Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Olympic IT Team Seeks Gold Security Standard

It wasn't just the number of alarms in Athens that forced the IT team to take a second look at alarm filtering, but where the alarms came from. The team--like many commercial enterprises--concluded that the real threat was within the network, not outside. The perceived attackers were mostly authorized users unplugging the Olympics workstations and replacing them with their own laptops--a blatant no-no, but not necessarily a black-hat attack. The team's main concern is filtering through these benign threats to focus on attackers attempting to sabotage competition results and other sensitive information. But, Noblot says, "[intruders] are not going to tell you they were trying to hack you, so it's difficult to know the true intent" of the trespass.

Millions of raw, uncorrelated security alarms went off in Athens, Noblot recalls, but only 22 correlated alarms were actually critical. "Of those 22, none had an impact on the Games," Noblot says. "We were seeing the alarms and knew people were not getting into the network."

Noblot and his team have since written more detailed scripts with their Computer Associates' eTrust Security Command Center event monitoring tool, which filters and manages network event information.


"We did a good job generating alarms, filtering false positives and aggregating them in Athens, but based on our experience there, we can go even further in correlating events," Noblot says. "We're pushing the logic one step further."

  • 1