Technology Sectors
Using forensics tools to achieve total security intelligence
 |
| Karl Klaessig |
In today’s connected world, government agencies face network attacks on a daily basis – from government-sanctioned espionage to serious international cyber thieves trying to gather intelligence, to amateur hackers playing around on their computers and trying to break in for ‘sport.’ Whatever the source, government networks are under attack and there have been numerous reports of data breaches of government systems, leaving officials scrambling to figure out how they got in, how long they accessed the network and what they were able to view or take during the breach.
Fortunately, the available computer forensics from security information and event management (SIEM) solutions enables users to view all activity in the chain of events that occurred leading up to the attack, as well as the breach itself. Next-generation SIEM technology provides an in-depth analysis of where the offender entered the network, where he/she went once they got in, and what they were able to see and take.
For instance, a state government customer was recently under attack by nation-state cyber criminals that were trying to steal water filtration schematics; the thieves failed because the customer had next-generation SIEM technology in place. Using the security intelligence – including all network activity, derived from next-gen SIEM technology – the government agency was able to detect that an unknown source outside of the network had successfully accessed the network and that unauthorized file transfers were about to take place. The agency used next-gen SIEM’s forensics capabilities to identify how the thieves gained access, and was able to not only stop the attack in its tracks, but to prevent such attacks in the future.
In another recent government deployment, a customer used SIEM to correlate millions of daily security events with network activity and reduced this massive amount of data down to 40 actionable incidents. As a result, security analyst teams reduced the time it takes to detect, isolate, and perform forensics of complex security threats from days to minutes.
But more importantly, Security Intelligence leveraging next-gen SIEM technology delivers complete threat context (assets, applications, users) for government agencies – before attacks occur – and includes comprehensive forensics afterward, to simply, accurately, and thoroughly respond to incidents and assess impact. Such solutions also provide the ability for agencies to identify threats, including insider fraud such as attempted transfer of intellectual property outside the agency. By providing all associated network, asset vulnerability and identity context related to such incidents, next-gen SIEM technology provides comprehensive forensics for security and operations teams.
Karl Klaessig is the senior manager of industry marketing for the Federal division at Q1 Labs. He can be reached at karl.klaessig@Q1Labs.com.
