GDPR states that the institutions must obtain explicit consent from individuals before collecting their personal data and keep these data strictly confidential. It makes institutions obligated to take technical precautions for the reasons below: Examining data access and flow on the network infrastructure Detecting data violations within 72 hours after they occur. Conducting appropriate post-violation activities such as creating incident report or automatically eliminating a violation.
Logsign SIEM groups parameters such as the number of log-in attempts, username, and user IP address to collect unsuccessful log-in attempts and creates incidents after a certain limit is passed. Logsign SIEM warns IT managers via SMS / E-mail if an unauthorized user access is detected.
Detection process of unauthorized access begins with Logsign SIEM correlation techniques by using authentication source logs.
The user is labeled as Attacker after a behavioral analysis is conducted with correlation.
After the attacker begins the unauthorized access activity, logs are enriched by conducting behavioral analysis with the logs received from sources. Attacker’s activities are correlated and shown on relevant dashboard panels.
Activities and relevant alerts are sent to IT managers via SMS / E-mail to warn them.
According to the insider threat statistics provided by the Verizon Data Breach Investigations Report, three of the first five reasons of security incidents are related to an insider threat.
Network attacks are getting more complicated in today’s security environment. To obtain basic access information, attackers use various methods such as Phishing attack or Malware infection.