Mitigating Security Threats
In parts 1 and 2 of this blog series, we went over SIEM and its role in performing a thorough audit of your network. Now that we’ve got the basics out of the way, it’s time to get into the tough stuff: mitigating security threats. After all, it’s 2017 and cyber threats are rampant. You need to be in a position to combat security threats in order to secure your enterprise.
First, it‘s important to understand how attackers are able to carry out attacks. Attackers exploit vulnerabilities in your network to try and breach your security, so the first step in threat mitigation is detecting and sealing these security flaws. Not an easy task, but a SIEM tool can lend a hand.
The second thing to understand about attacks is that they usually follow a pattern, meaning you can associate a set of events with a particular type of attack. For example, a brute force attack, wherein an attacker tries to force their way into your network, will have several failed logons as the hacker tries to guess a password. When it comes to ransomware, you’re going to see process creations and key changes on affected systems, as well as (several) file modifications. A SIEM tool’s correlation and alerting functionality can help you identify and mitigate these kinds of security threats.
Correlating events occurring in your network
We‘ve talked about “context“ in the first two parts of this blog series. Event correlation means associating or linking different events occurring in your network. This is needed because an individual event occurring in your network may not make much sense on its own.
Read the entire article here, Mitigating security threats « ManageEngine Blogs
via the fine folks at ManageEngine