In the previous three posts in the backdrop of the cyber-attack on Zappos.com, we analyzed the challenges associated with achieving the highest level of information security in enterprises and the causes for security incidents. In part-3 of this series, we discussed how lack of internal controls, access restrictions, centralized management, accountability, strong policies and haphazard style of privileged password management give room for security incidents. Let us now analyze the activity monitoring scenario …

Activity monitoring – scenario today:

Most enterprises have well-defined, perimeter security devices and mechanism like firewalls, intrusion detection and prevention systems, anti-malware software, email security solutions and a host of other applications and devices. The pace at which security incidents are happening clearly indicates that establishment of these controls alone are not just enough.

Unfortunately, many enterprises remain contented with the establishment of perimeter security and tend to ignore a very important aspect of network security — activity monitoring. The perimeter security devices like firewalls, IDPs and other network devices generate a huge volume of logs. Many enterprises do not attach much importance to monitor these logs, which could throw vital visibility on suspicious activities. Instead, they rush to view to the traces to do post-mortem once a security incident rocks the organization.

A proper strategy to monitor and manage the logs from critical systems could prove effective in preventing security incidents. Especially, monitoring activities like user logons, failed logins, password access, password changes, attempts to delete records and other suspicious activities could help identify hacking attempts, malicious attacks, DoS attacks, policy violations and other incidents.

However, since the perimeter security devices generate a huge volume of logs, administrators find it herculean to analyse/monitor them manually. An automated approach to centralized log collection, analysis and reporting for real-time situational awareness is essential from the standpoint of enterprise security. There should be provision for thoroughly analyzing and correlating the logs, data and events from disparate devices and systems. This results in a more secure infrastructure with an in-depth and holistic view of overall network activity.

We have dealt with the causes of security incidents in detail. How to overcome these threats and security incidents? Let us discuss that in the next post …

Bala
ManageEngine Password Manager Pro

Quick Video| Free Trial Download| White Papers | Success Stories