How to monitor and detect events in a corporate network?

Challenge

Workstations in organizations are constantly subjected to attempts to break through security and carry out cyber attacks. Therefore, every company faces the demanding challenge of having to constantly monitor a large amount of network traffic to stay abreast of incidents and detect threats.

One company in the medical industry had 700 workstations that generated a lot of network traffic. To ensure the company’s ICT security, it became necessary to be able to proactively monitor events on the company’s network in real time for up to 60k EPS and up to 20 Gbps of network traffic. An integrated client was required to identify all of these within the existing security architecture.

Solution

The ideal solution for this kind of challenge is a SIEM-class system that will simultaneously act as a threat hunting platform. This type of solution allows you to monitor, collect, report and manage logs. It gives members of the security team a full view of what is happening on the network in real time. This, in turn, helps solve many data protection challenges, including identifying a cyber attack.

The tool that accomplishes such tasks is the NetWitness Logs module within the RSA NetWitness platform. It provides end-to-end access to network knowledge beyond the standard SIEM.

Effects

The implementation of a SIEM solution ensures that the stability of critical business processes, the breach of which could cause financial and reputational losses, is secured. If symptoms of an attack are detected, the SOC team receives all information about the incident in real time. As a result, it is able to take appropriate action quickly.

Moreover, generating a report that includes a full PCAP dump, file extraction, and email reconstruction allows providing the Supervisory Authority with comprehensive information on the incident.

We are waiting for your questions