• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Pervade Software

Pervade Software: Where would you shine a spotlight on cyber-attacks?

800 450 Jack Wynn

This probably seems like a stupid question, implying that cyber-attacks are like people trying to break into your workplace in the middle of night and a well-aimed torch beam holding them in the spotlight and ultimately scaring them off. And yet this is exactly how security monitoring systems work. 

Cyber-attacks come in all shapes and sizes from the next generation of Slow Death Denial of Service (DoS) attacks that can bring down practically any website from outside the network, to the sneaky Advanced Persistent Threats (APT) that worm their way onto the network and can sit dormant for months before waking up to cause havoc from the inside… 

Each Monitoring System is a Spotlight 

Although attacks can come in many forms, the protective monitoring systems used to identify them are still limited to only being able to monitor one or two data types each. 

For example, Security Information and Event Management (SIEM) systems monitor log data and can let you know that something has happened – which may or may not be a cause for concern – but if you wanted to identify specifically what happened, such as to check the configuration files of devices to identify changes that have been made, you need a different monitoring system because log systems do not audit configurations and config systems do not monitor logs. 

This same problems extends into availability, file integrity, behavioural anomaly detection, vulnerability, asset, database, application monitoring and many more. 

In fact, it is not unusual for a large company to have a number of different monitoring systems or more – each “shining a spotlight” on one aspect of the information security infrastructure. 

This problem is finally being acknowledged 

Even the monitoring companies themselves own up to the problem. 

Amit Yoran, president of RSA Security (vendor of the EnVision SIEM product) admitted that “logs are simply not enough” and “comprehensive visibility is the base block for truly insightful analytics and scoping out incidents correctly” in the opening keynote speech of the largest information security conference in the world, held in San Francisco in February 2016. 

But is not the only recent admission. AlienVault’s new White Paper on Unified Security Management begins by admitting: “The dirty little secret in the SIEM industry is that most SIEM solutions have a shelf life of approximately 18-24 months before organisations give up and begin to look for another SIEM solution.” 

In reality, hackers have little or no difficulty navigating the ‘dark patches’ of a network ensuring that their attacks are all but invisible to each individual monitoring system, and it is left to the skill, knowledge and an experienced eye of the hardworking security analyst to try to spot these attacks. 

It doesn’t have to be this way 

The UK-based independent software vendor called Pervade, voted one of the UK’s Most Innovative Cyber Security Companies in a techUK competition held at Infosecurity Europe in London last year, launched the world’s first security monitoring system after two years of self-funded development; which is capable of correlating, gathering and reporting on ALL DATA TYPES in a single configurable system. 

In a recent filmed interview for The Telegraph, CTO Jonathan Davies said: “By bringing all data types into a single system we have brought an end to this crazy spotlight-based monitoring and finally turned the floodlights on. Current and future attacks are going to find it very hard to hide from detection when their every move can be correlated and displayed on a single screen”. 

If you believe that you may have gaps between your monitoring spotlights or dark patches in your infrastructure contact Jonathan and the team at Pervade Software for an insight into the next generation of protective monitoring. 

 

Ejidavies@pervade-software.com  

W: www.pervade-software.com 

T: +44 (0)29 2064 7632 

Industry Spotlight: “It’s one of a kind and nothing like this has ever been done before”…

800 450 Jack Wynn

Used in more than 80 countries, Pervade Software‘s solutions are leveraged by a wide audience of private and public sector clients, as well as partners ranging from independent consultants to global managed security service providers. Here, John Davies, managing director, discusses the company’s premium position in the global and UK marketplace, the challenges it faces when approaching potential clients and keeping up with industry trends…

There is a tremendous amount of competition in the sector – how does Pervade Software stand out from its competitors?

Right now, there are dozens of IT monitoring systems on the market, and pretty much all of these systems are built on relational databases – meaning they can only deal with one or two data types each. By definition, log systems only handle logs and configuration systems – as you can probably guess – only deal with configuration files. Both data types are wildly different and it is far too difficult to handle log data and configuration files in the same database. Therefore, you have two separate products: one to look at your logs, and the other to look at your configuration files and this issue is repeated across other data types such as asset management, vulnerability, file integrity, database, application performance, network monitoring etc.

We stand out from our competitors because we have developed a brand new database that can process all data types which has won major industry recognition; it’s the only one of its kind and nothing like this has ever been done before. So, we compete with all other data monitoring systems on the market because we can do the job of multiple systems in one. What’s more, we can correlate data that is normally dealt with in multiple systems providing faster and more in-depth forensics capabilities. This is not limited to IT data types either; we handle industrial control system SCADA data just as easily.

We also stand out because we have a unique compliance tracking capability.  Obviously, because we can handle all data types, we can audit all devices to collect any evidence for every technical control in any standard or policy including logs, config, asset etc.  Furthermore, we have added the ability for contributors to log in and answer non-technical compliance questions such as “Do you have a policy?”, “Do you keep records, if so provide a copy” etc. which means that all evidence of compliance can be tracked in a single configurable system and this is also unique.

 

What challenges does Pervade Software face when approaching new clients and driving new developments?

Our first challenge is that people do not believe that it can be done. The industry has always had a wide array of monitoring systems and people are used to the fact that, if they want full visibility across their whole infrastructure, then they have to have four, five, or even six monitoring systems in place – when we waltz in and say “it doesn’t have to be that way”, people are naturally suspicious, especially because we are a relatively new and unknown player in the market. We almost always have to run proof of concept evaluations, which we are perfectly happy to do.

The second challenge is that, even when people do believe what we can do it, it’s too much of a paradigm shift; too much of a change for them to implement. We’re only really attractive to early adopters at this stage in our growth and even then we tend to deploy our software alongside their existing systems, to plug any gaps in their monitoring capability or automate compliance tracking for a specific certification, and then we work on displacing their other expensive systems over time. 

 

Can you detail the main differences between the OpAudit and the OpView solutions?

OpView is the monitoring system – basically an optimised view of your IT infrastructure and security, viewing everything in one system.

OpAudit is the compliance tracking system – optimizing the way that you work towards becoming compliant, prove your compliance to auditors and maintain your compliance through time, with all evidence available in a single set of screens.

We sell them as two separate products, but actually, they run from the same central server and are part of the same system.

We believe this reflects that fact that it is becoming more and more difficult to separate IT Security from IT Compliance.  The increasing cyber threat means that everyone’s customers are demanding proof that their systems are secure and gaining certifications ranging from Cyber Essentials, IASME, ISO27001, PCI-DSS right up to NIST 800-53 is by far the best of way of demonstrating that you have the right controls on place to be as cyber secure as possible. 

 

As a company, is it challenging to keep up with and introduce new trends?

For us it’s a piece of cake as we have developed a platform that is based on a portal architecture, which makes it incredibly extensible. One of the benefits of our software is that new features or functionality needed in response to new cyber threats or compliance demands can be added as a “widget” rather than needing core code changes.  So we can keep up with the fast-moving security industry much better than our competitors. Also, their solutions can only handle certain data types, which means that they simply cannot deal with new attack vectors that are designed to be invisible to their systems.  For example, the new generation of attacks that leave no logs, which makes them invisible to an SIEM system regardless of how much money it cost.

 

You’re primarily based in Cardiff, so how is Pervade Software performing in other areas of the UK as well as internationally?

Our software is currently being used in over 80 countries and we have to deal with all queries from these countries, which, of course, come with challenges. What we’re trying to do as a business is develop a collection of channel partners located in different countries – such as system integrators, compliance consultancy firms and so forth. We need partnerships to continue our growth and to further integrate our solutions internationally and we are actively looking for these partners right now.  

 

In your opinion, do you believe industry events such as the Security IT Summit are beneficial to generating new business?

Yes – what many big conference style events do is appoint big-name speakers to present, leading to many industry professionals attending but mainly to sit in on these speaking sessions. This doesn’t help companies like us at all – if I were to set up a roll-up banner and sit at a table, people are only going to visit my stand during the coffee breaks or if they’re bored. The major expos are not much better because there are now so many vendor stands that people are completely swamped by the range of solutions they are seeing and it is difficult to differentiate

Comparing these events to the Security IT Summit, where meetings are scheduled beforehand and suppliers are guaranteed to be able to talk to serious buyers. It’s a much more beneficial use of my time. As a small company with an innovative new solution, I’d prefer to have longer more in-depth discussions than five minute sound bytes on a stand.

 

Learn more about Pervade Software here