Like many in IT, you can probably commiserate with this week’s Inside Out Security Show panel – Mike Buckbee and Alan Cizenski – on elaborating when someone asks you, “What Do You Do for a Living?” Whether you’re a programmer or a sysadmin, the scope of your role is often multi-faceted and complex.
In this episode, we talk about various responsibilities of those in IT – differentiating similar tools, testing and evaluating, balancing practical decision making, and much more.
Here’s the best of what you might have missed:
Cizenski replies, “A SIEM tool is really aggregating the events from other systems. And putting them together to have a unified way to look at them. But User Behaviorial Analytics is more of a security tool that operates on its own…It’s learning what’s normal and what’s abnormal based on information that’s being fed or collecting on its own. UBA is a standalone that you don’t have to handle yourself…It’s looking at how users are accessing data.”
Testing and Evaluating
Another really important aspect of an IT pro’s job is to test and evaluate tools. I recently came across an article about a lawsuit that accuses the US Navy of pirating more than 558,000 copies of virtual reality software. I wondered exactly what was in the fine print.
Cizenski speculates, “During a pre-sales engagement, there are a bunch of things a company might do to enable a trial, especially a large group like the Navy…perhaps the vendor turned off the setting to enable the Navy to try out the software…There might have been promises made that were never put into writing.”
Balancing Practical Decision Making
And finally, while every organization needs to figure out their own security plans. I was curious about a few must haves when it comes to making practical security decisions.
Buckbee advises, “You don’t allow access by default. And that you don’t allow network egress, leave by default…In the same way you think about defense in depth, you should think about having to whitelist all the devices and then having to individually grant permissions to get out of the network.”
Ps. A site Buckbee recommends you visit is have I been pwned.
He says, “It’s run by a friend of ours, Troy Hunt who has built a fewcourses for us and will be speaking at RSA. The site collects all the data from all the breaches. You can put your own email in it. Or if you’re an admin, you can put your company’s email in and it will alert you when you get pwned.”