Journey through Enterprise IT Services
In Journey through Enterprise IT Services, Nadhan, HP Distinguished Technologist, explores the IT Services industry, and discusses technology trends in simplified terms.

Protecting your enterprise against “Adversaries ‘R’ Us”

A federal indictment from the United States Attorney's Office charges five men with conspiring in a worldwide hacking and data breach scheme to steal more than 160 million credit card numbers (a scheme akin to a global enterprise) with a strategy to fraudulently get to the most valued asset — information. Legitimate enterprises must stay up-to-date on various concepts, techniques and tools required to proactively safeguard their enterprises against such schemes, which can be loosely labeled as “Adversaries ‘R’ Us.” The sessions at HP Protect 2013 offer a diverse array of topics to that end. Here are some of my picks in the context of this security breach — the largest such scheme ever prosecuted in the United States.

Fortify the dynamic enterprise with static code analysis tools

Security is what I had in mind when I started teaching my daughter driving recently. I explained all the steps that a good, secure driver must take before setting the vehicle in motion when it is static – at rest. While these are really simple steps to ensure, for example, that the mirrors are positioned properly and the turn signals are functioning, they are also powerful life-saving steps once the vehicle is in motion. Applications are like cars in many respects. Therefore, enterprises should take a similar approach before putting their applications in motion. It is much easier to take precautionary measures by scanning the source code for vulnerabilities – way before running the binary code. Simple techniques, such as visual inspection, have proven powerful in the past. Imagine having a tool to automate such techniques and execute them faster that runs parallel to software development. Well, you don’t have to imagine any longer!

To be or not to be 100 percent protected

Today, there is simply no way to provide 100 percent protection,” says Steve Lazerowich, a security solution leader within the U.S. Public Sector practice for HP Enterprise Services. Adversaries – be they hackers, criminal elements, or nation states – can penetrate the enterprise information systems to the core. So what can the nations of today do? “The best approach is defense in depth,” says Lazerowich, speaking of a multi-layered approach to protecting systems. Let’s explore this further.

Inception of OODA loop into the security hacker’s mind

The OODA loop (recurring cycle of observe-orient-decide-act) has become an important concept in both business and military strategy. Individuals and organizations who process this cycle quickly, observing and reacting to unfolding events more rapidly than an opponent, can thereby "get inside" the opponent's decision cycle and gain the advantage. This is not too different from the plot of the movie Inception where a thief commits corporate espionage by infiltrating the subconscious of his targets. Such concepts lead me to conclude that it would be possible to think ahead of the security hackers and be prepared for the next virus so that we have the measures in place even before the virus sees the light of day.

Search
Follow Us


About the Author(s)
Labels