Sony Hacked Again... ESI to the Rescue?

Friday, October 14, 2011

Rafal Los


Caught this on the news wires this week..."Sony PSN Hacked Again, 93,000 Accounts Affected"... which sounds ominous until you keep reading. 

Looking past the initial reaction you probably have (you know the one), this is actually potentially a positive situation for Sony and the community.  Wait, what?

Before you get too caught up in the hoopla and spectacle of beating Sony up for yet another data breach, read this:

"Sony’s Information Security Officer Philip Reitinger announced that a security breach had been detected, and that only 0.1% of accounts were affected. Now while that doesn’t sound so bad, that adds up to roughly 93,000 accounts. That breaks down to around 60,000 PSN/SEN and 33,000 SOE accounts.

The good news is that if you were one of the affected accounts, your credit card information was not compromised. Also, the accounts appear to have been locked shortly after the intrusion, so very little damage could have been done. For those that did have unauthorized purchases made, Sony will be crediting your account accordingly. Be on the lookout for an email that will let you know if your account was compromised, and how to get it back online." ([1]

Hold the phone!  Could it be that all that talk of security being taken seriously at Sony was true?  While it seems like the Info Security community pummeled Sony for what appeared to be a lawyer-maneuvered "you can't sue us" legal move in the contract language - Sony was actually making huge strides behind the scenes to improve security... could it be?

While no one likes to see a the company they do business with in a headline with the words breach and hacked, I think this rain cloud has a silver lining, indeed.

Let's face it, getting hacked isn't necessarily Earth shattering anymore.  Even a keynote from RSA Execs at the RSA Europe event this week echoed the same thing - enterprises need to make their peace with fact that they're going to have to live with data breaches and hacks... the secret to surviving is having a well-formed Enterprise Security Intelligence strategy. 

If you don't have a Gartner account, I will sum up what this means for you, as I have previously talked about this here on my blog as well[3].

Enterprise Security Intelligence is the capability of an enterprise to have real-time knowledge of security-related events, upon which it can intelligently act.  This is different than an IPS blocking signature-based attacks, or having a SIM/SIEM alert you on correlated attacks... because these are mostly without IT context, much less business context

The critical aspect here is business context and real-time reactive capabilities.

I don't want to jump the shark here, but I think Sony may have gotten it right on the ESI (Enterprise Security Intelligence) front, only time will tell, and for this I am excited.

Before you get too caught up in the breach (again)... ask yourself if your organization is prepared to react in real-time with business-relevant and technically sound information.  If you were experiencing a major breach right now would you or your incident response teams know fast enough to react? 

Would your IT systems be able to quarantine, shut down, and contain the breach so that your human resources could get in and immediately analyze the situation and perform corrective long-term action?  I'm going to take a wild guess and say no.

So... if you're out there beating up Sony for being hacked, again, consider your organization's reactive capabilities ...and if you need help perhaps you should think about checking out the entire suite of software and services HP provides to help get you there?  Just thought I'd mention that [2].

Update: Just in case you think your users don't appreciate a prompt response to a real threat - read the blog post comments here:


Cross-posted from Following the White Rabbit
Possibly Related Articles:
Information Security
Enterprise Security Security Strategies Network Security Sony hackers breach Enterprise Security Intelligence
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.