Our nDiscovery team shares lessons learned from their vast experience analyzing event logs and detecting potential threats. Watch to learn how nDiscovery can benefit your organization.
A missing link in many log analysis methodologies is human intelligence. While automated techniques are necessary for securing your network, without having a person who can dig into your log data to find the anomalies, you’re not able going to be able to detect everything.
Hackers write their code to bypass all the typical IDS, IPS, antivirus, etc. It’s their job. Until the signature becomes known, an automated system won't work. But there are other factors that come into play that can enable you to detect intrusions. In this video, Ron Bernier, Director of nDiscovery, discusses why human intelligence is so important for consistent data breach detection.
By joining forces to collaborate and share information, we stand a far better chance of beating back the bad guys. With threats continuously evolving, this is an on-going and time-consuming responsibility. And if you’re not able to keep up-to-date with the latest threat intelligence, your network could be vulnerable.
With a log analysis service, like nDiscovery, you have access to a highly-trained security analyst who is constantly consuming the latest threat intelligence, and incorporating it into our methodology. Watch as Ron Bernier, Director of nDiscovery, discusses how our ability to leverage the power of a diverse aggregation of network traffic data, coupled with a variety of other sources, helps us better detect threats to your network.
So, you’ve decided that you need to incorporate some sort of human intelligence into your log analysis methodology. But who? If you’re considering taking it on internally, it’s important to note that log analysis:
If you don’t have a dedicated security staff this may seem like a tall order. Finding a partner, like Sage, helps you fill this void. Watch to learn how we can strengthen your security posture.
It’s no secret that managing your firewall is an essential component of defending your network. Keeping up with the latest threats, plus deploying, upgrading, patching is no small or easy task. That’s why some organizations choose to contract with a third-party to manage, and monitor, their firewall.
Monitoring typically consists of using one or more automated technologies to detect known threats or unauthorized activity. But just because your firewall is denying traffic, doesn’t mean your network is secure. Here’s an example of how nDiscovery was able to detect a potential threat that went unnoticed by their firewall management vendor.
Signature-based detection is an important part of monitoring any network environment for potential threats. But it’s not enough for all types of malware detection. Take zero-day exploits as an example. In today’s threat environment, malware code variants are being introduced on a continuous basis. If the syntax isn't know - it's impossible for automated system to detect them!
The good news is that when these malicious variants are allowed into your network, the activity is recorded in your network device logs. In this video, Ron Bernier discusses how the nDiscovery log analysis methodology detects a zero-day exploit that has successfully passed through a real-time alert system.
Many organizations rely on technology service providers to maintain their network environment and for third party vendors to routinely access their networks to perform functional responsibilities. Whether it be an unintentional oversight or a targeted attempt, risk exposures are often introduced via authorized connections.
In this video, nDiscovery Analyst, Damion Vassell, discusses an instance where when monitoring log events, authorized VPN access from an atypical location raised suspicion of a potential threat for one of our nDiscovery clients. The account was disabled before any data was compromised.