How do I get to know the different types of attacks my organization is subjected to?
Enterprises face both external and internal threats to their data, network and IT assets. These days the attacks are so sophisticated (like IP spooﬁng and DDOS attacks) very often the enterprises become aware of the threat), only after they have been compromised. This can lead to financial loss, civil liabilities due ageto customer law suits, serious disruption of dat-to-day operations and loss of image with customers and regulatory agencies. So it is important for enterprises to have a proactive system to keep track of activities in their network and other IT assets by analyzing the logs of activities on their servers, routers, switches, firewalls, intrusion detection systems etc.
Mindtree's security log review and analysis service is based on industry-best practices in analysis and reporting. It is multi-faceted and extremely customizable to suit your requirements. Our log analysis can be done on a daily basis to help you take immediate measures against threats or on a weekly basis to analyze trends and change policies or on a monthly basis to analyze weekly trends, analyze dormant anomalies and take action based on accumulated data and thereby improve your security posture step by step.
Mindtree's security log review and analysis service will involve understanding of your – network topography and security policies, classiﬁcation of IT assets, operating systems and applications and the setting up of criteria to classify severity of security events to identify incidents to take action on. The process of log analysis will include prioritization of log entries by using parameters such as source and destination IP address, identifying the log source, ﬁnding out the frequency of entry, identifying the device on which the event has occurred, identifying the attack signature, evaluating the initiator and target IPs and calculating duration of the event. Our report will give both strategic and tactical recommendations and some of the key areas covered in our report would be – key problems needing management attention, top attacks your organization has faced during a particular period, compliance violations noticed, immediate action steps the management needs to take, top user account privilege changes during a particular period, changes required in ﬁrewall rules etc.
Mindtree delivers this service through our ISO 27001 certiﬁed ArcSight deployed Global Security Operations Centre (GSOC). This GSOC is staffed with certiﬁed and experienced security professionals (they have certiﬁcations like CISA, CISM, CEH, AESA and technical certiﬁcations across various security technologies) who monitor and manage your services 24x7x365. GSOC is a global operations centre and a single point of contact for all your support needs. Our tools deployed in GSOC identify real threats in IT infrastructure and eliminate false positives leveraging the advanced event correlation capabilities of ArcSight. Client speciﬁc delivery models (in-premise, shared services and hybrid) and SLAs are executed.