Firms seem to understand the importance of preventative controls, such as having firewalls and access control lists. "But they lack a good grasp of detective controls," says Tony Hernandez, managing director at SMART.Detective controls include logging, system auditing and intrusion detection, which involves monitoring system files to see whether there is an inordinate number of failed authentication attempts, as well as network traffic, for patterns associated with malicious activity.
Other detective controls include file integrity checking, where specific files are monitored for any changes that have been made to them.
"Firms are struggling with these detective controls, which are being driven by regulatory demands," says Hernandez.
"There's a tremendous amount of volume of data that needs to be captured, and there's a need to see where this sensitive information is, and where it has been accessed. It can't be done manually so there has to be a centralized logging and reporting facility. Getting this implemented can be time consuming but it is very valuable," he explains.
Critically, firms need to proactively monitor and manage their detective controls. "As you reconfigure old systems and bring in new systems, you need to make changes [to your detective controls]. And someone needs to be monitoring them," Hernandez suggests.
"The problem is that these controls are often used reactively, not proactively. So it becomes a forensics tool."Firms seem to understand the importance of preventative controls, such as having firewalls and access control lists, but they lack a good grasp of detective controls, says Tony Hernandez, managing director at SMART Business Advisory and Consulting. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio