Detecting threats in the real world

Security pros know there's no perfect defence against a determined attacker. So when an identity thief strikes, it's vital to detect the theft. But who's going to be the detective?

As applications migrate into the network cloud, the presumption is that IT administrators will be the detectives, vigilantly looking for clues that might spell trouble. But such vigilance will never suffice, because nobody can care as much about my own interests as me, or as much about yours as you.

When I set up my first corporate connection to the Internet, for example, I had a naive fantasy about managed network services. I imagined a bank of screens glowing in a dimly lit network operations centre, earnest young technicians studying them alertly, and then ... What was that? An alarm sounds, a cluster of red dots erupts on one of the screens, the technicians huddle, my phone rings.

"Mr Udell, there's been a routing glitch that affects your subnet. We're aware of the problem and we're working on it. You'll hear back from us as soon as it's fixed."

Yeah, right. What actually always happens is that I notice when a server's gone unreachable, and I contact the ISP. At first nobody there sees a problem. So I triangulate on the errant router, pass along the trace routes that pinpoint the problem, and finally someone agrees to fix it.

This protocol is annoying but not really surprising. Self-interest trumps all other incentives. I care more about my server's connectivity than the folks in the NOC ever can or will. I'll keep a watchful eye, and I'll do what I can to stay on top of things.

Back in my pager-wearing days I scattered a handful of probes around the Internet, and instructed them to ping my boxes and alert me if they couldn't. That worked because basic connectivity is easy to observe. But the activity of my various online personae typically isn't easy to observe - at least not by me, and not in ways that would alert me to, for instance, unusual activity on an account.

Desktop and server operating systems know, and can report, when you've logged in and what you've been doing. True, a savvy impersonator can erase their footsteps, but if you're motivated to look, there's a decent chance you can detect an intrusion.

Applications and services delivered through the Web usually don't afford the same opportunity. If a failed password-guessing attack triggers a temporary lockdown of my online bank account, I have some hope that I'll be promptly notified - though I'm not about to try the experiment in order to find out. But what if shoulder-surfing or a lucky guess yields up my credentials to an evildoer? Typically there's no way for me to monitor the account for amounts, times, or IP addresses that only I would recognise as suspicious.

They should at least show me the last log-in time. A more complete view of all account activity would be ideal. Flooding me with log dumps won't help. The information has to be represented in a way that makes it easy to tell, at a glance, when something's not right.

That's easier said than done, but there's hope. Like all animals, we humans are wired to memorise visual and auditory patterns and notice deviations from them. If software can tap into those innate capabilities, it can help us watch out for ourselves.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Udell

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?