One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 547677 |
| Date de publication | 2018-03-28 13:00:00 (vue: 2018-03-28 16:03:19) |
| Titre | Dude, Where\'s My [Unstructured] Data? |
| Texte |
Okay, so as a 90’s born kid who grew up in the 2000s, the whimsical spectacular “Dude, Where’s My Car” was a huge intro to my love for comedy. If you haven’t seen the flick – TL;DW is this: Jesse (Ashton Kutcher) and buddy Chester (Seann William Scott) have a wild night and can’t remember anything that happened. They walk outside and realize Jesse’s car is missing, and all kinds of weird drama happens whilst trying to piece together the previous night’s shenanigans. Oh yeah, there’s some alien stuff in there too. Just think The Hangover meets Star Trek and you’ve pretty much got it nailed.
So as I’m watching this blast from the past-erpiece (get it, masterpiece? Huge portmanteau fan) the other night, it dawned on me that this is the exact type of thing that IT/Security professionals deal with all the time, and I’m not just talking about saving the universe from aliens. (on a gaming console, of course.)
Shadow IT and Unstructured data are real, dude – and they’re definitely not sweet.
The biggest problem in the movie is that they were being held responsible for actions that they had no idea had occurred – supposedly they had this Continuum Transfunctioner and they didn’t even know what that was much less that they had it. Spoiler: They did have it, and it was under the guise of a Rubik’s cube. Sound familiar? Something crazy deadly for an environment and it was just walking around in a pocket under the guise of being something innocent?
The IT/Security department(s) are viewed as the “offices of NO” because a lot of people don’t understand how many threat vectors are out there - much less how they work. So when marketing wants to purchase a new tool and is afraid of being told no, they do it anyway. (Trust me, I’ve utilized this to my advantage before.) They’re not thinking about the ramifications of uploading data into an unapproved cloud so that they can send out new campaigns. When sales downloads a document that is supposed to be internal only and sends it out via email to their customers because “it’s a really great selling piece!” how do you know? Moreover, how do THEY know that they’re causing an issue?
Unfortunately, there is an “and then” here: A bad actor gets a hold of that data or IP and the next thing you know a Super Hot Giant Alien is tromping all around your putt-putt golf course of data. It’s really not a great scenario.
The biggest problem with unstructured data is that traditional email filtering/anti-virus/database security isn’t going to catch these exploits. They are looking for signatures, access profiles, etc. to determine if something can be a downloaded or is a known threat, but that’s about it. They aren’t accounting for the human component.
What about screen grab? What about copy/paste? Even if it’s all |
| Envoyé | Oui |
| Condensat | “and “dude “it’s “offices a 2000s 90’s about access accounting action actions actor actually advantage afraid after alien aliens all allowed amounts any anything anyway are aren’t around artist artistic arts ashton back bad because before being below biggest blast born bottom: brings buddy business but campaigns can can’t car car” catch causing chat chester city clients cloud comedy component console continuum copious copy/paste could course crazy cube customers data dawned deadly deal definitely not sweet department determine did didn’t document doing don’t downloaded downloads drama dude email ended environment erpiece etc even exact exploits fact familiar fan filtering/anti filtrated find flick from gaming get gets giant goes going golf gone good got grab great grew guise had hangover happened happens has hat have haven’t having held help her here: hit hold hot how howard huge human i’m i’ve idea importance infosec innocent interests internal intro isn’t issue it’s it/security jesse jesse’s jigsaw just keeping kid kinds know known kutcher less like links living llama looking looks loop lot love magnificent making malicious man managing many marketing masterpiece mean meets missing moreover movie much nailed native new news next night night’s no” not now occurred okay only opera optiv organizations ostrich ostriches other out outside painting past people perspective piece plenty pocket policies policy portmanteau pretty previous probably problem problems professionals profiles pull purchase putt puzzles ramifications ranging real realize really remember responsible rogue rubik’s sales saving scenario scott screen seann security seeing seen selling send sends setting shadow she she’s shenanigans signatures singing singular solution solving some something sound spectacular spoiler: star start stop stuff super supposed supposedly sure tabs talking tech tell texan that’s theatre themselves then” there’s these they’re thing think thinking this: those threat time tl;dw together told too tool tools traditional transfunctioner trek tricia tromping trust trying turned type unapproved under understand unfortunately unique universe unstructured uploading utilized vectors viewed virus/database walk walking wanna wants wars wasn’t watching weird what when where where’s whether whilst whimsical who wild william wonderful work world writing/enforcing yeah york you’ve your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.