nDiscovery Use Cases

Our nDiscovery team shares lessons learned from their vast experience analyzing event logs and detecting potential threats. Watch to learn how nDiscovery can benefit your organization.

Why human intelligence is essential for consistent data breach detection

A missing link in many log analysis methodologies is human intelligence.  While automated techniques are necessary for securing your network, without having a person who can dig into your log data to find the anomalies, you’re not able going to be able to detect everything.

Hackers write their code to bypass all the typical IDS, IPS, antivirus, etc. It’s their job.  Until the signature becomes known, an automated system won't work.  But there are other factors that come into play that can enable you to detect intrusions.  In this video, Ron Bernier, Director of nDiscovery, discusses why human intelligence is so important for consistent data breach detection.


More is better... The importance of threat intelligence in detecting network threats

By joining forces to collaborate and share information, we stand a far better chance of beating back the bad guys. With threats continuously evolving, this is an on-going and time-consuming responsibility. And if you’re not able to keep up-to-date with the latest threat intelligence, your network could be vulnerable.

With a log analysis service, like nDiscovery, you have access to a highly-trained security analyst who is constantly consuming the latest threat intelligence, and incorporating it into our methodology. Watch as Ron Bernier, Director of nDiscovery, discusses how our ability to leverage the power of a diverse aggregation of network traffic data, coupled with a variety of other sources, helps us better detect threats to your network.



How a log analysis service can better secure your network

So, you’ve decided that you need to incorporate some sort of human intelligence into your log analysis methodology. But who? If you’re considering taking it on internally, it’s important to note that log analysis:

  1. Is a full time job that requires focus and attention to detail;
  2. Can be a painstaking process; and
  3. Requires a high level of expertise and continuous training.

If you don’t have a dedicated security staff this may seem like a tall order. Finding a partner, like Sage, helps you fill this void. Watch to learn how we can strengthen your security posture.


How firewall log analysis differs from firewall  monitoring

It’s no secret that managing your firewall is an essential component of defending your network. Keeping up with the latest threats, plus deploying, upgrading, patching is no small or easy task. That’s why some organizations choose to contract with a third-party to manage, and monitor, their firewall.

Monitoring typically consists of using one or more automated technologies to detect known threats or unauthorized activity. But just because your firewall is denying traffic, doesn’t mean your network is secure. Here’s an example of how nDiscovery was able to detect a potential threat that went unnoticed by their firewall management vendor.  


How nDiscovery detects a zero-day exploit

Signature-based detection is an important part of monitoring any network environment for potential threats. But it’s not enough for all types of malware detection. Take zero-day exploits as an example. In today’s threat environment, malware code variants are being introduced on a continuous basis. If the syntax isn't know - it's impossible for automated system to detect them! 

The good news is that when these malicious variants are allowed into your network, the activity is recorded in your network device logs. In this video, Ron Bernier discusses how the nDiscovery log analysis methodology detects a zero-day exploit that has successfully passed through a real-time alert system.


Why context is an important part of log analysis and threat detection

A big challenge for organizations when it comes to malware detection is their inability to correlate network log events between different devices. Sophisticated malware mimics normal user behavior in order to mask its identity, and can go undetected by real-time intrusion detection systems.

However, examining behavioral attributes (i.e. connection points, traffic sizes, timing frequencies, etc.), places the event activity in the appropriate context, and allows you to detect this automated behavior and expose the threat. In this video, Ron Bernier discusses an example of how nDiscovery uses context to detect a malware intrusion. 


Detecting risks from authorized connections

Many organizations rely on technology service providers to maintain  their network environment and for third party vendors to routinely access their networks to perform functional responsibilities. Whether it be an unintentional oversight or a targeted attempt, risk exposures are often introduced via authorized connections. 

In this video, nDiscovery Analyst, Damion Vassell, discusses an instance where when monitoring log events, authorized VPN access from an atypical location raised suspicion of a potential threat for one of our nDiscovery clients. The account was disabled before any data was compromised.