In September 2017, Equifax, one of the top three credit rating companies in the USA, reported the theft of personal data of more than 143 million Americans from its database. While it is difficult to estimate the damage that data theft could cause to those affected, this incident is likely to cost Equifax billions of dollars. This gross breach of security is just an example of the time and money, not to mention the trust, it could cost a company. While the cause of the attack is still unknown, this incident sends a grave message to all companies - any organization, big or small, is susceptible to attacks. It is important to take steps to prevent these incidents.
Even if an attack is discovered, quick incident response is needed, which begins with incident forensics - investigating the attack and its cause. All of this is possible with a powerful SIEM solution. Besides identifying and alerting you about potential or live attacks, a sophisticated SIEM tool can also help in investigating attacks and creating detailed incident reports.
An organization can never be immune to security attacks, such as data breaches. This white paper deals with the signs, or indicators of a potential threat or an on-going security attack. These indicators are broadly classified into two categories viz., Indicators of Compromise (IoCs) and Indicators of Attack (IoAs). IoCs help deal with an ongoing attack, whereas IoAs help prevent an attack even before it occurs. Using the concepts highlighted in this white paper, a security administrator can understand how to configure their SIEM solutions to track both IoCs and IoAs, and build correlation rules to identify data breaches. This will ensure your web server data and database server remain protected, and improve overall data security.
In today's evolving threat scenario, every organization is susceptible to attacks. In case you do discover a data breach, you can immediately launch an investigation by searching through your network logs to discover the exact point of breach. Incident response is a time sensitive process and you must ensure all components are in place to conduct a smooth investigation. Creating incident reports is a critical capability even from a legal perspective, to prove your adherence to compliance standards and reduce potential legal penalties. This guide details the best practices that you can follow to ensure you have a robust incident forensics system in place, by leveraging your SIEM solution to the maximum.