Wednesday, August 08, 2007

Pervasive Security Monitoring

After Black Hat I've been thinking of how to address gaining insight into the security state of the enterprise. My first book addressed how to detect and response to intrusions using traffic sources in the form of network security monitoring. I've talked about gaining pervasive network awareness several times as well. Recently I've talked about security application instrumentation and several times over the years I've discussed why I am not anti-log.

I am beginning to formulate my thoughts on what I'm calling Pervasive Security Monitoring. I don't have a formal definition yet, but the concept will extend past NSM data sources (traffic) into reports on the state of platforms, OS, applications, and data. The dictionary definition, to become spread throughout all parts of, captures the concept fairly well at this stage.

I noticed Cisco and a few others used the term pervasive security awareness, but it's used as a way to encourage employees to become security conscious. That's not what I mean. I see pervasive security monitoring as a way to achieve pervasive security awareness, in the form of collecting data to inform the decision-making process.

I considered using the term "enterprise security monitoring," but I don't think that term as previously used covers everything I have in mind. As I develop these thoughts I will discuss them here.


shrdlu said...

Excellent idea, and I'm looking forward to reading about it!

Christofer Hoff said...

Rich, I agree:

Let's not leave the notion of service providers/delivery networks out in the cold. Many of these folks tune out when they hear "enterprise" yet every enterprise is connected to them.

Likewise, some of the biggest enterprises look like closed-circuit service providers to their partners, customers and constituents...