The detection of conspicuous behaviour within the in-house systems is a crucial point of today’s cyber security. However, most threats will remain undetected. Attacks are more and more professionally prepared, highly elaborated and designed as advanced persistent threats and multi-staged IT security incidents for long-term use and damage. Over weeks and sometimes months, attackers move undetectedly about the in-house network, withdrawing continually information or waiting for the opportune moment to interfere.
But all is not lost, because these threats for your business continuity can be identified, e.g. via deliberate intrusion detection and threat detection. With an automated 24/7-observation of the network behaviour and the data communication by using an enterprise threat detection system (ETD) as well as trained experts suspicious developments or actions can already be detected in an early stage. In doing so, however, enormous data amounts have to be considered with regard to the observation and investigation of the network traffic and information flows. Therefore, in-memory technologies are suited best to serve as a basis to evaluate and assess these huge data amounts effectively and in real time as well as to derive reliable forecasts.
Security Information and Event Management (SIEM)
If such tools and methods are intelligently interconnected with a security information and event management (SIEM), the daily defense will be significantly more efficient and reliable. SIEM solutions work similar to a ticket management system in a central IT service thus offering an overview about all incidents, containing guidelines and workflows concerning the reaction to and treating of IT security incidents while at the same time documenting all security-relevant processes. The respective sensor and log files can be transmitted automatically to the central cyber security operation center (SOC) to intervene as soon as possible and to take countermeasures accordingly to the criticality level of the incident. Digital forensic investigations of such incidents form the basis to be equipped better for future similar cyber attacks.