Would you like more information about IT security?
Then simply get in touch with our experts.
Nikolas Rösener
Security Expert
- cyber-security@ohb-ds.de
- 0421220950
All devices connected to a network log all tasks in one or more log files.
A SIEM (Security Information and Event Management) can process logs from a variety of device and system categories.
The following structured overview provides a catalog of typical devices whose logs can be read and analyzed by a SIEM.
All logs are "naturally" available in different formats on the respective devices, so they must be "normalized" into a uniform format. Once all logs have been normalized in a database, it can be searched for anomalies.
Example: It is certainly not normal for the employee in financial accounting to log on to her PC at 1:00 am. -> The user logon was recorded in the log file, sent to the SIEM and evaluated. The use case on the SIEM "send an alert if employees from the administration log on to a PC at night (22:00 - 5:00)" will now trigger an alert.
A SIEM transforms the chaos of alarms into correlated and easily understandable information. Fewer false alarms and more context enable faster detection and defense against threats. In the fight against cyberattackers, every minute counts to protect critical infrastructures and ensure operations.
A SIEM therefore handles all devices; what is still missing is the monitoring of data traffic in the network.
Network Detection and Response (NDR) describes security solutions that continuously monitor and analyze network traffic in order to detect suspicious data traffic and respond to it automatically. Artificial intelligence (AI) and machine learning (ML) methods are used to analyze network traffic and detect anomalies.
Example: If a lot of data is suddenly exchanged between a database server and a computer in the finance department at 01:00 at night, it can be assumed that this is not normal. In this case, the AI will interrupt the connection if this has been defined in the rules.
In the following, we have explained 10 use cases of our SIEM system in more detail to illustrate the benefits of such a system.
Ensure that a use case and workflow are in place to detect any attempts to compromise user credentials through brute force, pass the hash, golden ticket or other methods. In the event of a successful compromise, it is important to identify the affected users and facilities to investigate the impact and prevent further damage.
Define suitable rules for flagging critical events, such as unauthorized changes to configurations or the deletion of audit trails. These changes should be escalated immediately to prevent damage and minimize further risks, as the manipulation of audit logs, for example, is always a warning signal.
Privileged users, such as system or database administrators, have extended access rights. This makes them an attractive target for hackers. With a SIEM solution, analysts can keep a close eye on all the actions of these privileged users and look for unusual behavior that could indicate a threat or compromise.
Cloud computing offers many benefits, but also brings some challenges: meeting new compliance requirements, improving user monitoring and access control, or preventing potential malware infections and data breaches. A SIEM solution should also support cloud-based applications as log data sources, such as Salesforce, Office365 or AWS, in order to extend compliance monitoring and threat detection to the cloud environment.
Phishing is an attempt to obtain sensitive information that is used for identity fraud and identity abuse. This includes attempts to obtain personal information such as social security numbers, bank details, PIN codes or passwords. Companies must ensure at all costs that this sensitive information is protected throughout the organization. Phishing, especially spear phishing, is often used to gain initial access to a network.
When phishing emails are received, analysts can use SIEM to track who has received them, clicked on links within them or replied to the emails so they can take immediate action to minimize the damage.
With a SIEM system, the appropriate correlation rules and warning messages, it is possible to continuously monitor the utilization, availability and response times of various servers and services. Malfunctions and overloads can thus be detected at an early stage and downtimes and the associated costs avoided.
Ensure that a use case and workflow are in place to detect any attempts to compromise user credentials through brute force, pass the hash, golden ticket or other methods. In the event of a successful compromise, it is important to identify the affected users and facilities to investigate the impact and prevent further damage.
Companies are subject to a variety of compliance regulations, such as GDPR, HIPAA or PCI. With a SIEM system, you can document when and by whom which data was accessed, read or copied in order to meet compliance requirements and prevent breaches.
The process of actively searching for cyber risks in a company or network is known as "threat hunting". This search for threats can be carried out in response to a security problem or to detect new and unknown attacks or security breaches. "Threat hunting requires access to security information from all areas of an organization. A SIEM solution can provide this.
A SIEM solution automates threat detection activities and forms the basis for an automated response to security incidents. Forwarding security alerts and security events to LogPoint SOAR enables an even faster response to security incidents by automating manual tasks. This not only increases the productivity of the SOC, but also reduces costs. Use LogPoint SOAR for one analyst free of charge as part of your SIEM license.
Our solution partner Logpoint is now one of the largest providers of SIEM including NDR in Europe. As a Danish company, all European compliance rules are also adhered to.
We can make it easier for our customers to get started with SIEM technology because we are able to offer individual licenses per device at €40 per month. This is because the introduction of a SIEM is a longer, continuous process and can be carried out device by device without having to buy dozens of licenses that cannot be used at the beginning.
We can also take care of hosting the log data for you so that you do not have to invest heavily in hardware in your company.
And with our expertise, we will quickly make your company more secure against cyber attacks.
You are currently viewing a placeholder content from Vimeo. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from YouTube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from hCaptcha to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information