Information Security Analysis and Monitoring

Two main areas are addressed in Information Security Analysis and Monitoring.  The Analysis phase determines the Vulnerabilities, Security Exposures and the Attack Vector against the Enterprise.  Monitoring is a continuous process where all critical systems, including upstream and downstream, and monitored and the logs collated to a central system.

      

Lower Your Attack Surface:

Active and Passive Security Analysis

Active Security Analysis is the process of using specialized software to scan systems and networks for resources, determine the vulnerabilities and then the probability of an threat to be realized.
Passive Security Analysis is agents distributed across a network to perform deep packet analysis and determine vulnerabilities and possible information disclosure that may lead to a compromise of a system.

Big Data Logging and Analysis

Where feasible, monitoring is used to log from disparate systems to a central logging server for real-time analysis of data points. This data can also be used as supporting evidence for forensic analysis.  Techniques that allow for data reduction using folding and de-duplication.
SACS Logging Engine uses both raw UDP and TCP connections along with published REST APIs to ensure compatibility with many requirements.  Out the box, it has the ability to scale to 10 thousand concurrent connections, and can be increased if required.

The back-end can be any type of database management system or a flat file system.

Efficient & Effective Security Controls

Without knowing the real and persistent threats in your enterprise, it is not possible to spend on controls without wasting company profits.  Examples we have seen in the field include large investments on Intrusion Detection Systems (IDS) and placing them at the wrong network points resulting in failure to detect threats.  Management feels comfortable as they have spent the budget.

Using the knowledge gained from a Security Analysis, adequate protection and compensating controls can be implemented to have assurance and protection on resources and data-flow.

Post Review Threat Notification

Security threats evolve continuously and the saying … ‘You do not know what you do not know’ is the crux of the threat matrix.  The best approach is the monitor all key points in network and identify any new unknown device and perform a threat analysis as soon as possible.  This will improve the organisations Security Stance

→ Internal Threats
→ Syndication Threats
→ External Threats

→ Natural Disasters

One of the areas that we have seen during frauds is syndication getting involved with staff and using staff to be the conduit to commit the technical steps.  Staff could be approached to share in the takings or staff with financial, gambling, substance abuse or family problems may be leverage.

Current Process

Our Security Monitoring is not limited to the technical attributes of the system such as network devices, logon events but also to social profiles and user behavior.   Using disparate data collated to an intelligent server which can handle different protocols, services and highly scalable.  Many of these services can be housed using appliances with critical notifications monitored via a multitude of devices.  This can be done by your staff or using notification using secure encrypted tunnels to our Secure Operations Centre (SOC).

→ TCP and UDP scalable services
→ REST Services
→ Store-for-forward ensuring delivery
→ Security-as-a-Service (SaaS)

You can never outsource security but you can co-source it.  Make sure that all areas are covered and that there is a continuous process of knowledge transfer and development of own staff.

Technology is not the only solution, but the interaction and the collation of information to realize the threats against your enterprise assets and resources.  It is better to have some monitoring in place and take small steps to a final solution.  Do not wait for fraud to be reason to put a solution together.