Traditionally, Security Event and Information Management (SIEM) was exclusively the domain of large scale enterprises with thousands of nodes and large budgets. Recently, with advancements in programming techniques and efficient tools to manage big data, a new generation of firewall log analyzers is available to any sized organization.
This development is just in time to help hold back the tide of cyber criminals, as the tools available for causing not only mischief but enabling profitable hacking are plentiful and easily available. So what are some best practices in navigating the new threat landscape?
For one, targeted malware has fundamentally changed how cyber attacks are executed. New malware programs, that is viruses, trojans, and worms and related command and control servers now seek to operate with enhanced stealth such that they compromised intended victims without their knowledge.
Therefore an increased vigilance is critical in order manage so called Advanced Persistent Threats (APTs). The always-on and actively inspected Firewall Log Analyzer is a cornerstone of a new breed of Intelligent Security Perimeters, that combines Unified Threat Management (UTM) firewalls with real-time event log aggregation and alerting.
How do these tools make a difference? For a start simply the fact that monitoring is in real-time, rather than inspecting historical reports, is an improvement over traditional log storage and retrieval. Secondly, since the payloads of modern malware requires only one point of entry into a system it means that ALL vectors must be monitored. This is absolutely a task calling for automation.
In our subsequent posts we will analyze the specific mechanisms for attack and how Firewall Log Analyzers enhance Intelligent Security Perimeters.