The CEO of one of the world’s largest and progressive
companies said in a speech last November “the top eight or so data breaches [in
2015] have led to 160 million data records being compromised.” He continued his
remarks to government and business leaders by saying “the biggest challenges
that we all face is the time to detect an intrusion; it’s something like 229 days between when you have been intruded versus
when you know and you can start to respond.”
If that’s true, and we’ll
take Satya Nadella at his speech-writers’ word, we can get you 228 days
back.
While it may take 229 days to detect an intrusion, you can
get application security audit events within minutes. One reason why we stress
the importance of watching what matters most, the applications’ stored information:
it can help to reduce your data breach time-to-detection.
For years Microsoft has done everyone a favor by building a
robust security audit function in their enterprise information-storing
applications (Exchange, SharePoint and SQL Server). Because of this, LOGbinder tells your SIEM about application
security-related events in minutes. Which fact has led many of the globe’s
most advanced and security-focused organizations to add LOGbinder to their
InfoSec budget. (Note: see our blog post about the 24-hour delay associated with Exchange
mailbox audit and what we are
doing to address that problem.)
Application Security
Audit Must Be a Priority
Don’t confuse intrusion detection with application audit.
The time it takes for you to detect an intrusion may be, to a very large
extent, a factor outside a reasonable domain of control. Monitoring the
information stored inside applications isn’t.
So, forget thinking 229 days for intrusion detection is the
just “the way it is” in your shop. We think the best intrusion detection ROI comes from LOGbinder software watching
the sensitive information for your SIEM security analysts. It can begin feeding your
SIEM today, in fact.
Think about it. You are looking the wrong way if there’s no “close
eye” on confidential information. Watching your sensitive information inside
applications, and feeding their security audit events to the SIEM within minutes (or seconds) has got to be a priority. Frankly, it is inexcusable for an organization to
fail to have at least a daily report
on the safety of its sensitive information.
Application security audit is not “the solution” all by
itself, but it is a critical InfoSec component. Such audit allows security
analysts to monitor with greater effectiveness and in much smaller windows of
time.