Perimeter
11/26/2012
03:49 PM
Wendy Nather
Wendy Nather
Commentary
50%
50%

Log All The Things

How the growing granularity in computing is going to affect monitoring

Yes, computers are smaller now. From the behemoths of old to systems on a chip, we've seen a change in the form factor such that these days, you could just about lose millions of SSNs if your USB navel-piercing fell down the shower drain. And that's not even counting the sprawl when it comes to virtual machines.

But there's another trend, as well. Mainframes, VAXen, PDP-11s, and so on were multiuser and multipurpose (even if, in some cases, you could only load one card stack at a time). Then came distributed computing, and the computing power was split between the client and the server 00 notwithstanding diskless workstations and the whole "the network is the computer" thing. This meant that the resources were being dedicated: some for the local work, some for the remote, and they weren't easily transferable.

Unix servers would often be centrally used – covering whole departments – but as time went on, enterprises split them for particular purposes, such as storage, processing, routing, mail, and more. Windows servers became even more granular, depending on how much they could handle at one time. Add in high availability requirements, and you suddenly had hundreds of servers to go with hundreds of endpoints.

This is about the time where logging and monitoring got complicated. Keeping clocks in sync and deduping the huge amount of similar data generated by each of those systems are just some of the challenges that gave rise to the industry we now know and love: log management. We're just now starting to figure out how to monitor mobile devices in a scalable and flexible manner.

Things only got worse when VMs came along. Cheap and easy to spin up and down, like blowing bubbles, these systems not only have to be monitored in and of themselves, but their lifetimes and hypervisor management need coverage, as well. Their great advantage is being dynamic, but a dynamic environment also means more things are happening – and when more things are happening, there's more to monitor. It's easier to monitor one big lumbering elephant than it is a thousand squirrels, but what we've got here, right now, are squirrels.

Now we even have the concept of micro-VMs, where individual processes and tasks are wrapped and managed separately. If you thought VM sprawl was a problem now, wait until you have to track events associated with security policies for, say, each tab of your browser. And don't forget the Internet of Things, in which all our millions, or perhaps undecillions, of smart components might require some sort of monitoring.

We're getting to the point where, as Jonathan Swift once wrote:

So, naturalists observe, a flea
Has smaller fleas that on him prey;
And these have smaller still to bite 'em;
And so proceed ad infinitum.

Increasing granularity of computing may be good for performance, and it may be good for some aspects of security, but it's not good for everything. If security monitoring is going to have to address the problem of infinite fleas, then we'd better get cracking.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7241
Published: 2014-12-19
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVE-2014-7249
Published: 2014-12-19
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 992...

CVE-2014-7267
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

CVE-2014-7268
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

CVE-2014-8272
Published: 2014-12-19
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.