Equifax, a leading credit bureau, was victim to a massive cyber breach a few months ago. Given that the attack was one of the largest breaches of personal information in recent years, you’ve probably already heard about it. But if you don’t already know, Equifax notified the public about this breach last week (Sep 7th), while the attack itself happened between May and July. At this point there isn’t much information about what actually happened. And with Equifax dealing with a tide of legal repercussions, it doesn’t seem like more information will be available soon.
Just like many other attacks, it took weeks for the breach to get discovered. This whole thing has to be quite scary for security teams. Imagine if your enterprise was breached months ago, but you just found out about it today. That’d be horrifying.
That said, breaches like this are a good reminder for security professionals to take stock of their defenses. If you’re worried that your enterprise might one day face a cyber attack, then start by evaluating your security posture. Understand how you’re poised to deal with cyber attacks and research the latest emerging threats and techniques of cyber attacks. Identify whether your SOC (security operations center) has the right set of tools and the trained personnel needed to mitigate attacks. Additionally, do you have an efficient, streamlined process to handle security incidents?
This news story can be used to illustrate three important points about implementing tighter security in your enterprise.
1. Auditing critical resources
Apart from critical servers, your network also has business applications like databases and web servers. Databases store confidential information about your business as well as sensitive customer data, and your web servers host your website, which customers access for business. You need to audit security events occurring on your databases and web servers to really secure these critical resources.
Log360, our comprehensive SIEM solution, can provide a huge boost to your security. With in-depth auditing of your critical servers, databases, and web servers, Log360 allows you to easily track events occurring on each platform and detect security threats.
2. Forensic analysis and generating an incident report
If something goes wrong in your enterprise, like a breach, certain regulations will fine you for not having appropriate measures in place to prevent the breach.
So when you encounter a security incident, you should try to be positioned to find out exactly what happened. Forensics becomes very important in situations like this and should be clearly established ahead of time. With proper forensics, you can find out whether a security incident was indeed an attack or not, and then furnish your report about the incident for your internal or compliance auditors. With a powerful log search engine, a SIEM tool like Log360 can help you conduct a forensic investigation after an attack.
3. Don’t forget about internal threats
When we think about security attacks, we tend to picture a nefarious agent breaking into an enterprise from the outside. But remember, many attacks stem from an internal actor.
Administrator accounts are especially prevalent in internal attacks. If an attacker somehow gets the credentials of a domain admin account, they’d have the power to take down an entire IT infrastructure. Admin accounts have an elevated status, so the actions and changes performed by your administrators need to be tracked to ensure everything is proper. Log360 can help you keep insider threats at bay with features like real-time alerting for critical Active Directory changes, privileged user monitoring, and tracking of accesses to confidential data.
These are just some points to remember for implementing tighter security in your enterprise. Remember, rather than facing harsh financial consequences due to negligence, it’s worth it to invest some money to stay secure.
Learn more by downloading our free white paper on using indicators to deal with security attacks and best practices guide for log forensics here.
Cheers!