SIEM Use Cases

PCI DSS: Monitoring & Detecting Unauthorized Access Privilege or Suspicious Data Access

Payment Card Industry Data Security Standard (PCI DSS) is the international standard protecting the card owner data from malicious use or theft. Institutions accepting payment cards must follow the Payment Card Industry Data Security Standard. Institutions need to apply the technical regulations below for PCI DSS compliance: Monitoring access to network sources and card owner data. Making audit trails safe for them not to be changed. Regular testing of security systems and processes.

How to Monitor and Detect Unauthorized and Suspicious Network Connections

Logsign SIEM can detect the access activities to IT systems by correlating them. Audit logs and process creation logs are used during the detection process. Cyber attacker is detected by means of the findings obtained after the logs are analyzed.
1.

Detecting Compromised User

Logsign SIEM identifies abnormal behavior of users by means of correlation. For instance, Logsign SIEM creates alerts to warn relevant IT managers in case of access to extraordinary data or systems at extraordinary hours.

2.

Detecting Suspicious Privileged Authorization Increase

Main target is to detect privileged user account accesses. Logsign SIEM immediately identifies users that increase authorization for critical systems.

3.

Command and Control (C&C) Communication

Logsign SIEM may associate the network traffic with Cyber Intelligence Module to discover malware that communicates with external attackers. This refers to a compromised user account.

4.

Detecting Data Leakage

You can use Logsign Correlation and Cyber Threat Intelligence (TI) service to analyse incidents that may seem irrelevant – such as USB disc driver adding and process information, personal e-mail services, cloud storage services or creating high data traffic through local network.

5.

Rapid Ciphering

It can detect the ciphering of the data on user systems. These abnormal movements on user data may be a ransomware attack.

6.

Detecting Lateral Movements

Lateral Movements can be detected via alert rules created based on the Mitre Attackframework.

Other SIEM Use Cases