Do you want real-time visibility into all system activity across networks, databases, and applications?
Security information and event management monitors system activity and gives you notifications and continuous insights into threats for immediate action.
Imagine being able to view activity in a concise and organized console, seeing security threats as they occur giving you the ability to react and remedy the situation in real time. Maintain activity logs, manage vulnerabilities, and view reports for alerts, including:
- Password guessing attempts, like 3 or more failed login attempts from a single host.
- Alerts from 15 or more firewall events from a single IP address in one minute.
- When malware is detected on a host.
Each of these security information events warrants immediate action to prevent further risk or vulnerability, and ongoing security information and event management is the modern response.
What happens when the system discovers an event?
When the system discovers an event, there is an established triage process that is followed to determine the risk level of an event, and how to handle. Events are processed as follows:
The most common examples for events by level of risk:
- Access during normal business hours
- Medium – Flagged and reviewed by the Cybersecurity team
- Scenario #1: A CEO or CFO entering an incorrect password and finding themselves locked out of a system. In this case, the team is immediately delegated to contact and assist the user.
- Scenario #2: A user logging in during off-hours from home from their laptop. Here, the team sees the odd timing but that the access from is from the user’s laptop and is less concerning.
- High – Flagged and reviewed by the Cybersecurity team
- Scenario #1: Login attempt from unknown location or location that is different from known location of user. This is considered a suspected attempt at breaching the network. The user is contacted for verification, and if no response within 15 seconds, user access is prevented.
- Scenario #2: Repeated attempts to access a network from one location are detected. This is treated as an immediate threat, and the team prevents access to protect the network, thus thwarting an otherwise potentially catastrophic event.
BlueHat Cyber performs vulnerability and risk assessments of IT processes, with a full review of IT systems to implement new security information and event management protocols to protect businesses from attacks.
Contact BlueHat Cyber today at (775) 210-0819 or at firstname.lastname@example.org for the peace of mind that comes with security from cybercriminal activity.