Author Archive
Posted by Tom Kendall in Cybersecurity, Security Intelligence, SIEM
As we have lately read and seen, the style and sophistication of cyber attacks on organizations’ networks have become ever more complex. One type of attack that has had a lot of media coverage in the UK are DDoS attacks, with hacktivists using multiple IP addresses to attack one IP address within an organization, resulting in critical business services and infrastructure being made unavailable. Although this type of attack may not be new news to people, in the UK there has been a lot of fresh exposure, bringing DDoS top of mind.
When reading through these cases it is not the seriousness of the cyber-attack that is the problem, but the late reaction to the attack. These can occur at any time and in many cases the technology is not in place to detect and highlight these immediately. The consequence? A DDoS attack that happens after people have “finished” work are not being acted upon by the Security team until the next morning when the attack has been successful in its mission. This raises the need for organizations to have an effective threat detection system, highlighting an attack to the security team, regardless the time of the day or a DDoS could be used opportunistically to mask other harmful activities.
Real time correlation and effective rule settings allow this to be combated successfully. With the right technology in place, automated alerts can be sent to the security team immediately when there is a suspicious incident, such as a DDoS attack. This allows an instant reaction to occur and enables the security team to be on top of the problem instead of chasing the issue– when it’s already too late to stop or prevent more damage.
For more information on how a next generation SIEM and Log Management solution like QRadar can bring you total security intelligence, changing your security posture from reactive to proactive, as well as responding to “dumber” brute force attacks such as DDoS, download this white paper “The Business Case for a Next Generation SIEM.”
Posted by Tom Kendall in Cybersecurity, Network Intelligence, Risk Management, Security Intelligence, Threat Management
This past weekend I watched a documentary on More4 that delved into the Wikileaks scandal. “Wikileaks: Secrets & Lies” went into great detail explaining how Julian Assange served as a middleman in this scandal. Although Julian Assange is viewed as the face and spokesperson for Wikileaks, the documentary showed that Assange would not have had any global status if it weren’t for insiders who are willing to send sensitive information to the organization.
This programme was not broadcasting how a hacker could break into a network and steal information; it uncovered a deeper concern of how an insider can revolt, stealing privileged information from inside the network and causing havoc along the way.
This threat is a concern that should be top of mind for organizations. In a report published by Verizon on Business Data Breaches, they found that 48% of total data breaches were caused by insiders and 48% of breaches involved a misuse of an insider’s privileges.
Although identifying the risk of an insider threat was highlighted, the documentary really drove home the need for better security measures, so these incidents can be prevented or halted as they occur and the people responsible can be identified and punished.
For companies without proper security technology, identifying the “rogue insider” is not an easy task. Wikileaks is an excellent example of why traditional perimeter security defenses, such as firewalls and anti-virus software, are no longer sufficient in the “post-perimeter” world. To prevent these types of incidents, organizations should deploy automated technologies that continuously monitor and correlate user activities across various sources (such as network devices, OS logs and applications). This Total Security Intelligence will allow rapid detection of unusual activities such as a large number of sensitive documents being downloaded from a SharePoint server during off-hours or from a remote access location.
To learn more about how Total Security Intelligence can help combat these insider threats and how organizations are using QRadar as the key component for their IT Security, click here.
The latest on Cyber Security