DarkReading has posted an excellent article, outlining a fictitious breach at a fictitious company. The company experiences an SQL Injection attack that results in a short spike in memory and resource usage which is misdiagnosed and virtually ignored. The company has tied its metrics to performance and lowering the number of escalations, a common scenario. Check it out and comment.
Articles like this provide very good exercises for IT and Security staff. They help to identify common errors and provide useful examples to Management of how their attmpts to improve availability can actually undermine security efforts. Improved availabiilty is a worthwhile pursuit, but don’t compromise monitoring and alerting just to keep the numbers low. If people are afraid to escalate issues, real issues may not receive the attention that they require – until it is too late.