This past few months witnessed a record breaking global level of malware threats and APTs (Advanced Persistent Threat) that put the mightiest of Enterprises’ security at jeopardy! Since December 2009, post the Google Aurora attack, the way Enterprises see APTs has changed forever. Even the last bit of resistance was wiped out when World Bank, Morgan Stanley was taken down by such threats too. The challenge with this type of security attack is the manner in which Enterprise IT Security is hacked – slow and disguised.
Not to mention the plethora of ‘zero day’ attacks lead by hacktivists (Eldarwood gang, Anonymous to name a few) that shake the very foundation of data security of the Enterprise with damage so severe that it may take years to repair. The infamous and immortal Trojans that are feared by the securest of Enterprises only point towards one thing – Proactivity.
To put things in perspective, Pizza Hut Australia was recently hacked, with their customer data compromised. Ransomware attacks have occurred across Australia, and the Australian Federal Police solved the largest credit card data theft in Australian history, involving 500,000 Australian credit cards and $30m of fraudulent transactions.
As organizations embrace new technologies, newer threats continue to proliferate. Mobile devices, cloud computing and virtualization have each made enterprise security all the more complex and difficult and absolutely essential.
Proactivity? Can it help?
When you dig deep into security incidents such as identity thefts, DoS attacks and other security breaches, you would often discover that the basic security measures were very carelessly handled. The damage can easily spread beyond direct impact on IT infrastructure and corporation information. With today’s social networks’ impact on business, bad news travels faster, threatening your business reputation and brand – perhaps even fatally.
The enormous hack of Sony’s PlayStation Network in 2011 shut down this worldwide business for weeks, and created enormous customer disruption and reputation-damage for the organization.
Meanwhile, regulatory mandates demand more companies to comply with Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and other compliance acts. SIEM (Security Information and Event Management) is becoming a key technology to help companies of all sizes thwart increasingly sophisticated cyber attacks as well as comply with internal and third party regulations.
Effective SIEM solutions help companies of all sizes to mitigate sophisticated cyber-attacks, thwart data breaches and meet regulatory compliance requirements.
The idea now is to ensure you have in place, measures that will make the job of determining when and how the attack succeeded much easier. In short, get on a perpetual proactive mode.
Imagine a scenario where a network administrator does not turn on logging or does not log the correct events, digging up forensic evidence like the time and date or method of an unapproved access and/ or malicious activity can be just as difficult as looking for the notorious needle in a haystack. And thus the root cause of the attack is forever concealed. But the converse is also true when a simple centralized log collection can detect any unauthorized access thus ‘proactively’ establishing a secure boundary for forensics.
The same is vital for detecting internal threats just as well. A healthy event log policy can offer an Enterprise diverse solutions ranging from collecting, archiving, parsing machine-generated logs, alerting, conducting forensics etc. or shall we just say – save your Enterprise from a possible catastrophe.
IT Enterprise software vendors like ManageEngine offers an IT Compliance & Event Log Management Software for SIEM. EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market. Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine-generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate threats, conduct log forensics analysis, monitor privileged users and comply to different compliance regulatory bodies by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports regulatory compliance reports, historical trend reports, and more.
“For IT departments, SIEM offers a way to swiftly discover security threats and compliance violations and inform immediate, remediating action,” said Chenthil Kumaran, product manager, ManageEngine. “However, SIEM has traditionally been priced out of reach for the value-seeking SMBs and enterprises. Those that could afford it were often overwhelmed by complex solutions that were difficult to implement and operate. EventLog Analyzer brings SIEM to the masses, with potent features in an affordable solution that’s easy to deploy and use.”
Configuration and human errors are factors that can happen at any time and some security incidents prove fatal to the business functionality. To avoid enormously damaging consequences, the key here is to ensure that the plan is laid, the stage is set to combat any such expensive mistakes.
As Gartner perfectly encapsulates steps to manage vulnerabilities:
Policy definitions – baseline the environment for vulnerabilities – prioritize mitigation activities – shield the environment – eliminate the root cause – maintain and continually monitor for deviations.
With a proactive approach – organizations can certainly head towards being hack-immune!
The original article/video can be found at Can your organization be Hack Immune?