Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected.
Join cybersecurity expert Bob Erdman, senior security product manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like:
Insider attacks
Alert and console fatigue
Shortage of security staff
Misconfigurations
Excessive access
By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.
5. Cybersecurity Threat:
Malicious Insider Threats
are most concerned
about malicious
insider threats
Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders
Who are malicious insiders?
Those that:
▪ Steal information on behalf
of outsiders
▪ Steal information for
personal gain
6. How SIEM Prevents…
Malicious Insider Threats
Create an event
in real-time
Complete
forensic analysis
Determine final
evaluation
Prompt an
account freeze
!
A new web
administrator
attempts to access
confidential user
data from the
customer database.
INSIDER THREAT
EXAMPLE
8. Cybersecurity Threat:
Inadvertent Insiders
are most concerned
about inadvertent
insider threats
Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders
Examples of inadvertent insider
threats:
▪ Phishing
▪ Poor passwords
▪ Spear-phishing
▪ Orphaned accounts
9. Cybersecurity Threat:
Inadvertent Insiders
!
A network
administrator is logged
in at his workstation at
the headquarters and
appears to be logged in
remotely from a
location abroad.
SUSPCIOUS ACTIVITY
EXAMPLE
Event created
with two
sessions active
Evaluate user
behavior by
workstation
Determine final
evaluation
Prompt an
account freeze
11. Cybersecurity Threat:
Excessive Access
Source: EMA’s Responsible User Empowerment Report
reported a violation of
privileged access
policies had occurred
in the last year
Critical to monitor:
▪ Changes to user profiles
▪ Invalid login attempts
▪ Intrusion detections
▪ Changed or deleted objects
12. Cybersecurity Threat:
Excessive Access
!
A web
administrator,
discovers changes
were made to
the server by a web
marketer.
INSIDER THREAT
EXAMPLE Alert sent
Determine final
evaluation
Review
change log
14. Cybersecurity Threat:
Misconfigurations
Misconfiguration of firewall
rules and policies can pose a
serious security threat.
Requires constant diligence in:
▪ Patching firewalls
▪ Monitoring configuration
▪ Assessing the rule base
of firewall breaches
caused by firewall
misconfiguration, not
firewall flaws
95%+
https://www.ibtimes.co.uk/cyber-attacks-who-held-responsible-ciso-ceo-512308
15. How SIEM Prevents…
Misconfigurations
!
Late one evening, a
rule in the firewall
configuration is
modified by an
administrator.
MISCONFIGURATION
EXAMPLE Create an event
in real-time
Evaluate user
behavior
Assign case to
security specialist
Verify a change
ticket was filed
17. Cybersecurity Threat:
Brute Force Attacks
The best defense is:
▪ Requiring users to create
complex passwords
▪ Limiting the number of
times a user can
unsuccessfully log in
▪ Locking out users who
exceed the specified number
of failed login attempts
Automated password
crackers that can
generate as many as
1B guesses
per second
18. Cybersecurity Threat:
Brute Force Attacks
!
A user account has
had over 100 login
attempts over the
past hour, even
though the employee
is out sick.
BRUTE FORCE
ATTACK EXAMPLE
Repetition
event created
Lock account
Set authentication
parameters
Prioritized and
escalated alert
20. Cybersecurity Threat:
Alert and Console Fatigue
What makes this so challenging?
▪ The volume of events makes it
impossible to uncover security
events quickly—many are benign.
▪ The data from the numerous
assets is not delivered in one
common language.
▪ Security issues can easily be
missed or mistaken as harmless
without additional context from
other sources and events.
https://www.helpsystems.com/cta/2019-ema-security-megatrends-report
is the average number
of consoles security
teams use to manage
programs
10
22. Event Manager At-A-Glance
Key Features
Normalization of
Disparate Data
Sources
Prioritization of
Critical Events
Streamlined
Incident Response
Compliance
Reporting
Real-Time Threat
Detection
Out-of-the-Box
Security
23. Get security teams the most
crucial information the
moment it becomes available.
The Ultimate Goal
TEST IT OUT: Event Manager Freemium or Trial
https://www.helpsystems.com/products/siem-software