Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

New Group Seeks Dialogue On Security Data Sharing, Mining

Open Security Intelligence community champions methods for harvesting security information

SAN FRANCISCO -- B-Sides San Francisco 2011 -- Most enterprises already have more than enough security data. The question is how to efficiently mine that data to find the source of a hack or build a better data defense strategy.

That's the premise behind the launch of a new security community, Open Security Intelligence, here yesterday. The open, online community, founded by security information and event management (SIEM) tool vendor SenSage, hopes to become a nexus for security managers to share best practices in making better use of the data collected by security and log management tools.

"Organizations could use the same tools that they currently use for the mining of business data to mine their security data," said Joe Gottlieb, CEO of SenSage. "We believe that SQL could become the new universal security signature language."

"There is a massive disconnect between vendors and users about how to work with security data," said Andrew Hay, an analyst with the 451 Group. "Some vendors say they are open, but what they're doing is some give and mostly take. That's not open."

The OSI community is a place where security professionals can go to share best practices in harvesting security data from log files and security systems, Gottlieb said. When an enterprise finds an effective way to query security data and get real results, it would be able to post that query to the OSI community, enabling other security professionals to use it as well.

The community also hopes to foster the evolution of SIEM and log management tools, which have been used for a decade but often still do not yield the benefits that many enterprises had hoped.

"If you look at Delta Airlines, they have a sophisticated process for setting ticket prices that is based on intelligence they've gathered about what customers are willing to pay at a specific time of day on a specific route," Gottlieb said. "They're making intelligent decisions using a whole warehouse of available data. We can apply that same concept and technology to security."

Some large, national defense departments already are using data mining tools and SQL to create a common method of querying security data and identifying exploit patterns, Gottlieb said. "It's already being done," he says. "The OSI community will give companies a chance to share those practices and intelligence."

The OSI community is designed to help security professionals who spend a great deal of time in data analysis, Gottlieb said. SenSage believes that these highly skilled data analysts -- sometimes called "quants" in the business intelligence arena -- are becoming increasingly needed in the security department.

"Organizations must understand where they are most vulnerable, where they have been hacked, and why," Hay said. "The [OSI] initiative is an innovative way to help organizations everywhere improve the process of mining security data to find the right information."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137
PUBLISHED: 2021-01-20
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851
PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134
PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...