Core Systems Protection: Lessons from Wallace and Gromit

The 2005 blockbuster movie, Wallace & Gromit: The Curse of the Were-Rabbit, saw the dynamic claymation duo starting a new pest control service, Anti-Pesto, to protect their towns prize produce in the run-up to Lady Tottingtons annual Giant Vegetable Competition.

The release of the DVD version gives an excellent opportunity to look back at the film, and at the lessons in enterprise security it contains for CSOs. Looked at in the right way, it gives key examples of how to protect core business systems and data against all types of security exploitsgiant variants of the species lepus notwithstanding.

Vegetable Plot

When the townsfolks vegetable patches come under attack from hordes of hungry bunnies, Wallace sets up Anti-Pesto, offering a sophisticated managed security service provider (MSSP) approach to protecting prize veggies.

In the event of a creature snacking on home-grown produce, the Anti-Pesto service not only raises alerts at the operations nerve-center in Wallace and Gromits house, it also escalates alerts into remedial action. It pinpoints the location of the unwanted attack so that it can be swiftly neutralized by a flying visit from the Anti-Pesto team, before damage is done to the comestibles.

Whats more, the service highlights threats across different allotments in real time to give an overall picture of the number and scale of attacks.

This approach is an excellent example for managing an enterprises security status, in line with the current thinking from influential bodies such as The Jericho Forum. In effect, Anti-Pesto uses a primitive form of core security event management (CSEM) to deliver its services, as follows.

Security Stew

First, Anti-Pesto shows that its vital to protect not only the organizations perimeterwhether its the fence around the vegetable plot or the corporate firewallsbut to extend security to the core business assets, whether theyre prize marrows or an organizations SAP ERP system.

Its only by having visibility of whats happening with those core assets, identifying any unusual activity or excursions from policies, and correlating core events with other peripheral alerts, that the IT team can act decisively to close a potential security breach.

As an example, if a mission-critical Oracle server is targeted by an attack to which its vulnerable, the core security solution can give an immediate high-level alert. However, if the server has already been patched against the vulnerability that the attack seeks to exploit, this fact can be correlated against the attack, and the IT team given a low-level alert because the actual risk to the business asset is lower.

The right security management solution gives IT teams a more effective way to tackle security holes, by correlating and prioritizing alerts according to the target systems actual vulnerability, security and business status.

Taking Stock

At the Anti-Pesto nerve center, the display of all the vegetable patches being monitored can be likened to a central security management console. It enables Wallace and Gromit to quickly assess the overall security stance, to tailor their activities accordingly and to take fast, targeted remedial action to close any breaches when they occur.

Once again, this is an excellent approach to IT security management. Corporate IT teams have to look after a range of core business systems, security devices and solutions, which usually means using a range of different management consoles and dashboards.

Trying to imagine the overall security stance from a battery of consoles can blur the IT teams vision. This means running the risk of missing a security threat amid the background noise, while the IT staff try to sort fragments of events into a coherent picture.

Screening Alerts

Just like the Anti-Pesto solution, CSEM unifies security management for both traditional point security products and core internal systems. It integrates multiple consoles and reporting formats to simplify management, correlating data and event logs from core business systems and security devices into one central engine. This helps identify and place in context irregular activities or attempted attacks that are otherwise invisible.

This gives IT staff a clearer view of events at any point on the network as it occurs, and improves response times by drastically reducing the log traffic generated by multiple systems. It gives an end-to-end view of network activity, reporting on any changes to business assets and datawhere security is most needed. And it also helps with incident handling and resolution by pinpointing the breach and suggesting responses.

Extra Helpings

Of course, a true CSEM solution goes beyond anything that Anti-Pesto could offer. It should enable those using itwhether end-users or MSSPsto document, measure and report on key performance indicators against security policies and service level agreements, to ensure that all parties are reassured of obtaining value for money. After all, a solution promising to boost efficiency should be able to demonstrate measurable returns.

So is the Wallace and Gromit movie a case of art imitating life? Its certain that enterprise security could learn something by taking a leaf from Anti-Pesto and building on the example set by the plasticine pals.

Jason Holloway is vice-president, UK for ExaProtect.