06 April 2016
What is IT Security for SMBs
The increased ease of hacking tools has brought an urgent need for every company to protect their information systems and assets. Their reputation and existence depend on it. The security needs for small companies are the same as the larger companies. The basics are the same for all. The problem has been that smaller companies do not have the budget that larger corporations have, with designated InfoSec departments and skills to run costly and advanced enterprise applications and so on. This is the reason SMBs are softer targets and in the crosshairs of hackers.
Solidify Security is now bridging that gap, allowing SMBs to have the same protection mechanisms that the larger companies do.
When it comes to protecting your company’s and IT assets; you must have the basic protections in place such as external and hostbased firewalls and Anti Virus. Additionally you must also
- Know what is on your network.
- Patch vulnerable systems.
- Monitor and alert for changes and indicators of a breach.
There are more but let us focus on Indicators Of a Breach (IOB). It may sound complicated but with basic log correlation it is not. You can easily detect the most obvious IOB’s or risky configuration changes. This is where a lightweight SIEM makes sense. A SIEM will correlate the logs and alert you to very suspicious activities such as the ones below.
Examples of Indicators Of a Breach
• Audit Log Cleared
• New user created
• New user added to administrators group
• New user deleted
• Account added to privileged group.
• Detection of Anomalous Ports, Services and Unpatched Hosts/Network Devices
• Critical server or system trying to access known malicious IP’s
• Password changed by person other than the user.
• New program installed on critical asset during an unusual time of day
• Sudden increase in events from one system.
• Firewall block/deny from critical assets
• Failed root login attempts (threshold = 10 attempts in 30 seconds). Detection of Possible Brute Force Attack
• Failed login (any account) (threshold = 10 attempts in 30 seconds) – then success. Detection of Possible Successful Brute Force Attack
• Many Antivirus events at once indicating an outbreak
• Silent log sources
You will also receive periodic reports covering these events. In addition, the Baseline Security Stack will enable you to perform continuous vulnerability and inventory scans. Our solution will give you the start of a successful Information Security Program.