We tend to use a lot of stand-alone systems for the analysis of not-so-easy-to-understand processes, but having a thorough log analysis and the big picture of what the systems do altogether is of great importance.
Let’s talk about SECURITY INFORMATION & EVENT MANAGEMENT or SIEM for short. Such systems are used to collect and analyze information from a maximum number of sources of information – such as DLP system, IPS, routers, firewalls, user workstations, servers and so on. Practical examples of threats that can only be identified correctly by SIEM:
- APT attacks – relevant for companies holding valuable information. SIEM – perhaps the only way to detect the beginning of such an attack (research infrastructure, attackers will generate traffic at different ends that allow you to see this activity by the security event correlation systems SIEM)
- Detection of various anomalies in the network and on the individual nodes, the analysis of which is unattainable for other systems
- Response to emergency situations, rapid changes in user behavior
Continue reading “SIEM for Beginners”
Cyber forensics (aka digital forensics) is a branch of forensic science belonging to evidence found in computers, digital storage media, cloud services and social media. Digital forensics in civil litigation is a growingrequirement of courts to ensure evidence is properly preserved, processed and presented in court. Digital forensic collections, data extraction and forensic reports are all part of this growing field.
WHY ARE DIGITAL FORENSICS IMPORTANT?
Adding the ability to practice sound computer forensics will:
- Help you ensure the overall integrity and survivability of your network infrastructure by adding a layer of traceable responsibility and monitored compliance with policies and regulations.
- Help you capture vital information if your network is compromised and will help you deal with the case internally if the intruder is caught.
- Help you realize that allocating a greater portion of the information technology budgets for computer and network security will ultimately save your organization money.
- Help preserve vital evidence or having forensic evidence ruled inadmissible in a court of law.
- Help your organization comply with new laws that mandate regulatory compliance and assign liability if certain types of data are not adequately protected.
Continue reading “Cyber Forensics: Helping You Understand and Recover”
Relax, we’ll not be talking about personal and psychological vulnerabilities here. Instead, let’s talk about IT and it’s inherent vulnerabilities and their assessment.
IT Vulnerability assessment, also known as vulnerability analysis, is a conscious action aiming to define, identify, and classify the security vulnerabilities in a computer, network, or an entire communications infrastructure. Furthermore, the vulnerability assessment can be used forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
WHY IS VULNERABILITY ASSESSMENT NECESSARY?
Vulnerability assessment is usually the first step taken in the direction of strengthening an organization’s Information Security. Inasmuch, as it provides a picture of open doors or holes in the security landscape, the vulnerability assessment can be a starting point in rationalizing one’s security strategy, policies, etc. Ultimately, data collected and rationalized fuels the entire Risk Management process. Continue reading “Vulnerability Assessment – Know Your Weaknesses”
You’ve heard of DDoS, right? Well, DDoS stress testing is a specific service that helps your organization understand just how well your are prepared for the different DDoS attack vectors that, unfortunately, may come your way. The service consists of simulations of DDoS or high load on your IT and are carried out in a strictly controlled and pre-scheduled manner. What you get is a detailed report that tells you of network and server issues related to DDoS resiliency. You also get remediation and mitigation advice on how to harden your DDoS mitigation solution or how to implement one, in case you don’t have it yet.
WHY WOULD YOU PROCURE DDoS STRESS TESTING?
Today, DDoS is as easy to inflict on a victim as buying a pizza on-line. It’s cheap and effective too. By stress testing your IT infrastructure, you will be able to identify and plan for mitigating DDoS-related issues before attacks do happen and harm you. You will also gain insight of your incident response procedures and improve them, or simply gain better control over a DDoS mitigation solution you may have. If you’re looking to purchase such a solution, stress testing may help you choose the right vendor for the job.
HOW DOES IT WORK?
The stress testing process usually starts with a verification and customization procedure. Real-time DDoS attack vectors are pointed at the organization’s IT public-facing infrastructure from the outside (real-life scenario) or in a closed environment (on-premise simulation). DDoS attacks simulations should be carried out on all applicable Layers of the OSI model in a fine-grained controlled manner with a “Stop” capability at all times. The process must be supervised by service provider’s support member and a representative of the tested organization at all times. Continue reading “DDoS Stress Testing for Increased Resiliency”
According to The Institute of Internal Auditors, “internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Today, you can outsource almost everything. Including your internal audit function. There are two scenarios you may want to consider here, outsourcing and co-sourcing. With pure outsourcing you’re looking at a comprehensive service, where the entire function is performed by the service provider with a focus on risk. With co-sourcing, some sharing occurs. Usually you would employ this service if you need assistance with, say, non-routine engagements that could require deeper and more profound experience and expertise.
Through outsourcing your internal audit function, you will benefit from a number of otherwise hard to get results. Your organization stands to be evaluated in a more independent and unrestricted manner, thus management will receive more objective and unbiased assistance and advice. You will also benefit from a new level of assurance and coverage of risks and will probably be able to reduce costs in the short and in the long run as well. If you want to align organizational governance with risk and compliance and be able to proactively identify and manage emerging risks, then you may want to consider outsourcing. Last, but not least, you may be able to free up some of your people to other, more important tasks. Continue reading “Outsourcing Your Internal Audit Function May Be a Viable Proposition”