The Ponemon Institute 2015 Cost of Cyber Crime Report, which cites that the average resolution times have increased 41% from 32 to 45 days between 2014 and 2015, inspired István Szabó, Product Manager of syslog-ng at BalaBit to share this advice.
“This data aligns with recent reports,” said Szabó. “According to the latest Verizon Data Breach Investigating Report, in 60% of cases attackers are able to compromise an organization within minutes.”
BalaBit has customers around the globe including a significant percentage of Fortune 100 companies. BalaBit’s Contextual Security Intelligence (eCSI) gives enterprises real-time analyzed monitoring information to support security decisions and increase business efficiency, while providing IT with reliable Log Management, Privileged User Monitoring and User Behavior Analytics. BalaBit, founded in 2000, has long track record as the developer of syslog-ng, the most popular open source log management tool with more than a million corporate users worldwide.
“Time is the key in similar situations,” added Szabó, offering the following three steps to accelerate response times:
- Detection: a monitoring solution with real-time alerting and blocking capabilities helps to detect possible attacks faster. It's important that this is automatized, as human interaction is always much slower.
- Investigation: providing relevant context for the security team lets them focus on the important events. Accurate contextual information (such as logs, activity monitoring audit trails, etc.) enables the team to accelerate the forensics investigation and response.
- Be prepared for the unexpected: having security policies, guidelines and action plans have to be defined in advance. There should be as much as possible automated, or at least standardized processes to implement counter measures instead of just improvising.
Read the report (registration required)