Seen on PhysOrg:
Computer experts have always struggled to find solutions for protecting businesses and authorities from network breaches. This is because there are too many vague indicators of potential attacks. With PA-SIEM, IT managers have a solution that effectively protects their systems while exposing data thieves and criminal hackers more quickly than conventional software.
When hackers targeted the German Parliament in 2015, it made headlines. The worrying thing about it was that the attack went undetected for a considerable period of time. In fact, it was only discovered by chance, by which time 16 gigabytes of data – consisting mainly of documents, e-mails and keyboard logs – had already landed in unauthorized hands. Cyberattacks like this one frequently hit authorities, businesses and other organizations. As an initial entry point, attackers often use phishing e-mails to gain access to the recipient’s computer, or they infect websites regularly visited by the victim. As things stand, IT security experts can do little to prevent it. Although many organizations are collecting security-related event logs in their security information and event management (SIEM) systems, these systems also contain vast amounts of data about legitimate day-to-day operations, such as details of which users have logged in and logs of websites visited. It is simply not feasible for computer experts to fish out the alerts indicating a potential attack from this endless sea of data. In reality, SIEM systems often resemble data graveyards.
In the future, it will be possible to uncover network attacks more quickly.
Read more from Fraunhofer-Gesellschaft on PhysOrg.