Log Monitoring and Malware Scanning: Stay Ahead of the Threat Curve

balaji
By balaji

April 14, 2009

As a reader of Palisade, you most likely care about security. You have in all probability trained your developers, tested your applications and networks, reviewed your network architecture, and brought patch management under control. What next? How can you continue to stay ahead of the Threat curve?

As a reader of Palisade, you most likely care about security. You have in all probability trained your developers, tested your applications and networks, reviewed your network architecture, and brought patch management under control. What next? How can you continue to stay ahead of the Threat curve?

In this article, we look at two defenses being adopted rapidly and doesn't break the bank: Log Monitoring and Malware Scanning. Both these solutions actively monitor your network, applications and websites continuously.

24x7 Log Monitoring

24x7 Security Log Monitoring is a defense organizations can leverage to protect their networks and applications from malicious attackers. Servers, firewalls, routers, databases, applications and most intelligent devices generate logs in industrial quantities. Most of the logs reflect standard transactions and legitimate activities. But logging devices are quite democratic and will capture everything you ask it to log. That means you will also have logs of all the illegitimate transactions and activities.

The first step in setting up a log monitoring program is to determine which devices and what activities to monitor. Next, configure logging on those devices to send the desired logs to a log collector. Once log collection is implemented, the logs are collected in one place and normalized i.e. modified to have the same formats and then fed into a log correlation engine. The log correlation engine is interesting: it studies all the events from the perimeter routers, firewalls, applications and spots the relationship between seemingly unrelated events. Analysts at a 24x7 Security Operations Center can study the results of this correlation and spot the attack needles in the events haystack.

PCI DSS 1.2 mandates merchants to collect and review security logs of security devices and systems that process, store or protect card holder data. Any organization that has critical information assets on the web can benefit from 24x7 security log monitoring. With most providers offering a global delivery model, the costs for this service have come down in the last 2 years. This is a good time to take advantage of 24x7 Log Monitoring and monitor your critical IT infrastructure in real time.

Daily Malware Scanning

Experts estimate that 10% of the websites are at any given time infected by malware. A large percentage of these are compromised through SQL Injection vulnerabilities. Malware writers infect websites with SQL Injection exploits; the malware then infects users who visit the infected website. Once a user is infected, the malware installs keystroke loggers and sniffers on the victim's machine, sending sensitive data to the adversary.

One defense is to scan your websites frequently for malware infections. That involves crawling all your websites and identifying your entire web page inventory that is publicly accessible. The sections of your websites which are publicly accessible are most vulnerable; sections behind login pages are safer from malware infections.

Once the entire web page inventory is identified, the pages should be scanned using multiple malware, virus and spyware detection software. As with all detection technologies, please be wary of false positives and false negatives. Using multiple scanners can improve the results. Additional manual verification can ensure that the alerts are not false positives. Many Managed Security Services Providers (including Paladion, the publisher of Palisade) offer malware scanning services.

Once you know which of your website(s) are infected, half the problem is solved and you can start the process of containing the damage, identifying the root cause and remediating.

24x7 log monitoring of security events and daily malware scanning are tools we recommend strongly to our clients.


Tags: Features

About

balaji

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset