Subscribe

The vital security you don't own

Do you know where the biggest threat to your organisation lies? You should.


Johannesburg, 06 Sep 2017
Sybrand Strauss, Business Development Manager, ITR Technology.
Sybrand Strauss, Business Development Manager, ITR Technology.

Cyber attacks are on the increase. More than 4 000 ransomware attacks have occurred every day since the beginning of 2016, according to the FBI's Computer Crime and Intellectual Property Section. By September last year, ransomware attacks on business were happening once every 40 seconds, says Kaspersky Lab.

A frightening number of businesses don't have any idea what's happening in their environment. Threats like hacking and cybersecurity, the leaking of confidential data, could all be taking place and nobody is any the wiser. Sybrand Strauss, Business Development Manager at ITR Technology, says, "Nobody doing business in today's cyber insecure world can afford to be without some form of risk management solution and preferably one that provides real-time alerts."

Traditionally, companies protected themselves and their data by securing all access points via a firewall and anti-virus software, however these measures are no longer sufficient in the face of today's cyber criminals, and in an age where an attack is as likely to be launched from inside the organisation as outside of it.

What Strauss proposes is that businesses implement security information and event management (SIEM) systems so that they can track what actions are being carried out where on the network, and plan proactively to prevent cyber attacks from being successful.

A SIEM solution is able to provide insights and network security intelligence into user behaviours, network anomalies, system downtime, policy violations, internal threats, regulatory compliance, while also providing a birds' eye view of the overall state of the IT system. Anomalies can be detected and addressed immediately. Having a single overview of all of the components that make up the IT infrastructure is invaluable.

Strauss says: "Businesses need a solution that's capable of collecting, monitoring, analysing and archiving logs, tracking perimeter security devices such as firewalls, routers, and switches, while monitoring various types of servers and applications. It needs to monitor - and red flag when necessary - privileged user activities, as well as changes to the active directory in real time. So any unusual activity such as a login out of hours or from a foreign device or location will be immediately identified."

This will help businesses identify and clamp down on internal security threats, while defending against external attacks and speeding up incident response time. Strauss reiterates: "If companies can't see what's happening in real time across their network, they risk allowing threats to evolve and wreak havoc. Visibility and control are key elements of proactive threat management."

However, the use of SIEM software is not restricted to threat management, it can also be used to prove compliance with regulatory requirements such as the PCI-DSS and ISO 27001 to name a few. Companies that are subject to onerous legal requirements can simplify their reporting processes and ensure compliance.

"Companies of all sizes and across all industries need to be better prepared to fight against a new breed of cyber attacks that is evolving rapidly. In order to do so, they should consider SIEM solutions that are built to enhance IT management efficiency while also improving the security framework," concludes Strauss.

Share