Activity monitoring – scenario today:
Unfortunately, many enterprises remain contented with the establishment of perimeter security and tend to ignore a very important aspect of network security — activity monitoring. The perimeter security devices like firewalls, IDPs and other network devices generate a huge volume of logs. Many enterprises do not attach much importance to monitor these logs, which could throw vital visibility on suspicious activities. Instead, they rush to view to the traces to do post-mortem once a security incident rocks the organization.
A proper strategy to monitor and manage the logs from critical systems could prove effective in preventing security incidents. Especially, monitoring activities like user logons, failed logins, password access, password changes, attempts to delete records and other suspicious activities could help identify hacking attempts, malicious attacks, DoS attacks, policy violations and other incidents.
However, since the perimeter security devices generate a huge volume of logs, administrators find it herculean to analyse/monitor them manually. An automated approach to centralized log collection, analysis and reporting for real-time situational awareness is essential from the standpoint of enterprise security. There should be provision for thoroughly analyzing and correlating the logs, data and events from disparate devices and systems. This results in a more secure infrastructure with an in-depth and holistic view of overall network activity.
We have dealt with the causes of security incidents in detail. How to overcome these threats and security incidents? Let us discuss that in the next post …
The original article/video can be found at Cyber-attack on Zappos: Information Security Lessons for Enterprises [Part-4]