The document discusses the shift from traditional IT security control models to contextual security through real-time monitoring. It advocates a prevention approach using monitoring to complement control. The BalaBit eCSI Suite is presented as a solution that provides reliable logging from multiple sources, high-performance monitoring, and real-time dashboards to enable prevention through intelligent data analysis and monitoring.
8. BalaBit eCSI Suite
Blindspotter
Syslog-ng Shell Control Box
• Reliable logging
• Wide range of sources
• High-performance
• Independent data source
• Detailed footage
• Control functions
• Social network model
• Real-time dashboards
• Priority list
• Zoom function
• Run-on authentication
• Privacy warranty
The megatrends of consumerization, mobile, social, and cloud are radically transforming the relationship between IT, the business, and individual users.
Nowadays, IT security is the biggest obstacle in adopting new information technologies while they are the most important factor of competitiveness.
Nowadays, companies concentrate their IT security resources to controlling tools and to external risk factors. But the ‘control’ itself isn’t enough, sometimes even harmful. We will show that you should put more emphasis on observation and - in case of internal users - mitigation of control.
We present you the eCSI, an out-of-the-box security concept for facing this problem and to solve it business-friendly without bad compromises.
Access control defeats its own purpose way too often. Because of its inflexibility it is not able to eliminate breaches, though it can seem a very appropriate response. In most cases, IT security is set into a bad compromise where it cannot encumber a determined attacker but moderately push the business back.
Our eCSI concept is very similar to Gartner’s “Security Free State” concept. They also name it people centric security. I borrowed this slide from Gartner to present you the benefits of a monitoring based security concept.
What you need is a written policy with sanctions and the knowledge what is happening.
Control tools are the most simple and popular tools for prevention. But as we mentioned
The observation (or intelligence) system can be used both for forensics and prevention. The different is only in the data processing. A quick forensics of a suspicious event opens the door to prevent a real incident.