Harking back to my last post about the Backoff PoS malware, I’d like to take a moment to focus on a particular issue that seems to come up over and over again as we hear of more breaches…
Let’s look at Chester Wisniewski’s quote from that post again:
“Application control and network monitoring can help detect the presence of connections to these systems…Careful monitoring should be able to detect or prevent unexpected or unauthorized remote connection attempts.”
“Careful monitoring.” So often we see cases where organizations have spent hundreds of thousands, even millions of dollars on technical controls and hardware, but at the end of the day, we need to PAY ATTENTION. Time and time again, not to pick on Target, but we find that these breaches have been ongoing for months or longer before detected. Not necessarily because the intrusion was so well hidden, but because alerts were ignored.
Every piece of hardware and software in your environment generates logs. Sifting through them can be tedious, and as I like to say, it’s the least sexy part of security. That is why they are so often ignored or assigned to the lowest man on the totem pole. But making correlations between these events…that’s a skill learned over time, something that few newbies or generalists are going to be able to do.
How can you know what is going on in your environment if you’re not performing proper log management, including daily log review by trained experts?
We can help you achieve better insight, better alerting, and better actionable intelligence. All of this leads to better peace of mind. Click here for a free consultation.