One of the biggest challenges facing Security Professionals and business leaders today is actually identifying that you have been compromised. Obvious attacks like home page hijacking and browser redirects are now easily preventable with basic security protection. This fools many into thinking they don’t have a problem. Part of the challenge here is that they may not only have a problem, but may be causing the rest of us a problem if they are a part of a zombie network.
How do you detect anomalies in privileged user account activity or any user account activity for that matter? Chances are, if you are mid-size organization or smaller, you don’t.
When our customers ask us how to proactively improve their security posture we usually respond with; What are your reports and logs showing you? If customers don’t have reports that show things like Mismatched Port Application Traffic they may not have enough visibility
This makes the case for SIEM. When we show our customers the new level of visibility they get into their environment, they usually want it. Unfortunately, after the business person at your organization sees our quote, SIEM purchases can become an uphill battle.
This is where customers need to be prepared with evidence and high level information on why it’s hard to see what’s going on in the network. They need to explain how lack of network visibility can cause downtime (at the minimum) or worse yet, slow exfiltration of data. If the sky will truly fall in the case of a major incident, be clear about that. In many cases a breach may not put you out of business, but can still be very costly.
Check out all our other blog posts on stopping hackers now!