As technology becomes more advanced, so do the security threats businesses face. This rising trend correlates with the increasing variety and forms of attacks. Because of this, most organizations today deploy a Security Incident and Event Management (SIEM) solution to proactively measure and monitor threat management. Additionally, this allows them to obtain an accurate and centralized view of their organization’s security positioning while producing an advanced level of reporting of both possible and real security incidents.
Organizations need to continuously monitor all the elements of their infrastructure, correlate the security events for meaning, add and apply historical context and trending information, and analyze the outcomes to smartly and quickly spot trends and patterns that are out of the ordinary. This is exactly what you get with CenturyLink’s Security Log Monitoring.
The detection of brute force attacks — a trial-and-error method used in an attempt to obtain valuable and private information such as a user-generated password or a personal identification number (PIN) — is essential to businesses to safeguard their data and systems. In this type of attack, automated software can be used to generate a large number of consecutive permutations of a word and numerical combinations to access the desired data. Malicious hackers may use this to crack and access encrypted data externally, or security analysts and IT managers could use it to test an organization's network security internally.
Most diligent enterprises employ an intelligent set of guidelines when configuring specific logging practices for security events, like a maximum number of log-in attempts, the unauthorized modification to system files, or repeated attempts to probe private systems to steal data. Using a Security Log Monitoring Service helps mitigate any possible attack well in advance and deals with any that are already underway, as they get noticed and treated before the attack succeeds.
The detection of an insider threat is essential to the protection of a network. According to reports from the Information Security Forum (ISF), more than 30% of attacks can be traced and sourced back to some insider in the organization. While not every insider breach or flagged security event is malicious or intentional, the threat is still real. As such, organizations must maintain a consistent level of security policies for both internal and external threats. Unfortunately, this doesn't make much difference in the aftermath of an incident — the damage has been done.
Should the threat come from a malicious insider who knowingly and purposely abuses internal access to wreak havoc or gain access, an organization needs visibility into their infrastructure. CenturyLink's Security Log Monitoring allows customers to go from reactive to proactive, from defensive to offensive. Because malicious insiders generally have the knowledge, speed of access, and information required to bypass existing security solutions, they are often the most difficult to detect and the costliest to remedy.
Organizations must also deal with unintentional insiders installing corrupted applications, or forwarding or opening files that may have devastating effects. For example, on-boarding new employees, issuing workstations and laptops, or allowing unmanaged software installations may introduce vulnerabilities. The new machines may not have security measures installed or the new user may not know to run the required security checks at regular intervals. A service needs to be in place to account for the unintended consequences of any security breach. Even something like uploading the wrong file may seem innocuous, but the fall-out can cause massive damage.
From phishing emails sent out on leaked distribution lists and the increased practice of remotely accessing an organization's systems, there's a good chance that attackers will have an in-route to privileged information and platforms. When attackers gain access to an endpoint, targeting and stealing privileged credentials and information is easier. Eventually, attackers can escalate their illegal access privileges and move laterally within the network until attaining full domain-level access and ultimately, total control over sensitive data and IT systems.
CenturyLink’s Security Log Monitoring offers the ability to view your attack surface, monitor user activity, watch and verify SOC activities performed by your own staff and collaborate with expert CenturyLink SOC staff. This allows you to improve your operational and cost efficiency, and most importantly, to focus on business matters that deliver real competitive advantage.
Security Analysts require high fidelity threat intelligence to prioritize work for themselves, their teams and stakeholder organizations. The Risk Score is a powerful metric to use for such prioritization.
Risk Scores vary from 1-100 and appear in several different areas of the collection of threat reports. Sorting on Risk Score can be an effective way to prioritize threat hunting and incident response activities.
Risk scores are also incorporated into threat management platforms and applications that consume ATI data. Security Log Monitoring correlates data with local device logs to indicate which customer-premises devices are under attack.
How is a Risk Score Determined?
Broadly speaking, a Risk Score is a combination of three major factors: Severity, Confidence and Time. While a significant amount of leading-edge research and development goes into the determination of accurate and relevant Risk Scores, the result is the availability of a simple, actionable metric to use in the prioritization of their work.
Our research shows that the duration in which a threat is relevant varies between threat categories, indicating that the best practice is to commence the decaying process when the difference between the last notification of the threat (from its source) and the current time exceeds a pre-defined interval that is unique to the category.
Risk Score allowing customers to see potential threats before they become breaches, because we are continuously sourcing information from one of the largest IP backbones in the world. The validation and original threat discovery drives the fidelity of this information to an industry-leading level.