SIEM Use Cases

GDPR: How to Detect Unauthorized Access to Personal Data

GDPR states that the institutions must obtain explicit consent from individuals before collecting their personal data and keep these data strictly confidential. It makes institutions obligated to take technical precautions for the reasons below: Examining data access and flow on the network infrastructure Detecting data violations within 72 hours after they occur. Conducting appropriate post-violation activities such as creating incident report or automatically eliminating a violation.

How to detect unauthorized access to personal data with Logsign SIEM

Logsign SIEM groups parameters such as the number of log-in attempts, username, and user IP address to collect unsuccessful log-in attempts and creates incidents after a certain limit is passed. Logsign SIEM warns IT managers via SMS / E-mail if an unauthorized user access is detected.

01

Detection process of unauthorized access begins with Logsign SIEM correlation techniques by using authentication source logs.

02

The user is labeled as Attacker after a behavioral analysis is conducted with correlation.

03

After the attacker begins the unauthorized access activity, logs are enriched by conducting behavioral analysis with the logs received from sources. Attacker’s activities are correlated and shown on relevant dashboard panels.

04

Activities and relevant alerts are sent to IT managers via SMS / E-mail to warn them.

Other SIEM Use Cases

Identifying Insider Threats

According to the insider threat statistics provided by the Verizon Data Breach Investigations Report, three of the first five reasons of security incidents are related to an insider threat.

Learn more
Detecting Lateral Movements

Network attacks are getting more complicated in today’s security environment. To obtain basic access information, attackers use various methods such as Phishing attack or Malware infection.

Learn more
How to Detect Superman VPN User

Employees of corporate firms work in offices and on the field in geographically different places. It is very difficult for these locations and staff to connect to the headquarters from point to point due to costs and infrastructure problems.

Learn more