One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1073280 |
| Date de publication | 2019-03-18 13:00:00 (vue: 2019-03-20 21:01:12) |
| Titre | All about security analytics |
| Texte |
With or without a security operations center, and whether your network is on premises, in the cloud, or a hybrid, you need to determine which events and indicators correlate with cyber attacks. Organizations these days face a wider range and greater frequency of cyber threats than ever before. These threats can be from APTs (advanced persistent threats), cyberwarfare, promiscuous attacks through bots and botnets, script kiddies, malware-as-a-service via the Dark Web, or even internal attacks from entities within your organization. Everything from distributed denial of service attacks (DDoS) to cryptojacking, from man-in-the-middle attacks to spear phishing, from ransomware to data breaches hit businesses of all sizes and in all industries constantly and every single day. It’s perfectly normal to find it all to be overwhelming!
But implementing the right tools and practices can help you make sense of all of the cacophony. That’s where cybersecurity analytics can be useful. Several years ago, security analytics became something of a buzzword, but it’s as relevant now as ever.
Cybersecurity data analytics explained
So what is it exactly? It’s actually quite simple.
Security analytics isn’t one particular type of tool or system. It is a way of thinking about cybersecurity proactively. It involves analyzing your network’s data from a multitude of sources in order to produce and maintain security measures. It’s all about aggregating data from every possible source and finding the “forests” that all of those “trees” of logs and other recorded details are a part of. Of course, being able to identify the “forests” can make it easier to not only put out “forest fires” of cyber attacks, but also prevent “forest fires” in the future.
Security analytics sources and tools
Here are some of the different types of data sources which can be used in your cybersecurity analytics practices:
Cloud resources
User data acquired from endpoints
Logs from network security appliances, such as firewalls, IPS, and IDS
Network traffic and its patterns
Identity and access management logs
Threat intelligence
Geolocation data
Mobile devices and storage mediums connected via WiFi, Ethernet, and USB
Antivirus applications
Business specific applications
There are some types of tools which your network can deploy which pertain to cybersecurity analytics. They include:
Code analysis applications to find vulnerabilities in software and scripting
File analysis tools to explore files in ways which may go beyond malware detection
Log analysis applications for firewalls, IDS, IPS, networked print devices, servers, and endpoints
SOC (security operations center) specific applications to organize data in a way which is useful for their functions
DLP (data loss prevention) tools
Security analytics use cases
Properly implemented cybersecurity analytics can not only improve your network’s security posture, but also help your organization with regulatory compliance needs. There are many industry-specific regulations which require log data collection and activity monitoring. HIPAA and PCI-DSS are just a couple of them.
It can even help show your organization’s stakeholders and management which security measures and policies are useful and worthy of investment.
Using an analytics approach and the right tools have the benefit of being able to |
| Envoyé | Oui |
| Condensat | “big “forest “leveraging able about access according accumulated acquire acquired activities activity actually additional advanced aggregating ago algorithms all already also analysis analysts analytics analyze analyzing anomalies antivirus appliances application applications approach apts are areas associated attack attacks augment augments based became because become before behavior behavioral being benefit best better beyond boring both botnets bots brains breaches business businesses but buzzword cacophony calculation can cases caused center change changes changing clear cloud code collection complement compliance computer conclusion configured connected constantly correlate correlation could couple course create creating cryptojacking cyber cybersecurity cyberwarfare dark data day days ddos deal denial deploy deployed details detection determine devices different direct distributed dlp dss easier effective efforts endpoints entire entities environment ethernet even event events ever every everything evolving exactly examined existing explained explore face facet fatigue file files find finding fires” firewalls followed frequency from functions future general geolocation get going good greater has have help helps here hipaa hit how human hunters hybrid identification identify identity ids implemented implementing improve include: indicative indicators industries industry intelligence internal investment involves ips irrelevant isn’t it’s its itself just keep kiddies landscape leads learn learning loads log logs long look loss lot machine maintain maintained make malware man management many may measures mediums mental middle might missed mobile monitoring months more most multitude need needs network network’s networked new next normal not now obvious off often one only operations order organization organization’s organizations organize other out outdated over overwhelming part particular patterns paul pci people’s perfectly persistent pertain phishing picture” policies possible possibly posture practices practices: premises prevent prevention print proactively produce promiscuous properly protected provides put quite range ransomware recorded reflects regulations regulatory reid relevant repetitive require resources results rich right rules scan scans script scripting security see sense servers service set several shoulders shouldn’t show siem simple single sizes soc software solutions some something source sources spear specific stakeholders stick storage stored structured such supervised supposedly system systems take tedious than that’s them these think thinking those threat threats through time tire tool tools tools‒not traffic tweaking type types ultimately underlying uniquely unlocked unstructured unsupervised usb use used useful usefully user using value view vulnerabilities watch way ways web well what when where whereas whether which wider wifi within without won’t work worlds worthy would wrote: year years your |
| Tags | Ransomware Malware Tool Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.