If you’re a security practitioner, you should be reading this.
The 2013 Data Breach Investigations Report (DBIR) has published some alarming statistics that question us on our preparedness to combat new-age security attacks. The speed and sophistication of today’s attacks and new threat vectors being introduced are causing financial and reputational disasters across various geographies and organizations.
The report found that:
- 19% of breaches combined phishing, malware, hacking, and entrenchment. This is known as the Assured Penetration Technique.
- 78% of intrusions took little or no specialist skills or resources. This means companies weren’t prepared enough and had no preventive mechanism in place.
- 66% of breaches remained undetected for months. Imagine the loss of data and resources during this period!
- 84% of intrusions took just minutes to inflict damage. This means the threat response systems employed in companies were weak and slow to respond.
These meaningful numbers reinforce the need to be prepared for today’s advanced attacks. Most organizations don’t know how effectively their security systems avert threats and counter breaches and intrusions. The best place to start fishing for clues is the wealth of logs generated from various entities in the IT infrastructure.
Logs are the Means to an Actionable End
Logs provide a wealth of information about virtually everything that’s happening on your network. It’s only wise to take advantage of what’s available in the logs and get better visibility into the problems and security vectors that are impacting your IT infrastructure. You can achieve comprehensive log management and analysis by:
- Aggregating log data from various disparate sources on your IT environment
- Correlating the collected logs to obtain meaningful information about device and user activity on your network
- Setting up alerting to automatically notify you if there’s a suspicious or non-compliant activity on your network and systems
- Programming automated active responses to counter and prevent threats in real time
Security Information & Event Management (SIEM) tools provide all the protection you need to detect, alert, and respond to attacks by preventing or containing them. SIEM tools will further help you analyze log data for advanced incident awareness and perform event forensics to isolate the root cause of a threat or attack. For a full-function SIEM virtual appliance, try SolarWinds Log & Event Manager. Our solution will enhance your IT security and prepare you to face the onslaught of sophisticated zero-day attacks.