As technology becomes more advanced, so do the security threats businesses face. This rising trend correlates with the increasing variety and forms of attacks. Because of this, most organizations today deploy a Security Incident and Event Management (SIEM) solution to proactively measure and monitor threat management. Additionally, this allows them to obtain an accurate and centralized view of their organization’s security positioning while producing an advanced level of reporting of both possible and real security incidents.
Timing is everything and when dealing with cyberattacks; the longer it takes to detect the attack, the more time a threat can mature and access data. During a breach, agents behind these attacks can conduct surveillance, steal data, and spy on your organization, all of which increases the cost and the consequences of an attack.
Simply collecting logs and alerts on possible security breaches against your IT infrastructure is not enough. Locating, analyzing, and mitigating malicious attacks requires swift and accurate action. As such, organizations need to continuously monitor all the elements of their infrastructure, correlate the security events for meaning, add and apply historical context and trending information, and analyze the outcomes to smartly and quickly spot trends and patterns that are out of the ordinary. This is exactly what you get with CenturyLink’s Security Log Monitoring with Trending and Threat Analysis, delivered via our Managed Security Services Portal.
In an age of rapid evolution of increasingly efficient password cracking tools, brute force attacks are prevalent. The detection of such attacks is essential to businesses to safeguard their data and systems. A brute force attack is essentially a trial-and-error method used in an attempt to obtain valuable and private information such as a user-generated password or a personal identification number (PIN). In this type of attack, automated software can be used to generate a large number of consecutive permutations of a word and numerical combinations to access the desired data. Malicious hackers may use this to crack and access encrypted data externally, or security analysts and IT managers could use it to test an organization's network security internally.
Most diligent enterprises employ an intelligent set of guidelines when configuring specific logging practices for security events, like a maximum number of log-in attempts, the unauthorized modification to system files, or repeated attempts to probe private systems to steal data. Using a Security Log Monitoring Service helps mitigate any possible attack well in advance and deals with any that are already underway, as they get noticed and treated before the attack succeeds.
When both data and timing are key factors, relying on a service like CenturyLink’s Security Log Monitoring with Trending and Threat Analysis is paramount. It collects and tracks incidents in near real-time, categorizes them by severity, and delivers reports both to the customer and to an the CenturyLink SOC team for review and escalation 24/7. CenturyLink security experts then cull the data and prioritize events into the top incidents requiring greater analysis or immediate action.
CenturyLink’s Managed Security Services Portal incorporates a leading-edge SIEM solution and provides deep visibility, reporting and threat analysis tools, and a highly-skilled staff of analysts to deliver a comprehensive security solution. Our advanced platform takes an industry best-practice approach to automation to weed out a greater number of false positives than standard systems. We combine log data from the risk profiles of each customer asset with near real-time threat intelligence data from CenturyLink’s global corporate network and partner threat feeds to deliver superior results.
The detection of an insider threat is essential to the protection of a network. According to reports from the Information Security Forum (ISF), more than 30% of attacks can be traced and sourced back to some insider in the organization. While not every insider breach or flagged security event is malicious or intentional, the threat is still real. As such, organizations must maintain a consistent level of security policies for both internal and external threats. Unfortunately, this doesn't make much difference in the aftermath of an incident — the damage has been done.
Should the threat come from a malicious insider who knowingly and purposely abuses internal access to wreak havoc or gain access, an organization needs visibility into their infrastructure. CenturyLink's Security Log Monitoring with Trending and Threat Analysis allows customers to go from reactive to proactive, from defensive to offensive. Because malicious insiders generally have the knowledge, speed of access, and information required to bypass existing security solutions, they are often the most difficult to detect and the costliest to remedy.
Organizations must also deal with unintentional insiders installing corrupted applications, or forwarding or opening files that may have devastating effects. For example, on-boarding new employees, issuing workstations and laptops, or allowing unmanaged software installations may introduce vulnerabilities. The new machines may not have security measures installed or the new user may not know to run the required security checks at regular intervals. A service needs to be in place to account for the unintended consequences of any security breach. Even something like uploading the wrong file may seem innocuous, but the fall-out can cause massive damage.
From phishing emails sent out on leaked distribution lists and the increased practice of remotely accessing an organization's systems, there's a good chance that attackers will have an in-route to privileged information and platforms. When attackers gain access to an endpoint, targeting and stealing privileged credentials and information is easier. Eventually, attackers can escalate their illegal access privileges and move laterally within the network until attaining full domain-level access and ultimately, total control over sensitive data and IT systems.
CenturyLink’s Managed Security Services Portal offers the ability for to view your attack surface, monitor user activity, watch and verify SOC activities performed by your own staff and collaborate with expert CenturyLink SOC staff. The portal also provides invaluable insights in the form of updates, customized reports, and visual outputs reflecting activities inside your network. This allows you to improve your operational and cost efficiency, and most importantly, to focus on business matters that deliver real competitive advantage.
The Digital Transformation Age has arrived. Taking advantage of rapid provisioning enables service activation and the addition of new tasks and clients in minutes or hours, rather than days or weeks or even months.
Organizations hoping to remain competitive in the digital landscape must undergo changes in the way they conduct business, how they operate in a rapidly-changing market, and must find solutions to maintain pace without compromising the security of their data and network. All these changes are part of Digital Transformation — for businesses of all sizes and maturity levels.
Customers depend on enterprises for their ability to protect and safeguard them and their data from cyber threats. Locating and securing that protection is a real-world challenge, especially in an age where attacks are more sophisticated and occur more often than ever. As such, incident response times and their associated costs increase, too.
CenturyLink's Managed Security Services Portal helps businesses expand and strengthen their offerings and portfolios by delivering automated and targeted threat management and threat intelligence on a highly interactive and immediate platform. By leveraging this in conjunction with a dedicated and trained staff of professionals to deal with cyber threats, businesses can better position themselves to remain operational and in compliance, especially if these resources are scarce.
By engaging in proactive and actionable threat intelligence practices using CenturyLink's Managed Security Services Portal, businesses can identify the most dangerous and recurring threat patterns well before they compromise a network or system across vertical markets. Additionally, customers can identify the source of the attack while building threat management strategies in real-time.
Utilizing threat intelligence capabilities through the collection and correlation of potential threats and categorizing them across a multitude of modules allows CenturyLink to action on the threats while freeing customers up to focus on their specific business needs. Through the Managed Security Services Portal’s intelligent user-interface, configuration and operation is simplified. The results of a query are easily identifiable and integrated with other security solutions like Security Incident and Event Management, Intrusion Prevention Service (IPS), Intrusion Detection Service (IDS), and firewalls through API, SDK, and plug-ins.
For one company, monitoring access to Microsoft solutions was becoming increasingly complex. Although the Microsoft summary page offered some data, security analysts captured more detailed information to show activity from employees logging into Microsoft Exchange, Office 365, and OneDrive. Using a single API offered more unified logging: instead of monitoring Microsoft Azure or Office 365 separately, these processes were combined into a comprehensive view.
Through a single interface, Cloud Security Monitoring can show any business where people are connecting, what the accounts are, who accessed what data, and when they logged into various applications. They can also monitor access to SharePoint, including who has uploaded and downloaded files within that environment. By monitoring these access points, the company is better able to determine gaps in processes and policies, and take immediate steps to remedy them.
When security analysts began monitoring a U.S. company’s Microsoft Exchange account, geographic data was one stream that was closely observed. Some of the metadata monitored included the contents of the logs and other metadata such as geo-fencing, which enabled the company to see any unusual activity.
In one instance, a user logged in from Kuwait, which raised alarms in the Managed Services Security Portal. After investigating this anomaly, the company determined that the login was from a current employee working on a legitimate assignment. The company also saw many additional attempted logins from other countries, however and after further investigation, determined that they were from threat actors.
Security analysts began monitoring VPC logs from an Amazon instance for a U.S. company. The analysts could see traffic hitting SSH services that were exposed to the Internet on one of the company’s machine instances. This raised concerns as it was clearly someone with bad intentions trying to get into the SSH. Investigation launched from the Managed Services Security Portal revealed that threat actors were trying to hit the root account or a blank named account. The company quickly took steps to address the threat and ensure their systems were well-secured.