Editor’s Note: A Verizon analysis of Intellectual Property Theft based on their 2012 Data Breach Investigations Report highlighted the importance of comprehensive monitoring and analysis of log data for detecting and preventing intrusions. The Intellectual Property Theft analysis is attached here.
In addition to the IP Theft analysis report, Verizon and their law enforcement partners released our other analyses: the Healthcare Industry analysis is attached here; the Finance and Insurance Industry analysis is attached here; the Retail Trade Industry analysis is attached here; and the Accomodations and Food Serviced Industry report is attached here.
From: Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information Security Service, Police Central e-Crime Unit, and United States Secret Service.
Log Monitoring and Analysis
Monitor and filter network egress traffic.
At some point during the sequence of events in many breaches, something (data, communications, connections) goes out that, if prevented, could break the chain and stop the breach. By monitoring, understanding, and controlling outbound traffic, an organization will greatly increase its chances of mitigating malicious activity.
Enable application and network logs and monitor them.
All too often, evidence of events leading to breaches was available to the victim but this information was neither noticed nor acted upon. Processes that provide sensible, efficient, and effective monitoring and response are critical to protecting data. However, don’t just focus your logging efforts on network, operating system, IDS, and firewall logs but neglect remote access services, web applications, databases, and other critical applications. These can be a rich data set for detecting, preventing, and investigating breaches.
Leave a Reply