Details of the Hannaford Brothers Cos. Data breach are still coming to light, but early indications are that the company had passed its certification for PCI DSS compliance. Theoretically, this means the company had security measures in place intended to prevent the data theft and ensuing fraud that is now well known. It’s now painfully obvious that whatever measures were in place still left areas of vulnerabilities that were exploited by some pretty determined hackers. This scenario is yet another reminder that security threats are growing in their sophistication and in the amount of damage that can be done.

Enterprise organizations throw tons of money and lots of resources at the problem each year. It’s just possible that the way the problem is approached is partially responsible for the vulnerabilities that still exist – or at least the fact that vulnerabilities (or actual breaches) go undetected.

Many companies create organizational “silos” to address network operations, security operations, and IT GRC (governance, risk and compliance). This separation of duties is actually a good thing, as it deters inside risks such as collusion. The problem, however, is that all of these internal organizations use their own tools and collect their own data in their own formats and store the data in their own repositories in order to do their jobs. As a result, there are multiple repositories of independent data that is rarely, if ever, correlated and viewed holistically. What does this mean? In simple terms, things fall through the cracks.

Companies deploy point solutions like intrusion detection systems (Compare IDS products); security information management (Compare SIM products); network access control (Compare NAC products); enterprise systems management; network behavior analysis (NBA); and a range of other tools to gather data, and monitor and remediate performance and operations (Compare Network Monitoring and Management products). But if/when something unusual happens and the experts have to delve into their logs to see what’s going on, there is a time lapse in manually relating information from one source to another. Depending on the length of the time lapse, considerable damage can be done. It’s important, then, to be able to correlate the data quickly to maintain a secure and compliant environment.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.