IT-Analysis.com
IT-Analysis.com Logo
Business Issues Channels Enterprise Services SME Technology
Module Header
Louella FernandesLouella Fernandes
Louella Fernandes
22nd April - Internet of Things: A New Era for Smart Printing?
Simon HollowayThe Holloway Angle
Simon Holloway
18th April - Virgin Media expose private email addresses
Craig WentworthMWD Advisors
Craig Wentworth
17th April - Box's enterprise customers step forward to be counted
Craig WentworthMWD Advisors
Craig Wentworth
16th April - Egnyte the blue touchpaper...

Blogs > Quocirca

Beyond point security: advance IT security intelligence
Bob Tarzey By: Bob Tarzey, Service Director, Quocirca
Published: 12th June 2012
Copyright Quocirca © 2012
Logo for Quocirca

Point security products such as firewalls, host-based anti-virus and email filtering have a job to do and often do it reasonably well. Arguably if they did not businesses would not buy them, although sometimes purchases are made more for compliance purposes than security ones; for example installing full disk encryption on laptops because the data commissioner’s office says it should be.

However, even if the best point security products are in place, this does not mean 100% security; they all miss things. Many anti-virus products rely on malware samples having been previously recorded and added to the vendor’s databases; new malware (a “zero-day” attack) is not so easily spotted. Intrusion prevention systems will do nothing to stop a hacker gaining access with stolen credentials.

To get a broader insight into the effectiveness of their IT security and compliance posture, businesses have been investing in security information and event management (SIEM) tools over the last decade or so. These tools allow them to see what has being going across their systems, for example comparing router logs with server access requests to notice that data was copied to a particular IP address using the credentials of a former employee. Such hindsight is useful, but it would be better if such events could be identified and stopped as they happen.

This is now possible. Some of the leading vendors of SIEM tools have souped them up and linked with intelligence engines that co-ordinate policy. This enables them to act as real time defence mechanisms, providing an additional security overlay to supplement point security products - so called next generation SIEM or advanced IT security intelligence. This enables sophisticated correlations of log data, event data and other IT intelligence data to identify and take action of a wide range of IT security, compliance and other issues.

Quocirca will be discussing how advanced IT security intelligence can be used to protect against a range issues in a webinar on June 19th with McAfee. These include: 

  • Stopping an impossible access request
  • Identifying and preventing zero day attacks
  • Linking physical and IT security to protect critical infrastructure
  • Spotting and stopping suspicious sys-admins’ activity

To find out more and register for the event please click here.

Advertisement



Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: