Detecting threats in the real world

Security pros know there's no perfect defence against a determined attacker. So when an identity thief strikes, it's vital to detect the theft. But who's going to be the detective?

As applications migrate into the network cloud, the presumption is that IT administrators will be the detectives, vigilantly looking for clues that might spell trouble. But such vigilance will never suffice, because nobody can care as much about my own interests as me, or as much about yours as you.

When I set up my first corporate connection to the Internet, for example, I had a naive fantasy about managed network services. I imagined a bank of screens glowing in a dimly lit network operations centre, earnest young technicians studying them alertly, and then ... What was that? An alarm sounds, a cluster of red dots erupts on one of the screens, the technicians huddle, my phone rings.

"Mr Udell, there's been a routing glitch that affects your subnet. We're aware of the problem and we're working on it. You'll hear back from us as soon as it's fixed."

Yeah, right. What actually always happens is that I notice when a server's gone unreachable, and I contact the ISP. At first nobody there sees a problem. So I triangulate on the errant router, pass along the trace routes that pinpoint the problem, and finally someone agrees to fix it.

This protocol is annoying but not really surprising. Self-interest trumps all other incentives. I care more about my server's connectivity than the folks in the NOC ever can or will. I'll keep a watchful eye, and I'll do what I can to stay on top of things.

Back in my pager-wearing days I scattered a handful of probes around the Internet, and instructed them to ping my boxes and alert me if they couldn't. That worked because basic connectivity is easy to observe. But the activity of my various online personae typically isn't easy to observe - at least not by me, and not in ways that would alert me to, for instance, unusual activity on an account.

Desktop and server operating systems know, and can report, when you've logged in and what you've been doing. True, a savvy impersonator can erase their footsteps, but if you're motivated to look, there's a decent chance you can detect an intrusion.

Applications and services delivered through the Web usually don't afford the same opportunity. If a failed password-guessing attack triggers a temporary lockdown of my online bank account, I have some hope that I'll be promptly notified - though I'm not about to try the experiment in order to find out. But what if shoulder-surfing or a lucky guess yields up my credentials to an evildoer? Typically there's no way for me to monitor the account for amounts, times, or IP addresses that only I would recognise as suspicious.

They should at least show me the last log-in time. A more complete view of all account activity would be ideal. Flooding me with log dumps won't help. The information has to be represented in a way that makes it easy to tell, at a glance, when something's not right.

That's easier said than done, but there's hope. Like all animals, we humans are wired to memorise visual and auditory patterns and notice deviations from them. If software can tap into those innate capabilities, it can help us watch out for ourselves.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Udell

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?