By Sridhar Iyengar
From identity theft to corporate hacking, cyber security has never been more important for businesses, organizations, and governments. Hacking has moved from being a one-person criminal activity to sophisticated malware backed by crime syndicates and money launders. While traditional cyber crimes such as Internet password fraud is still widespread, large-scale espionage attacks and hacking the Internet of Things (IoT) have invaded the scene.
A complete IT security management initiative should aim at designing suitable organizational and technical measures to guarantee the availability, integrity, and confidentiality of an organization’s data, information, and IT services. All security mechanisms must be regularly tested. It should identify and fight intrusions and minimize the damages due to security breaches. The security measures must constantly be reviewed and improved.
What has changed in 2015?
PWC’s Global State of Information Security Survey 2016 brought out some very interesting facts. Over 10,040 executives from more than 127 countries across all industries were interviewed about the type of attacks that companies experienced in 2015 and their plans for the coming year.
The survey recorded an alarming 38 percent increase in the amount of security incidents reported in 2015 versus the previous year. Ninety-one percent of the respondents had adopted a security framework or an amalgamation of frameworks and 69 percent of them used cloud-based cyber security for data protection, privacy, network security, and identity and access management. About 59 percent of the respondents used big data analytics to monitor cybersecurity threats, respond to incidents, and review data to analyze the root cause.
Fifty-four percent had chief information security officer (CISO) in charge of their security programme and 49 percent had a chief security officer (CSO) in charge. The roles and responsibilities of the top cybersecurity executives have expanded in the recent years and their demand continues to increase. Today’s CISO is a business manager who not only has expertise in security, but also risk management, corporate governance, and overall business objectives.
What should a company do?
Any organization’s IT infrastructure generates huge amount of logs every day that can provide powerful insight and network security intelligence into user behaviors, network anomalies, system downtime, policy violations, internal threats, and regulatory compliance. However, the task of analyzing these event logs and syslog’s without automated log analyzer tools can be both time-consuming and painful if done manually.
An event log analyzer provides the most cost-effective security information and event management software on the market. Using this log analyzer software, organizations can automate managing terabytes of machine-generated logs by collecting, analyzing, correlating, searching, reporting, and archiving from one central location. You can monitor file integrity, conduct log forensics analysis, monitor privileged users, and ensure compliance with various regulations by generating a variety of reports like user activity reports, historical trend reports, and more.
A firewall analyzer, which is an agentless log analytics and configuration management software solution, can help network administrators centrally collect, archive, analyze their security device logs, and generate forensic reports.
There is a need for a secure vault for storing and managing shared, sensitive information such as passwords, documents, and digital identities. It must centralize password storage and access to eliminate password fatigue and security lapses. It should automate frequent password changes in critical systems to improve IT productivity and also provide approval workflows and real-time alerts on password access to establish preventive and detective security controls.
A flow-based network security management will be able to monitor and secure enterprise networks and data centers from attacks in real time. It can detect anonymous/suspicious network traffic and also conduct detailed forensic investigation.
A web-based Active Directory tool can track all domain events, including user, group, and computer. It can audit Windows file servers, failover clusters, document changes to files and folders, audit access, shares, and permissions. It monitors every user logon and logoff, including every successful and failed logon event across network workstations. It tracks Windows member servers, FIM, printers and USB changes with events summary; tracks application, policy, and system events. It can bring 150+ ready-to-use audit reports with instant email alerts to ensure security and meet IT compliance requirements.
A web-based, change auditing and reporting solution for MS Exchange environments can report on Outlook Web Access usage, mailbox traffic, and mailbox growth. It supports customized reports that use data filters, automatic scheduling, and multi-format report generation. It will also provide the audit feature that enables investigation of unauthorized mailbox logons and other critical changes.
A web-based solution for managing thousands of servers, desktops, and mobile devices from a central location can create a single-point solution and provide for desktop and mobile device management (MDM). It will provide a holistic solution to manage all MDM activities, and also offer an affordable and easy-to-use solution that is within the reach of any organization.
In a nutshell
Currently, computer systems include a very wide variety of devices, including smartphones, televisions, and tiny devices as part of the IoT, and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi, and other wireless networks.
Today’s enterprise requires big data security solutions that can adapt to advanced threats and changing business demands. Simple monitoring of traditional security events is no longer enough. Security practitioners need broader insight from new data sources generated at massive scale across IT, the business, and in the cloud. Staying ahead of external attacks, malicious insiders, and costly fraud demands continuous security and compliance monitoring, fast incident response, and the ability to detect and respond to known, unknown, and advanced threats.
Iyengar is the Vice President in ManageEngine
The post Why Integrated Security Is Key to Tackle Advanced Threats appeared first on BWCIO.