As always, we at Solutions Review try to keep up with the blogs of the major vendors in each distinct cybersecurity field—Endpoint Security, SIEM, and Identity and Access Management. Who better to teach us about the most relevant concerns and pressing threats than the troops on the ground fighting daily against hackers and malicious nation-state actors?
Today we decided to dive into the blog of Texan SIEM vendor SolarWinds, or rather blogs. SolarWinds actually has two: the technically inclined LogicalRead and the more accessible learning platform Geek Speak. We read both, and pulled out some key SIEM findings for Q1 2018.
Investors aren’t exactly queuing up for enterprises that suffered a hack or a data breach. SolarWinds points out the financial effects of a digital attack can affect global enterprises and small businesses alike. In fact, attacks on small businesses made up 43% of cybercrimes in 2015 alone, a significant jump from years past.
Yet employees still remain deeply ignorant of cybersecurity threats, and thus are the most common cause of a hack. SolarWinds reminds their readers that every avenue and scrap of data is vulnerable to an attack, and to watch out for the Internet of Things, social engineering, and mobile malware in particular.
A much earlier article from when the WannaCry ransomware strain prowled the Internet, the information provided in this post remains as relevant today as it did then. Ransomware continues to plague enterprises around the world, as the city of Atlanta will attest.
SolarWinds points out most ransomware finds its way into corporate networks via emailed phishing scams. The vendor provides some solid advice on how to prevent falling victim to phishing tactics such as not trusting email display names, checking for spelling mistakes in allegedly legitimate emails, and watching for threatening language in the subject line. After that, the next step is to ensure your employees know and act on these tips.
There are a lot of regulatory compliance guidelines—at least one for every industry. What’s more, while each regulatory guideline mandates the collection and storage of logs for compliance, they specify different timeframes and what logs need to be retained.
Furthermore, SolarWinds acknowledges that the buzz of activity in the typical enterprise IT environment can make log retention a near impossibility, not to mention maintaining those stored logs. SolarWinds recommends not only looking into a SIEM solution for log management, but also into syslog servers to simplify log collection, archival, and storage. The two solutions can even be paired.
We covered the AMD Ryzen controversy in a previous article, but the writers in the SolarWinds community also expressed some thoughts on the matter. They point out that while the AMD Ryzen processors do have security flaws, they require some serious permissions to exploit. Furthermore, CTS Labs of Israel—the firm that discovered the flaw—has stock in the field which may have influenced their decision. SolarWinds’ writers reminds us that the constantly paranoid, always-in-crisis mentality isn’t terribly healthy for our industry. Instead, we should focus on proven best practices such as infrastructure monitoring and threat management.
SolarWinds shares some of the benefits of a more proactive syslog monitoring solution: reduced downtime of servers and better alerting. They dive into the alerting that syslogs can facilitate such as security alerting, networking alerting, and application alerting.
The idea is to reduce your help desk’s burden, and syslogs can detect threats before they become threats. The math is pleasantly simple in this regard.
- The Best Cybersecurity Certification Courses on Udemy to Consider - May 19, 2022
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021