Payment Card Industry Data Security Standard (PCI DSS) is the international standard protecting the card owner data from malicious use or theft. Institutions accepting payment cards must follow the Payment Card Industry Data Security Standard. Institutions need to apply the technical regulations below for PCI DSS compliance: Monitoring access to network sources and card owner data. Making audit trails safe for them not to be changed. Regular testing of security systems and processes.
Logsign SIEM can detect the access activities to IT systems by correlating them. Audit logs and process creation logs are used during the detection process. Cyber attacker is detected by means of the findings obtained after the logs are analyzed.
Detecting Compromised User
Logsign SIEM identifies abnormal behavior of users by means of correlation. For instance, Logsign SIEM creates alerts to warn relevant IT managers in case of access to extraordinary data or systems at extraordinary hours.
Detecting Suspicious Privileged Authorization Increase
Main target is to detect privileged user account accesses. Logsign SIEM immediately identifies users that increase authorization for critical systems.
Command and Control (C&C) Communication
Logsign SIEM may associate the network traffic with Cyber Intelligence Module to discover malware that communicates with external attackers. This refers to a compromised user account.
Detecting Data Leakage
You can use Logsign Correlation and Cyber Threat Intelligence (TI) service to analyse incidents that may seem irrelevant – such as USB disc driver adding and process information, personal e-mail services, cloud storage services or creating high data traffic through local network.
It can detect the ciphering of the data on user systems. These abnormal movements on user data may be a ransomware attack.
Detecting Lateral Movements
Lateral Movements can be detected via alert rules created based on the Mitre Attackframework.
Windows file server acts as a file and folder storage that can be accessed by many users. Even though a working environment based on cooperation has many benefits, it may be difficult to prevent unauthorized access by monitoring the authorizations to shared folders.
Network attacks are getting more complicated in today’s security environment. To obtain basic access information, attackers use various methods such as Phishing attack or Malware infection.