More examples of security activity monitoring - using the Intellitactics SIEM solutions.
One of our SIEM customers had a potential problem with employees choosing to use the public wifi at work since it didn’t have any of the restrictions presented by the corporate wifi. Then they would connect back in with a VPN to do their work. Now the Intellitactics SIEM solution can check for a VPN login under a user name and alerts if the user had badged into the building in the last 8 hours. The SIEM solution monitors the physical badge reader for this effective correlation. Not all SIEM solutions are created equal: Intellitactics SIEM solutions monitor just about anything that generates a log and correlates the data with other monitored events.
Here’s another example made possible by using your SIEM solution to monitor a physical device – like a badge reader. The company wanted to know when employees tried to badge into areas of the building they had not badged into in the previous two weeks. Similarly, they monitored to identify instances of multiple failed badge swipes at any particular badge reader or zone of readers in a three day period. The SIEM solution had correlations to look for all of these conditions.
Tomorrow - the quick list of activities to monitor with your SIEM to identify insider threats.
Powered by Compendium Blogware
Comments for Number 10 on the Top 10 List - Security Activity Monitoring