Can Siem Systems Deal With These New Threats?
Some SIEM systems offer additional tools for threat detection
Overcoming the limitations of rules-based security solutions
Why more of the same isn't enough
In 2011,all the victims were large organisations with trained security staff and comprehensive defence systems in place, so how could they be so easily penetrated? Ernst & Young says it is a fait accompli: we should assume pockets of the corporate infrastructure have been infiltrated, deploy 'detection mechanisms that go beyond AV (antivirus) and IDS (intrusion detection systems), and proactively seek evidence of compromise.'
Others assert that traditional security systems aren't up to the task in 2012: at the recent Cornerstones of Trust event in San Francisco, experts agreed that traditional, perimeter-based security was useless against APTs. Even so, some vendors of 'detect and prevent' security solutions claim that they work. Of these Gavin Reed from Cisco says: 'They either don't understand APT, don't understand how computers work, or are lying or possibly all three. If there were a way to identify/detect APT that could be written on an ASIC (application specific integrated circuit) or software signature that you deploy, it wouldnt be an Advanced Persistent Threat.'
A smarter approach
If you can't prevent social networking , stop spear-phishing and customised malware attacks, or eliminate careless or vengeful employees, the smarter approach might be to monitor and detect activities as soon as they launch, regardless of what caused them. That is, instead of trying to second guess and stop them (read Mission Impossible), detect and stop the activity they trigger as soon as it happens
This is why advanced SIEMS, especially with behavioural analysis capability, are used in environments with critical data to protect, like government, intelligence, border protection
infrastructure and financial institutions. These SIEMs integrate existing security assets and aggregate their data into one addressable repository, so that IT teams get to see the whole network, not just part of it. This allows correlation between separate, seemingly harmless events which, when combined are suspicious and risky, such as unusually large transits of customer or other data to an external site.
Advanced SIEMs with behavioural technology like Behaviour Anomaly Detection (BAD), let your IT staff see suspicious events that are invisible to permitter-focussed, rules-based systems. By connecting the dots between abnormal and apparently unrelated activities, BAD allows your security staff to quickly spot internal misuse, identify a 'noisy' server or a carefully orchestrated external attack. Early alerts allow rapid response in real time, before much or any damage is done.
Extending your monitoring to physical security (access surveillance) is also worthwhile if you have behavioural capabilities. 'Consolidated Monitoring' can help your IT staff connect further seemingly unrelated events - like entering the building after hours, accessing sensitive information and copying files. It is also valuable if your IT network is connected with SCADA or Industrial Control systems.
infrastructure and financial institutions. These SIEMs integrate existing security assets and aggregate their data into one addressable repository, so that IT teams get to see the whole network, not just part of it. This allows correlation between separate, seemingly harmless events which, when combined are suspicious and risky, such as unusually large transits of customer or other data to an external site.
Advanced SIEMs with behavioural technology like Behaviour Anomaly Detection (BAD), let your IT staff see suspicious events that are invisible to permitter-focussed, rules-based systems. By connecting the dots between abnormal and apparently unrelated activities, BAD allows your security staff to quickly spot internal misuse, identify a 'noisy' server or a carefully orchestrated external attack. Early alerts allow rapid response in real time, before much or any damage is done.
Extending your monitoring to physical security (access surveillance) is also worthwhile if you have behavioural capabilities. 'Consolidated Monitoring' can help your IT staff connect further seemingly unrelated events - like entering the building after hours, accessing sensitive information and copying files. It is also valuable if your IT network is connected with SCADA or Industrial Control systems.
The bottom line
Behaviour-based technologies install a layer of intelligence over existing defences, giving modern institutions a fighting chance against the ever-evolving, ever-changing cyber threats of today. If the experts say that traditional security can't stop these threats, your best line of defence is finding the activity they trigger quickly, and shutting it down in real time. If the majority of attacks and the resultant data theft can go undetected for days, weeks or months, real time detection, investigation and remediation are very reassuring options.
by: Astal mark
The All New Oneill Psycho 2 Suits Touch Of Technology What You Must Know About Residential Solar Energy? What Are The Different Types Of Solar Energy Systems? What Makes Solar Energy So Useful? Folders Printing Are The New Marketing Strategy And You Do Not Want To Be Left Behind How To Identify An Expert Criminal Lawyer For Defense In New York Bptp New Project Sector 37d Gurgaon Cheap New Ipad : Pay Less And Enjoy To The Fullest Seo New York: Benefits Lined Up For Businesses A New Elegance And Refinement To Your Face! Budget Hotel In New Delhi Offers Pocket Friendly And Guarantees Comfortable Stay Solar Panels As A Solution For Off The Grid Living And High Energy Costs The Most Thrilling Destinations For Snowboarding In New Zealand