The Holy Grail of Infosecurity 
(19/09/2007)
What are the serious IT and information security lessons to be learnt from the Monty Python team’s best-loved movie?
Monty Python and The Holy Grail made Ben Hur look like an epic, set cinema back 900 years, and is one of the richest sources of quotes for pub conversations. Yet the film is also rich in security management concepts from which any ITSec team can learn.
Here’s a selection of key scenes which show how you could improve your infosecurity stance.
Build on secure foundations
Prince Herbert’s father is proudly showing his son the kingdom he will inherit. He tells the Prince: “All I had when I started was swamp … other kings said I was daft, but I built my castle all the same, just to show 'em. It sank into the swamp. So I built another one ... that sank into the swamp. I built another one ... that burnt down, fell over and sank into the swamp. So I built another, and that stayed up …”
The lesson is to build the security fortress on solid foundations, using established security frameworks such as COBIT, COSO, ITIL, BS7799 / ISO17799 or the newer ISO27001. These help you implement robust IT and security management processes and determine your control indicators for ongoing security and governance procedures. So your security processes won’t sink into the mud at the first challenge.
Event filtering – living to tell the tale
The Knights Who Say ‘Ni’ were feared for the manner in which they uttered this sacred word. In fact, those that heard the Knights’ mass chorus of ‘Ni!’ seldom lived to tell the tale.
It’s the same with monitoring security events across networks – those that try to do it without first filtering out the event noise will be lucky to survive. With thousands of events from multiple systems being reported every second, staff can’t hope to cope without tools to help them.
This is where security information and event management (SIEM) comes in. It filters, aggregate and correlate the security data and log traffic generated by multiple systems, reducing the number of visible alerts by a factor of 1,000 or more - giving IT staff a far less cluttered view of what's happening. Yet at the same time, the solution stores the raw data logs for analysis, if required – which we’ll touch on later.
Chasing false positives
Sir Lancelot the Brave, the most violent and unstable of the Knights of the Round Table, receives a note reading: “I have been imprisoned by my father who wishes me to marry against my will. Please please please come and rescue me. I am in the tall tower of Swamp Castle."
Fired with zeal to rescue what he believes is a damsel in distress, he storms the castle single-handed, slashing and hacking at guards and guests alike. On reaching the tall tower, he finds the author of the note: Prince Herbert. Lancelot is crushed, and curses his overeagerness to respond.
False positive alerts from security systems such as IDS / IPS are the bugbear of security teams, and cutting these to a minimum is another key SIEM system function – assisted by tuning the IDS.
Black Beasts and raw logs
The Knights are reading the carvings written by Joseph of Arimathea which tell the location of the Holy Grail. The carvings say that the Grail is located in the "Castle of aaaarrrrrrggghhh". As they try to figure out what the Castle of aaaarrrrrrggghhh is, the Black Beast sneaks up on them.
The carvings are a prime example of a badly-correlated security alert that is no longer supported by the raw log data of the original event. Without access to the original raw logs, Arthur and the Knights cannot see what happened, and so are unprepared for the Black Beast’s attack.
In the same way, if IT teams have access to the logs from earlier security events, they can review and replay those logs to better understand the actual events.
So there you have it – four key steps on the quest for the Holy Grail of IT security. With these, you’re sure to have more success than King Arthur and his knights.
Related topics: Computer and PC Security Network Security Security management and policies
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
