Security Solutions

Security Overview

Enterprise security is a continuous evolving process. As we all know, security incidents are inevitable, but how the organization is prepared or unprepared can drastically change the resulting damage. Today, understanding the full scope of enterprise activity is the key. Network monitoring alone is not enough to determine and mitigate threats from outside attackers or insider threats.

According to CERT which is a recognized authority on E-Crimes and Insider threats, the costs resulting from insiders are virtually equal to the damage resulting from outside criminals. The sheer volume of attacks is indeed higher from outsiders but, the costs from insiders are far worst on a per incident basis. CERT also point out that the trend of attacks from “unknown sources” is rising. This indicates that whoever the perpetrators may be, (insider or outsider) they are getting better at covering their tracks.

Log Fidelity’s Security Strategy

Log Fidelity believes in a balanced security strategy, not a network-centric only approach. This strategy requires monitoring of activity from all potential points of interest for perpetrators. This means log data from all log sources must be monitored for security purposes and aggregated for legal and compliance purposes.

Log Sources Include:

Network
Domain
Databases
Data

Must be Correlated with:

Applications
Systems
Source IP
Users

Complete Security Solutions Must Monitor All Critical Data Resources

Incident management capabilities are only as good as the log data that is gathered. Log data is essentially the trigger that spawns the incident detection, and the follow up investigation. There are many solutions on the market that provide monitoring of network activity. There are also newer products that log and monitor database activity to detect unwarranted database access activity.

Mitigating risks and detecting incidents made towards network resources and data is crucial in today’s security paradigm. However, utilizing two disjointed solutions can inherently limit the view and scope of any threat. Both of these approaches have limitations because they have a very narrow view of the enterprise. They can only be as good as the activity they log and monitor.

LogClarity® Enterprise Security Solution

The LogClarity® Enterprise Solution provides aUniversal Threat Management Framework that IT security teams can utilize as the foundation for managing incidents and understanding activity. Unlike typical SIM technology, which focuses on correlating only the outside information like source IP and other outside focus points, LogClarity® monitors all activity. Security teams have a much more in-depth view of context to deal with any threat.

LogClarity® also monitors and correlates all database activity and data access activity within the enterprise. The key point is that LogClarity® gives customers all of the information which empowers them to make the most intelligent decisions possible.

LogClarity® provides a Balanced Approach to:

Network Security Threats
Domain Security Threats
Database Security Threats
Data Security Threats

LogClarity® Pays Close Attention to Privileged Users:

Network Group & Account Monitoring
Active Directory Group & Account Monitoring
Server Role & Group Monitoring
Database Role & Account Monitoring
User-Defined Role, Group & Account Monitoring

Enterprise-Level Incident Management is the Key

Even the best information security infrastructure program cannot guarantee that malicious acts won’t happen. When security incidents occur, it is critical for an organization to have an effective means of managing and responding. Identifying and responding to valid incidents is crucial for any security program. Being able to analyze and respond to an incident will limit the damage done and lower the costs. Having an effective incident management and response plan is an important part of any organization’s security. Building a best detection and response process can help defeat or prevent malicious and unauthorized activities.

LogClarity® Incident Management Framework

LogClarity® provides powerful incident management for the entire enterprise. Solutions that only focus on network activity are limited. LogClarity® gives customers a way to intelligently monitor network activity; domain activity; privilege user activity; and data access activity inside databases and across the network. Any misuse of privileges or unwarranted access to critical data can be identified. Key stakeholders can be immediately notified within seconds. Any successful or failed attempt to access of misuse customer private information or intellectual property can be determined.

The LogClarity® Incident Management foundation provides a broad view and true scalability. This is essential for security policy enforcement, data theft prevention and risk mitigation for a wide variety of evolving threats.

Agile Forensics and Data Mining with LogClarity®

Once an incident has been identified, it is crucial that security teams have the means and the expertise to investigate. LogClarity® provides powerful forensics and data mining capabilities to track any type of incident. The key to forensics is first to be notified of a real incident. Then all related information should be tied in to verify it. LogClarity® can be used to filter log data from view, to get to the source of the incident quickly and expediently.

Log Management is Crucial for Security

LogClarity® also integrates security incident monitoring with log management automation and log protection for evidentiary purposes. Whether the attack is from inside or outside, understanding the full scope of the offender’s is actions is critical. Having all the evidence to prove has equal value.