In the mid of December, SolarWinds disclosed that the company experienced a highly sophisticated, manual supply chain attack on versions of the Orion network monitoring product released in March – June 2020. The company shared that the attack was most likely conducted by foreign hackers and intended to be narrow, remarkably targeted, and manually executed attack. A FireEye blog post states that hackers managed to gain access to a huge number of public and private organizations through trojanized updates to SolarWinds’ Orion software. And during the next weeks, it was revealed that among the victims are highly reputable companies and institutions like Microsoft, the US Treasury Department, and the US Department of Commerce’s National Telecommunications. Even Google was suspected to be among the victims, which, to this day is still denied by the industry leader.
Olga BurnaevaSecurity risks of monitoring services: Why to always use a read-only solution
Computer networks all around the world generate daily records of events occurring in their system. Some events are routine while others indicate potential security breaches or weak network health. Event log files consist of log information that can help organizations reduce their exposure against malware, intruders, damages and legal obligations.
This useful log data has to be gathered, stored, monitored and managed by enterprises to meet regulatory compliance requirements by standards such as HIPAA, Sarbanes Oxley, GLB, Basel II, PCI DSS, FISMA and NISPOM. This can be quite a tiresome job as log files come in various formats from different sources and in large numbers.
Your network devices and servers produce thousands of system event log entries every day. Approximately 95% of your log files record entries of all events or transactions taking place in your system, such as user logins and server crashes. When reviewing logs manually, it is highly unlikely to successfully locate a security or compliance issue.
Forensic analysis refers to the process of collecting documents and evidence from a system or drive that was involved in cybercrime. For detecting a malware infection on a Windows computer, the process of forensic analysis has four different components. Let’s try to understand the components.
It starts with obtaining an image of the drive contents or data for computer forensics, mounting it on a forensic image processing software, identifying potential blind spots for analysis, and then analyzing the malware as its whole. So, these are the four components in forensic analysis.
One of the most crucial aspects of network monitoring is security monitoring. Security breaches are more common now than ever before. The whole integrity of your network is at stake if even one node gets attacked.
This is why it’s vital that businesses rely on a central network security software that continuously monitors the effectiveness of the security measures in place.
Having network security tools is just a small part of the bigger picture. You should look out for the following 10 things to ensure that the solution you have can protect you from cyber-attacks from all fronts.
Olga BurnaevaSecurity Monitoring: 10 things you need to check right now
Log monitoring can be a tedious process. When you have logs, you generate numerous log files in the log database that you need to track. Though a log file parser can help you search through multiple or large logs easily, it’s typically one of those processes which we only look at once it stops working.
The windows system logs contain operating system logs as well as logs from applications such as Internet Information Services (IIS) and SQL server. These windows system event logs use structured format, which makes them easy for search from their event log location and faster to analyze. Let’s look at some important aspects of log monitoring.
Olga BurnaevaTop 10 Log Monitoring Reports You Must Have