Indicators of Attack

The Importance and Difference Between Indicators of Attack and Indicators of Compromise

Introduction

The recent headlines attest that no organization is immune to targeted attacks launched by skilled, persistent adversaries. These highly sophisticated attackers gain unprecedented success against large and even well-equipped organizations across the world. The detection of these attacks is a daunting task. However, if you are well aware of the Indicator of Attacks (IoA) and Indicators of Compromise (IoC), then you can resolve issues with better outcomes. In fact, the IoA and IoC are the two methods of detection in the security marketplace.

Continue reading

SIEM use cases

Making SIEM Use Cases

While threats continue to evolve every day, modern-day businesses cannot remain in oblivion and wait for the attackers to exploit a vulnerability or disrupt their business operations. Logsign experts recommend that businesses should be proactive while dealing with their cybersecurity. As a proactive measure, many of our clients have implemented Logsign SIEM solution to get a single-point view of their organization’s security posture. In this article, we are looking at how we can create a use case on the Logsign SIEM platform.

Continue reading

Building efficient SOC

Find the Correct MSSP or Build an Efficient SOC? (Part 1)

Introduction

Whether you are a CIO or chief executive of your company, the headlines of cybersecurity threats and attacks might be worrisome for you. There is always a question about how to ensure the cybersecurity of the organization to avoid financial, compliance and reputational risks. Today, to deal with ever-growing, fast, and sophisticated cybersecurity threats and attacks, enterprises either find the correct MSSP (Managed Security Service Provider) or build an efficient SOC (Security Operation Center). In either case, the role of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) are indispensable.

In this article, we will detail how organizations choose either MSSP or build SOC and how SIEM and SOAR solutions play a crucial role in the MSSP and SOC security solutions.

Continue reading

4 Step Guide to OT Security

4 Step Guide to Stronger OT Security

Introduction

The cybersecurity of industrial systems is becoming a hot topic in today’s headlines. Since connectivity to external networks is being increased significantly, security is becoming the priority in industrial IT and Operational Technology (OT). Many organizations don’t have a reliable cyber defense against their OT assets.

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued an Alert (AA20-205A) to urge all National Security Systems (NSS), Department of Defense (DoD), Defense Industrial Base (DIB), and other U.S critical infrastructure to take immediate action to secure their OT assets.

In this article, we will detail 4 guide to strong OT security. If your organization needs a strong OT security, then read on.

Continue reading

Cyber Kill Chain use areas

How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 2)

Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.

Continue reading