LOGbinder Blog

Updates, Tips and News   RSS Feed  

«  Sensitive Information is ... | SIEMs that can protect yo... »

Application Audit Can Shorten Intrusion Detection Timeline

Mon, 25 Jan 2016 14:21:22 GMT

The CEO of one of the world’s largest and progressive companies said in a speech last November “the top eight or so data breaches [in 2015] have led to 160 million data records being compromised.” He continued his remarks to government and business leaders by saying “the biggest challenges that we all face is the time to detect an intrusion; it’s something like 229 days between when you have been intruded versus when you know and you can start to respond.”

If that’s true, and we’ll take Satya Nadella at his speech-writers’ word, we can get you 228 days back.

While it may take 229 days to detect an intrusion, you can get application security audit events within minutes. One reason why we stress the importance of watching what matters most, the applications’ stored information: it can help to reduce your data breach time-to-detection.

For years Microsoft has done everyone a favor by building a robust security audit function in their enterprise information-storing applications (Exchange, SharePoint and SQL Server). Because of this, LOGbinder tells your SIEM about application security-related events in minutes. Which fact has led many of the globe’s most advanced and security-focused organizations to add LOGbinder to their InfoSec budget. (Note: see our blog post about the 24-hour delay associated with Exchange mailbox audit and what we are doing to address that problem.)

Application Security Audit Must Be a Priority

Don’t confuse intrusion detection with application audit. The time it takes for you to detect an intrusion may be, to a very large extent, a factor outside a reasonable domain of control. Monitoring the information stored inside applications isn’t.

So, forget thinking 229 days for intrusion detection is the just “the way it is” in your shop. We think the best intrusion detection ROI comes from LOGbinder software watching the sensitive information for your SIEM security analysts. It can begin feeding your SIEM today, in fact.

Think about it. You are looking the wrong way if there’s no “close eye” on confidential information. Watching your sensitive information inside applications, and feeding their security audit events to the SIEM within minutes (or seconds) has got to be a priority. Frankly, it is inexcusable for an organization to fail to have at least a daily report on the safety of its sensitive information.

Application security audit is not “the solution” all by itself, but it is a critical InfoSec component. Such audit allows security analysts to monitor with greater effectiveness and in much smaller windows of time.

Comments disabled

powered by Bloget™