seamlessly integrate...
Oil dips after unexpected rise in U.S. crude stocks
By Ahmad Ghaddar LONDON (Reuters) – Oil slipped on Thursday after industry data showed a surprise increase in U.S. crude...
UK factories see big drop in output ahead, supply problems too
LONDON (Reuters) – British manufacturers expect a sharp fall in output in the three months ahead and there were widespread...
Britain’s EG Group appoints Rose as non-executive chairman
LONDON (Reuters) – British convenience store and fuel retailer EG Group said on Thursday it had appointed Ocado Chairman Stuart...
Bitcoin slumps 10% as pullback from record continues
LONDON (Reuters) – Bitcoin slumped 10% on Thursday to a 10-day low of $31,977 as the world’s most popular cryptocurrency...
European firms improve diversity scores in pandemic year, study finds
By Aida Pelaez-Fernandez (Reuters) – The number of major European companies with high participation of women in leadership positions has...
Bank of Japan lifts next year’s growth forecast, saves ammunition as virus risks linger
By Leika Kihara and Tetsushi Kajimoto TOKYO (Reuters) – The Bank of Japan kept monetary policy steady on Thursday and...