It is a direct rival to Splunk :) They do very similar things however IMHO Splunk is the better solution right now. There are LaaS companies that use ELK if you need a cloud solution - Loggly is the first one that springs to mind and I think another is LogSene.
Many people did leave the country - there was a large diaspora in the 2000s to Canada, NZ, Australia, and the UK. Many others wanted to but couldn't because they couldn't get visas or they simply couldn't afford it.
I was only able to move the UK because I found out I could get a British passport (so I did) plus my company paid for most of the relocation.
Okay, here's the deal. Overall SA has a really big crime problem but it's not a complete warzone. It is heavily dependant on where you live. For example, Cape Town is statistically safer than Johannesburg and the area I lived in Cape Town is statistically safer than the areas around it - there are only a few break-ins a month and hell, my childhood home has only been broken into once and that was because someone opened up a 'troubled youth' centre a few streets away.
However, I don't want to diminish what others have experienced - I just want to put it into perspective. It is still a dangerous country to live in. Even though I lived in a 'safe' area I had to travel through 'unsafe' areas to get to friends, family, and work. On top of this the judicial system is a shambles due to corruption and incompetence. Apathy and burnout is extremely common in the police so they don't really care anymore because why should they? They bust their balls off investigating, arresting, etc only to have the court case thrown out because, for example, important court documents go missing and no one is arsed enough to investigate why :/
>Filling in forms to tick boxes so that everyone can go home happy pretending there's security going on, when really their network is a leaky sieve.
I saw a DefCon video where the guys were talking about something similar. Lots of small banks in the US use 3rd party services for their banking software. One of them had horrendous security and so some hackers made off with several million dollars before anyone found out.
While I've never worked in banking/financial environments I do know of people who have; they often had two workstations (one for the 'public' network, the other for the systems) and weren't allowed to use software like Synergy to share the keyboard and mouse. I guess not every company does stuff like that, though.
It's nearly impossible to isolate banking system networks these days. As an example, ATMs run transactions through public networks. Customers access their accounts via public networks, etc. Further, network isolation as a primary control fails time and time again.
It's best to focus on the end points and beef up security there. Focus primary security controls on the application and not the perimeter. One of my biggest frustrations as a security professional is walking into an environment where systems which must be highly secure are accessed via simple username & password. All banking applications at a minimum should require x.509 client auth for employees utilizing a private-key stored on a device which is not permanently attached to the system. Monitoring solutions should then be in place to track authentication actions and provide that visibility to security staff and the employee's themselves. That's a pretty basic first step and one I rarely see in practice. Next, rather than isolating networks, start paying attention to the traffic on the networks & limit transactions to known good entities. After that organizations need to consider their customer environment security and how they may be inadvertently compromising it. It's amazing how many times I've gone to a public facing banking portal and spotted third-party JavaScript loaded within the same origin context of an authentication form. One bank I looked at awhile back actually had an advertisement from a third-party ad network on a page where they asked for credentials! That's pretty much asking for their customers and thus their accounts to be compromised.
"It's best to focus on the end points and beef up security there"
Not the way I'd do it. Defence in depth means securing everything. Starting with the perimeter, working inwards to individual apps - on both clients and servers. Every resource needs to be secured. That means spending cash, and the amount of cash that should be spent should be proportionate to the value of the asset being protected. If you have a server application or service, put an application firewall in front of it, so that both internal and external access goes through it. Don't just write a threat model, document the threat tree. Don't trust your employees, your software, hardware or building security. And don't trust the bosses either.
It's analogous to having a bodyguard. If you're in the bedroom and leave your bodyguard in the kitchen for a private conversation, the bodyguard and his big six gun are going to be of absolutely zero use when ninjas come crashing through the bedroom window.
To run with your analogy a bit I occassionally see CEO types with "bodyguards". Because the kidnapping attempt is theoretical and not happened for ten years the bodyguard is carrying the luggage or opening the doors or answering the phone.
The analogy is fairly clear - you can spend the money on security in depth. But humans tend to use those in segments for other things eventually. Banks hav been around long enough that all their bodyguards are now bellboys.
The problem is, most organizations start at the network rather than focusing on the application tier. In the development of applications, they should be designed to work safely within a very hostile environment. Far too often they are not.
>When the big debate about systemd was going on, I couldn't really care less.
>Now, I'm just not so sure.
You're starting to see what the original opponents feared a long time ago. It doesn't look like the feature creep is going to end any time soon, although I wonder if there will be a breaking point when even the fanboys say, "Hang on, this is a bit much..."
