<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

Partner Digest: Week of 7/22/20 - Data Types to Prioritize and Insider Threat Best Practices

Read More

All Posts

Partner Digest: Week of 7/22/20 - Data Types to Prioritize and Insider Threat Best Practices

Partner Digest

Datashield Partner Digest for the Week of July 22, 2020 - At Datashield, we pride ourselves on partnerships and are always looking for way to highlight what's new in the industry and with our partners. This helps us bring out the latest and greatest trends and key features for the services we use to bring you the best in MDR service.

Check out our latest partner updates:

What Data Types to Prioritize in Your SIEM - Top 7

sumologic

Customers regularly ask me what types of data sources they should be sending to their SIEMs to get the most value out of the solution. The driver for these conversations is often because the customers have been locked into a SIEM product where they have to pay more for consumption.

  1. Firewall Logs – Firewall logs are a great source of detailed flow information. However, with many of the next generation firewalls, you also get rich data on application types, threats, malware, C2 and other similarly interesting things.

    It’s important not to limit this data to just your perimeter firewalls. If you have firewalls between your user segment and your Data Center or even micro-segmentation inside the Data Center, send all of these logs to your SIEM. Where your end users are connecting is critical information from a threat analysis perspective. Internal visibility is key to looking for lateral movement.

  2. Proxy/Web Filtering Logs – Your NG Firewall may already include this data, but if you use a separate Proxy or Web Filtering solution, these logs should absolutely be sent to your SIEM too. The IP, Domain, and URL information is naturally very important and can give you information on connections to known-bad locations. And if you can also capture the User-Agent string, then you should. This can give the threat hunter lots of insight into what might be happening. There are countless stories about finding major breaches and issues by monitoring the various user-agent strings in an environment and investigating the anomalous or uncommon ones you find.

  3. Other Network Security Products – Some of these may already be covered with a next generation firewall, but you may have standalone systems in place. Logs from tools like Network IPS/IDS, Network DLP, Sandboxes, and even router NetFlow data are all rich intelligence sources for the SOC analyst.

Read more here

6 Best Practices to Fight a New Breed of Insider Threats

Carbon Black logo digest

The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks attacks during the pandemic according to data presented in the VMware Carbon Black Modern Bank Heists 3.0 report.

Use the following 6 best practices to combat these insider threats.

  1. Visibility is key—Know when you’re under attack, and when you aren’t. Conduct threat hunting on a monthly basis. Make sure you’re capturing all the data about your environment and storing it for at least 30 days. Leveraging data and analytics is crucial to creating a window into what is happening—or has happened.
  2. Don’t have a kneejerk reaction—Don’t rush to turn off all your servers. Find out what they’re doing. You need to sit and watch them, map out their activity.
  3. Take communications offline or on a separate channel—Odds are the attackers are monitoring your communications. Establish secure communications on a separate channel to make sure the attackers are following your every move.
  4. Create a separate war room—Here you can do physical forensics on compromised hardware. Make sure the room is separate and controlled, too. It’s important to log all the activity.
  5. Employ micro-segmentation—Flat networks are more susceptible to hacking methods, like lateral movement. Micro-segmentation divides the data center into distinct security segments, which are then assigned unique controls and services.
  6. Cover your bases legally—As covered, it’s vital to log all the activity for analysis and research but also to have an audit trail.

Read more here...

 
Topics from this Article

Sumo Logic, Carbon Black, SIEM, News, Security Information and Event Management, Insider Threats

Justin Bahr
Justin Bahr
Justin Bahr is one of Product Managers at Datashield focused on technology partnerships, analytics and business intelligence.
Schedule a Consultation
Search

Lists by Topic

see all
Blog Contributors

Posts by Tag

See all
Blog Topics

Blog Topics

See all

Related Posts

Lumifi Cyber Acquires Datashield to Deliver Next-Generation Managed Detection and Response

Combines AI and Machine Learning-Based Software with MDR Services to Provide Fortune 500-Grade Security to Companies of All Sizes Palm Desert, CA and Scottsdale, AZ — May 3, 2022 — Lumifi Cyber, Inc., a next-generation managed detection and response (MDR) cybersecurity software provider, today announced its acquisition of Datashield, Inc., an end-to-end cybersecurity resilience services provider, to deliver Fortune 500-grade security to companies of all sizes for an affordable monthly price.

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security

Datashield, a Lumifi company, has been a leading managed cybersecurity services provider for over a decade. Our consultative process and approach to managed detection and response help our clients establish a truly resilient cybersecurity strategy.

 

Contact Us

 

Providing Managed Detection and Response (MDR), Outsourced SOC, SOC as a Service, Threat Hunting, Threat Validation, Threat Remediation, Endpoint Detection and Response (EDR), Email Protection, Device Configuration & Tuning, Vulnerability Management, Perimeter Defense and more.
Services
Technology
Company

© Copyright 2020 DATASHIELD. All rights reserved.