Security & Auditing

Insider threats are becoming a growing concern across different industries. Most coverage goes to outside attacks, especially when it comes to big corporations and government agencies. However, internal security is something organizations need to take very seriously to avoid irreparable damages. 

Not many enterprises can afford internal threat detection programs. However, they can definitely adopt proactive measures to avoid them, especially when it comes to sensitive systems and data. And this is not something exclusive to network security companies or government agencies, any organization can fall victim to an insider attack or leak. 

In the mid of December, SolarWinds disclosed that the company experienced a highly sophisticated, manual supply chain attack on versions of the Orion network monitoring product released in March – June 2020. The company shared that the attack was most likely conducted by foreign hackers and intended to be narrow, remarkably targeted, and manually executed attack. A FireEye blog post states that hackers managed to gain access to a huge number of public and private organizations through trojanized updates to SolarWinds’ Orion software. And during the next weeks, it was revealed that among the victims are highly reputable companies and institutions like Microsoft, the US Treasury Department, and the US Department of Commerce’s National Telecommunications. Even Google was suspected to be among the victims, which, to this day is still denied by the industry leader. 

Computer networks all around the world generate daily records of events occurring in their system. Some events are routine while others indicate potential security breaches or weak network health. Event log files consist of log information that can help organizations reduce their exposure against malware, intruders, damages and legal obligations. 

This useful log data has to be gathered, stored, monitored and managed by enterprises to meet regulatory compliance requirements by standards such as HIPAA, Sarbanes Oxley, GLB, Basel II, PCI DSS, FISMA and NISPOM. This can be quite a tiresome job as log files come in various formats from different sources and in large numbers. 

Your network devices and servers produce thousands of system event log entries every day. Approximately 95% of your log files record entries of all events or transactions taking place in your system, such as user logins and server crashes. When reviewing logs manually, it is highly unlikely to successfully locate a security or compliance issue.