Page 78 - Cyber Warnings August 2017
P. 78
One of the challenges to all the indicators of compromise above is that they require significant analysis of
data that’s not readily accessible at your fingertips. And quite often, you’re going to need to cross-
reference multiple sources of information to gain any kind of insight.
So the best place to focus your efforts is the logons. An attacker can rarely cause damage to your
organisation unless they are able to compromise a set of employee credentials. So important are login
credentials to attacks that Verizon, in its annual Data Breach Investigations Report, reported that 81% of
hacking-related breaches used either stolen or weak passwords, making logons the one common factor
across nearly all attack patterns.
By monitoring logon activity more closely, you can identify compromises before key actions, such as
lateral movement and data access, take place. That makes monitoring logons a pre-indicator to indicators
of compromise. It’s a bit like getting an alert to a burglar trying to enter your house via your front door
using your key — you’ll know before they’ve had a chance to set foot on your front doormat so you can do
something about it quickly.
It’s all about getting the information you need, when you need it, without needing to ask for it.
About The Author
François Amigorena is the founder and CEO of IS Decisions, a
provider of infrastructure and security management software solutions
for Microsoft Windows and Active Directory.
IS Decisions offers solutions for user-access control, file auditing,
server and desktop reporting, and remote installations.
Its customers include the FBI, the United Nations and Barclays who
rely on IS Decisions to prevent security breaches; ensure compliance
with major regulations; such as SOX, FISMA and HIPAA; quickly
respond to IT emergencies; and save time and money for the IT
department.
78 Cyber Warnings E-Magazine – August 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
