One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 565596 |
| Date de publication | 2018-04-04 13:00:00 (vue: 2018-04-04 16:07:38) |
| Titre | 4 SIEM Use Cases That Will Dramatically Improve Your Enterprise Security |
| Texte |
No business will argue against an enterprise-level security solution. With threats coming from every direction, a centralized security platform gives administrators the fighting chance they deserve to stave off malicious attacks.
Security information and event management or SIEM systems are considered to be the industry gold standard. While effective, knowing how to use SIEM solutions to reveal valuable insight can be tricky. Little surprise, then, that many are left frustrated or disappointed with SIEM use.
For the resource-strapped IT teams out there, we’ve compiled four SIEM use cases to make your business safer in less than an hour post installation. Read all about it below.
SIEM Use Case Example #1: Nagging SQL Injection Attacks
SQL injection attacks have been around forever. Reported first 10 years ago, these attacks still pose a threat to websites and databases. All it takes is a few malicious commands to make their way onto your SQL server, and it can be tricked into revealing sensitive information.
To prevent this, SIEMs give you several options. The first is the intrusion detection system (IDS), which scans for malicious content on your network targeting SQL deployments.
Here’s a sample report that shows this in action.
If your system has been compromised, IDS will alert you immediately. This lets you swoop in and take retaliatory action before data is siphoned off. Even if there’s no immediate danger, make it a habit to check up on systems running SQL to spot abnormalities.
Most SIEMs let you group your systems running SQL making this a breeze.
SIEM Use Case Example #2: Watering Hole Attacks
Hard to pull off but incredibly effective, watering hole attacks are difficult to detect. They use the same predatory trick seen in nature where an animal lurks around a watering hole waiting for a victim with its guard down to appear.
In the online space, this means one compromised site infects another. The attack begins when a target website is selected for infection. Common victims include government agencies and large enterprises. A profile of visitors that frequent this website is then built. The visitors in the profile are followed around the web as they visit other websites. When they land on a website with vulnerabilities, attackers inject it with malicious code. On repeat visits, the code redirects visitors to a third-party website where they are infected with malware.
When these visitors now revisit the target site, the malware will infect it.
 Even though they’re hard to spot, SIEMs can weed out watering hole attacks at any stage. The IDS system constantly scans for malware attempting to gain access to your website or compromise other vital systems.
SIEM Use Case #3: Malware Infections
Malware attacks remain popular as ever. Even the average computer |
| Envoyé | Oui |
| Condensat | #1: nagging #2: watering #3: malware #4: if 27002 able abnormalities about access across action administrators against agencies ago alert alerts all almost animal another any appear are argue around assessment asset assets attack attackers attacks attempting attempts attend attention auditors average aware away backing because been befalling before begins below benefit better bird’s blogs both box breeze budgets built business but can can’t case cases centralized chance change check clicks clock code coming commands common commonly communication communications community companies competing compiled compliance compliant compromise compromised computer conclusion considered console constantly content correlated cost course critical customized danger dashboard data databases day days deploy deployments deserve detect detection developed difficult digging direction disappointed discovery dollars don’t done down download dramatically driven dss each ease easily easy eductional effective effectively email ensure enter enterprise enterprises equipped escalates establish even event ever every example examples excellent expertise experts explore eye failing fighting file files financial find first followed following foothold forever four frequent from frustrated further gain get give gives gold goodwill government gpg13 great group guard habit handle handling happen hard has have having health help here’s highlight hinting hipaa hire hole horses host hosts hour how hundreds ids ill imagination immediate immediately implementation in improve inbound include incredibly industry infect infected infection infections infects infiltrate information initial inject injection insight installation installed instead integrity intruders intrusion iso it’s its jump just keep keeping kind know knowing known land large learn learning leaving left legal less let lets level liability lights like likely limited little location log logs loss lurks made maintenance make makes making malicious malware management manually many means meet meeting mentioned millions misfortunes monitor monitoring monitors most must natural nature need needs network new now off one online only onto options other otx out pace part party pci pile plan platform popular pose possible post potential powered predatory preferred pressing prevent priorities process processes profile progress protect provide pull pulls put puts quick ransomware read ready really reason recap redirects regulators regulatory related rely remain repeat report reported reporting reports requirements resource retaliatory reveal revealing revisit right risk running safer same sample scan scanned scans security seen selected sensitive sent series server service several shop shows shut siem siems siphoned site situation slip small solution solutions sources space spend spot spyware sql stage standard standards start status stave stay step stop strapped such sure surprise suspicious swoop system systems take takes tap target targeting tasks teams technologies than them then there’s these they’re think third though threat threats time top topic traditional traffic trick tricked tricky trojan trouble trying turn unique use user using valuable value varying victim victims view viruses visit visitors visits vital vulnerabilities vulnerability vulnerable waiting watering way ways we’ve web website websites weed what what’s when where which will won’t worms worried years you’re your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.