Tag: pkf

Alienvault USM Anywhere Updates

We just received very good updates from the Alienvault channel team (or AT&T Cybersecurity team as they call themselves now). I think to quickly summarise our excitement into two short phrases:

a) Google Cloud Support – Heck Yeah.

b) Custom Plugin Development – Heck Yeah!

Of course, there were tons of other updates as well, such as scheduled reports, unified UI, more AlienApps support, Cloudflare integration (which is very interesting, as we can identify actions to it, effectively making Alienvault function more like an active prevention system, as opposed to its traditional detective role), new search capability incorporating wildcard searches and advanced asset importing through CSVs as opposed to rudely scanning our clients network.

But the two main courses were the Google Native support and custom plugin.

Google Native support has been a pain point for years. We do have customers moving into GCP or already into GCP where we have been constantly battling to match their expectations for Alienvault to perform as seamlessly as it does on AWS – but it can’t. We had to rely on EDR (endpoint detection and response) for instance, where the agent grabs logs a’la HIDS and sends it over to the server directly. Of course, areas where a native sensor would function, such as creating an internal VPC filter mechanism, or doing vulnerability scanning without having too much inter VPC traffic – these were not able to be done with the EDR so it was very much a bandaid. We knew that our patched up GCP solution wasn’t functioning as well as its handsomer and more dashing brother, AWS. In other words, it kinda sucked.

GCP custom applications also presented its own set of issues – custom apps were difficult to integrate – even with Stackdriver, or us logging to BigQuery, presented a lot of issues to send these logs to Alienvault. When we could configure to send to BigQuery, we couldn’t filter properly, causing our 1TB per month customer quota to be annihilated within days. Now, getting PUB/SUB to work with Alienvault requires APIs to be written, and on top of that to have Alienvault write the custom plugins – all these add to pro services costs, and more importantly, resource and time cost to the project.

So what happens now? In the next General Acceptance/Availability of USM-A, GCP will be supported. The information is sparse so more updates will be forthcoming. But the GCP sensor will be able to:

a) Perform threat detection (like all other sensors), asset discovery, provide Alarms, events, widgets, correlation etc. Basically, it will be native to GCP, doing what it is doing for AWS, Azure and on-prem Hyper and VMWare.

b) Detect VPC flow logs

c) Monitor cloud services through Stackdriver

The last bit is very important. Stackdriver, in essence, is GCP’s answer to Cloudwatch and Cloudtrail of AWS. It monitors and manages services, containers, applications and infrastructure for the cloud. If you have a Cloud services or developing cloud applications, you should be able to support Stackdriver logging. In GCP Compute, the logging agent is used to stream logs from VM Instances. It can even provide the traditional network flow logs (or VPC flow logs), which MSPs can use to monitor network health etc. In other words, this ugly GCP little brother solution is going to get buffed. We’re going to look a lot better now.

The roadmap is bright: Automatic response action against a cloud service when a security event occurs – putting Alienvault into more of a proactive than detective stance it takes traditionally. This is similar to what the Cloudflare integration is achieving. More and more GCP services will be added to be supported. There is also a topic on “User Entity Behaviour Analytics” – which is basically matching behaviour to normal baselines and telling us that Bob is having coffee at 10 am instead of his usual 8 am, which meant he was running late to work, which meant he got stuck in traffic, which meant he left the house late, which meant he woke up late, which meant he slept late last night, which meant he went out for a drink with someone and got smashed, which could possibly mean he is having an affair with a stripper named Daisy. Maybe.

So, pretty exciting times, Aliens!

The other one on the plate wasn’t on the normal discussion agenda but was brought up by us on the international call – we just bombarded the screen with around 10 – 15 queries and at least 4 made it to the table. One of them was: when the hell are we going to get to do our own plugins?

No offence to Alienvault, who currently for USM-A are doing our client’s custom plugins – but 3 – 4 weeks isn’t really going to cut it. Furthermore, sometimes we are not even getting what we want from the custom plugins. We don’t blame Alienvault. The application is ours (as in our client’s). We are the ones who know the events, the priorities. We know what we want to see. We just can’t develop the plugins like what we do now for our USM Appliance clients.

Imagine the win-win situation here. We write plugins for clients (assuming its similar to Appliance), within 2 – 3 days we are done. Testing, another 1 – 2 days. Instead of setting the project timeline back 3 – 4 weeks we are 1 week in. That’s a HUGE impact for compliance clients who are often chasing a deadline. 3 weeks squashed to 1? Hell, Yeah! The win is also for Alienvault. They don’t have to deal with nagging customers or smart-ass channel partners like us banging them for not updating us on our new application plugin. Imagine the parties engineers can now attend to instead of writing regex for a company operating in Elbonia. Imagine the time they now can save and spend socialising with the rest of the world, or having the chance to meet people like Daisy.

It’s a whole new world, really.

So, Alienvault, please, get those updates to us as soon as you can and the world will be a better place for it.

If you need any information on Alienvault, or general help on your SIEM or PCI-DSS compliance, drop us an email on alienvault@pkfmalaysia.com and we will attend to it immediately!

PCI-DSS V3.0 Training


We had our first PCI-DSS V3.0 training, with a total of 15 participants from various industries ranging from Oil and Gas, Payment (of course) and service organisations participating. It was held in our Training area in PKF HQ at the penthouse floor of 1 Mont Kiara.

We spent the day covering various topics, from the basics of PCI-DSS, its history, history of breaches, a deep dive into the 12 requiremens, V3.0 differences and changes and more importantly, implementation scenarios. SAQs (Self Assessment Questionnaires), a constant source of consternation amongst our clients were also covered in detail, and examples of which industry or business model would fit which SAQ was given.

The final part was probably the most fun. We went through scenario by scenario and broke down the attack and defence scenarios of the Target Retail Breach in 2013.

Thank you, all participants for making the training interesting and fun, especially not an easy task given the dryness of PCI requirements – specifically after a heavy lunch.

Additional training materials for V3.0 is found at this link.

Sunway ITSSC is ISO27001 certified

Sunway Logo

Congratulations Sunway for being ISMS certified!

The certification link is here.

When we were approached in 2011 to first broach the subject on making Sunway ITSSC ISO27001 (ISMS) certified, it was a daunting task ahead. They had many groups, with a potentially large and challenging scope. Through teamwork and persistence, PKF and Sunway started work in 2012, and in less than a year, they were certified in 2013. Without the amazing tenacity of their employees, it would not have happened, and it was certainly a joy and privilege to be able to be the ISMS consultants during the implementation and gap assessment stage of the project. This is a testimony that with grit and hardwork, along with an unwavering focus on the objectives, nothing is impossible.

PKF offers a catalogue of services for your ISMS needs. We have done gap assessments, implementation advisory, risk management services and even served as independent internal auditors to fulfill the ISMS requirements. Contact us at avantedge@pkfmalaysia.com for more information on how we can help you achieve your ISMS goals.

It was indeed an amazing experience working with such a motivated team from Sunway. Of course, the celebratory dinner and karaoke session was pretty fun too!


PKF AvantEdge First Post

It’s always a little difficult to decide on how the first post should be created. Do we immediately go into what we do as a company? Do we state our vision, mission and all that corporate talk? Do we jump into what our industry is currently facing, at this moment, I am looking at the theft of secured information in NASA. How on earth does someone in NASA loses his laptop and not have whole disk encryption?

I think there will be plenty of time for that later.

Instead this first post simply states the philosophy of PKF Avant Edge. Not as an IT consulting company. Not as a professional service group. Not as a project management company. But simply, as an entity.

I have had more than 10 years of experience in the corporate world before I decided to set up the company. 10 years in 3 companies: Siemens, DHL Asia-Pacific Information Services and BlueCoat Systems. 2 German companies. 1 American. Along the way, I’ve met with people who had shaped me somewhat into what I am, people who had imparted their own brand of management, philosophies, methods, giving me waysigns to follow, and showing me characteristics I should avoid.

When PKF AvantEdge started, it had a simple goal. Make positive history. It doesn’t matter how. I wasn’t interested to be recycled into the myriads of System Integration businesses out there. We’ve dealt with principals, resellers all our lives, and we were following a well beaten path. This time, we needed to create our own history. Become a company that people want to be a part of. Create a culture of creativity. Create an environment of constant change. Find the patterns of tomorrow and pursue it today.

The last part proves the toughest. Wayne Gretzky, commonly known as the greatest ice-hockey player in history, says, “I skate to where the puck is going to be, not where it has been.” Through 2 and half years, that quote epitomizes our company. We envisioned a technology landscape that is so integrated to the major portions of the business that regulatory compliance is unavoidable. We saw the advent of hacktivist groups like Anonymous when we started, and pitched for companies to strengthen their technical resolves. We see a movement to information plundering using social networks and medias, trawling literally across the vast ocean of data to steal identity  and information assets.

The future of our business landscape will be defined by corporate earthquakes like Knight Capital, which saw a $440 million trading loss caused by a software glitch, and their shares free-falling 80% in two days. Or Adobe losing 150,000 user accounts based on SQL injection. Or take-your-pick ERP implementation disasters that run into the millions with no results at the end.

While I’m not saying that we are market leaders in tech consulting currently (by any stretch of imagination), I believe this is where the puck is going. Regulatory controls, more stringent requirements, certified and accredited qualifications of practitioners. It will look more like the banking landscape in a few years time.

Now, we can move on and discuss about how those geniuses at NASA can fail to encrypt their laptops….

© 2023 PKF AvantEdge

Up ↑