By Splunk October 04, 2007
I was giving a short talk at the CSI Computer Crime and Security Survey 2007 event in San Francisco this morning. I chose the topic of Computer Crime – A Data Centric View. Here is a short summary of my presentation:
The crime landscape is changing, as the CSI report shows. Attacks are moving up the stack, they are more targeted, and get more and more sophisticated. Insider crime is growing to a bigger and bigger problem. With the crime landscape shifting, are you shifting too? Are you prepared? Are you monitoring? Do you know what is happening right now? Are you collecting all the data today that you might need in 6 months when you discover that there was a breach 6 months back?
IT Search is a way to address your concerns in this area. Collect your data today and be prepared. Make sure you are collecting all the pertinent data; configuration files, scripted inputs, application logs, transaction logs, etc. You need to collect more data than for the traditional security use-cases. That data is not enough anymore.
Right before I was presenting, Special Agent Herrington from the FBI was talking about collaborating with the authorities to collect evidence and urged people to report cyber crime. One of his comments was really interesting: “we love looking at logs”.
Computer Crime – A Data Centric View
By Raffael Marty