Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Randomness Might Improve Security but Layered Protection is Better Bet | Main | FBI Busts Identity Theft Botnet »

Société Générale, Predictability and Overlapping Countermeasures

The $7 billion fraud at the Société Générale has to have a lot of bankers and trading managers wondering if something like that could happen to them. A couple of writers have pointed out that predictability is a key weakness in the bank's anti-fraud and bookkeeping measures. It seems there will always be some level of predictability (even random number generators are only pseudo-random) so we need more than randomness. The trader who avoided detection for so long at Société Générale actually beat two systems according to the Wall Street Journal. I think that point needs as much attention as the predictability issue.

I mentioned in yesterday's post that Andreas Antonopoulos at Network World raises the possibility of introducing randomness in anti-virus applications, in part inspired by the predictability problem becoming apparent in the Société Générale case. I argued that randomness isn't enough, we need multiple layers of defense.

But, as the WSJ article shows, the Société Générale did have at least two systems that would/should/could have detected the unauthorized activities. The problem was the trader new how both systems worked and there was not sufficient complementarity between them. Two systems that leave the same hole can be just as bad as one system that leaves a hole. Multiple countermeasures must compensate for each others weaknesses.

Take for example the idea that you should run different anti-virus systems on the network and on clients. The reasoning being that malware that slips past one will be detected by the other. This is true, to a point. But if both AV systems uses the same combination of signature and behavioral analysis class of techniques then there is a chance that something will slip through both. Another approach is to have a countermeasure that is designed to function assuming malware does make it through, e.g. intrusion prevention. This is a different model that is triggered by activities at different stages of information processing.

Belts and suspenders do the same job but more importantly they do it in different ways and that is what is needed when dealing with intelligent, determined adversaries.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on January 30, 2008 8:49 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/613

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net