The current recession environment is witnessing increasing data breaches. Some of the reported data breaches last month alone is alarming. Organizations are doing everything to secure themselves but with limited resources and budgets.
Getting a full visibility of your IT security environment in the areas of logs, vulnerability data, full fledged configuration audit, asset analytics, performance analytics, network behavior anomaly detection, audit reports and automated correlation of data in all these areas will blow up your budgets. That’s when Managed Security Service Providers (MSSP) have come to help with quick, useful and actionable security & compliance information or Security Information and Event Management ( SIEM )at a budget under your control. Presenting few customer concerns/cases where Zener IT Solutions, UAE can help them to secure their security environment.
Case 1: Prevent malware attack before your antivirus vendor sends out the signature
- Can you find out what is happened in certain part of your network at any point of time. Did you see an increased amount of traffic on a certain port? Is it because of a malware?
- Do you know from where the malware attacks came?
- What if you can spot the malware attack before your anti virus vendor send out the new signatures and close the port on time to prevent it from getting in your network.
- If this worm had got in your network imagine the time and cost involved in removing it from you network?
Case 2: Policy violation alerts related to configuration audit data
- What if you get smart alerts when a policy is violated? For example if you have a corporate policy that you cant install add-ons in a browser and suppose a user goes ahead and installs an add-on then immediately your system administrator is alerted.
- You get alerts on configuration change violations. If a hacker or an unauthorized user make changes in registry, turn on and off services, turn off logging or if an engineer mis-configures your router you get alerts.
Case 3: Asset policy violation and inventory (software & hardware) tracking
- What if you get reports on your hardware and software inventory, software revision levels, licenses, USB devices?
- You get alerts on asset policy violations. For example you have a policy that don’t allow users to use Instant Messaging because confidential data can be leaked out through it. Suppose a user installs Instant Messaging, do know who did this, where and when its is installed? Do you know if any data was shared by this user through IM?
- What if you can monitor the USB device activity like a user transferred some data to a USB memory stick. Do you know who moved the data? What was transferred? How much?
- More examples of asset policy violation alerts – if one of your hardware engineers removes a memory stick from the PC and take it home how you know it?
- If a NIC card is disabled in a key server, or if a new share is created or a new drive is created do you know it.
Case 4: IDS alerts on attempts to log into SQL Server but no SQL Server present in the DMZ range
- Suppose an IDS alert is generated from an external source address to all the systems in the DMZ range where the web and other services are hosted.
- The alerts are corresponding to attempts to log into SQL Server with username ’sa’ and no password.
- When there is no automated correlation it is difficult to get a clear picture on what is happening. The IS Engineer knows that there is no SQL Server in the DMZ and when no further alerts are generated, the case is closed.
- But when we correlate this data specifically with vulnerability and asset data we get to know the real situation. After running a scan for port 1433(Port 1443 is the default port used by SQL Server) and multiple SQL vulnerabilities we understand that couple of systems are running SQL Server and correlating this with asset inventory we came to know that these two systems are not listed. These were test systems used by one of the engineers and it was against policy and immediately shut down.
Case 5: An administrator is trying to ‘phone home’ daily
- A windows server triggers log entries on the web content filter, this system is trying to access sites on the blocked list.
- Further drilling down the data the time of the event is between 10 – 11 PM.
- After analyzing Network traffic behavior with the baseline set there is some anomalies and further finds a spike in server performance between 10 – 11 PM
- This data is correlated automatically with the configuration bases line and finds that there are changes in registry keys, some hidden directories exist and some unknown software installed in the server. It’s a rootkit (A rootkit is a software system that consists of a program, or combination of several programs; designed to hide or obscure the fact that a system has been compromised) and an administrator is trying to ‘phone home’ daily
Case 6: My system is very slow!
- A critical Linux server is running very slow, users are complaining that the CRM application is running very slow. The CPU and memory usage is very high and disk is running low.
- This performance data is correlated with network behavioral data and other performance data in the local network.
- Three other systems are also running slow and generating lot of meaningless alerts.
- A trend analysis with historical data is run and finds that many new unwanted services are running in the server. System configuration and asset details indicate that several applications are running that should not be running. Further finds a database too in the system. It seems that someone used this system to test a new application which is violation of company policy.
- The administrator shuts down unwanted applications and optimizes bandwidth eliminating bottlenecks and fine tunes performance to improve availability and speed.
Author: Cinoy Ravindran
Article Source: EzineArticles.com
Provided by: Digital Camera Times
Related Ways to Take Action:
- GTA:IV - Please develop a dedicated server for multiplayer
- Volunteer - SQL Server Database Assistant
- Data Center Technician
Related Posts -
Using SANRAD V-Switch as the VSS Hardware Provider for Windows Backups IntroductionMany Microsoft Window applications (like Exchange, MS-SQL, etc) are critical to the daily core functionality for many companies and organizations. Managing the data backup for these applications presents new challenges for system administrators. While there is an ever increasing need for more and more data to be backed up, at...... - Product review: Microsoft Response Point 1.0 Product review: Microsoft Response Point 1.0 Microsoft's small-office VoIP system, buoyed by speech recognition, combines extraordinary ease and a restricted feature setBy Mike HeckApril 29, 2008 Microsoft's Response Point is PBX software that runs on Embedded XP inside of hardware sold by three Microsoft partners -- Aastra, D-Link, and Quanta......
- Knowing More About IP PBX Today, businesses that deal in long distance or international calling have opted for IP architecture; user can add additional phone connections and extensions. It allows user to share a certain number of external phone lines and switches between VoIP users on local lines. Calling on IP telephony is cheaper as......
- How to Encrypt Your VoIP Network For a Secure Connection The security of VoIP networks have been the subject of much debate. With internet hacking at an all-time high these days, VoIP users have every right to be concerned their user information, phone services or even their phone calls are being listened to. Because of this risk, individuals and......
- VoIP Phone - A Means To Start A Small Business The need for making long distant calls at cheaper rates led to the introduction of VoIP. This secondary means of connecting people proved very fruitful. Using this technology, people were able to make calls at very reasonable rates, while simultaneously viewing the person at the other end on a web......
Related Websites -
Game Server Reviews Since I use to own and operate many gaming servers in the past, including a gaming server that was in the top 10, of the world, in ranking of popularity. I will be reviewing a couple game servers that I suggest you take a look at. If you are a...... -
Android App Alert: Mobile Defense Hits the Market Android App Alert: Mobile Defense Hits the Market JR Raphael, PC World // < ![CDATA[ // < ![CDATA[ timestamp(1260915780000,'longDateTime') // ]]>Dec 15, 2009 4:23 pm The Android explosion is well underway -- and now, the platform's app market is starting to reflect the growth. The Android Market has just reached...... -
The Importance of the Right Training for Triathlon Competition Even the fittest individuals need extra training when they compete in a triathlon. Your training for triathlon means setting a schedule and sticking to it. This is important not just so you will do better in the actual competition. It is important so you will be able to avoid injury...... -
Choosing the Bicycle Rides Which Are Right for You The bicycle rides you choose will depend on how you will be using them. When you are talking about rides, you are talking about your bike. Something people are not aware of when they first buy a bike is that there are different rides they can choose from. You can...... - ProProsper -- Professional Tools for Prosper Lenders I have created a new site... It's free and supported via ads and donations. ProProsper Professional Tools for Prosper Lenders Loan Rate Analyzer Standing Order Analyzer Loan Everlate Analyzer Personalized IRR Tracking Daily Email Alerts Lender Tracking Summaries with Links to Listings Bid On By Lenders You Follow Listing Tracking......
Related posts:
