MDMMobile Device Management
Mobile Device Management
Millions of dollars have been invested in security products such as firewalls, intrusion detection, and strong authentication over the past several years. However, system penetration attempts continue to occur and go unnoticed until it is too late. As a consequence financial losses continue to skyrocket for organisations.
As average losses per respondent topps £1,000,000, it is not that security countermeasures are ineffective against intrusive activity. Indeed, they can be very effective within an organisation where security policies and procedures require analysis of security events and appropriate incident response. However, deploying and analysing a single device in an effort to maintain situational awareness with respect to the state of security within an organisations is the "computerised version of tunnel vision" . Security events must be analysed from as many sources as possible in order to assess threat and formulate appropriate response. Extraordinary levels of security awareness can be attained in an organisation's network by simply listening to what its devices are telling you.
When law enforcement agents investigate a murder, they do more than examine the body for clues. The investigative process calls for searching the surrounding crime scene, interviewing individuals who know the victim, and soliciting requests to the public for anyone who might have information related to the crime.
A similar process should apply to intrusion analysis. If your web server is attacked, analyse more than the web server logs. Search the firewalls and intrusion detection systems protecting the web server for other activity from the source address. Reviewing all of the information collectively provides a more complete picture of the incident and assists in answering the who, what, when, where, and why's of an attack.
Understanding the security concepts of correlation can be dramatically simplified if the responses of various network devices are examined in the face of a probe or attack. Independently obscure security events can be correlated from multiple logs, and in doing so provide the higher level of vision necessary for accurate and expeditious intrusion analysis.
Contact us arrange an appointment
For assistance and advice or to find out please contact us today to speak with a consultant.
0845 257 5903 in the UK
+44 1256 893662 from outside UK
By email firstname.lastname@example.org
Infosec Partners Ltd. Registered in England, company number 05380851