Arraya Insights | July 19, 2017
Not seeing a problem isn’t the same as not having a problem. Hackers and bad actors have gotten very good at carrying out their crimes without arousing suspicion. As such, malicious activity can go on for months or even longer without drawing attention to itself. By the time someone does notice – or the attackers decide to reveal themselves – the damage can be massive.
The average length of a cyberattack varies from study to study; however, none of the answers are particularly comforting. One study – conducted by the Ponemon Institute – pegged the number at anywhere from 3-6 months depending on the industry. A separate study – this one orchestrated by Mandiant – went even higher. This study placed the average at 205 days; although – in a bit of good news – that number has been steadily dropping over the years.
Those numbers don’t sound so bad when compared to the case of Anthem. Cyber security-watchers will remember this as the insurance company breach that exposed nearly 80 million unique records. Anthem spent hundreds of millions of dollars on remediation efforts following the breach, which began with a phishing email. Researchers believe an unfortunate Anthem staff member opened the compromised email in mid-February 2014. The breach wasn’t discovered until almost a full year later – toward the end of January 2015.
Knowledge is power in cyber security. The more insight organizations have into their network activity, the faster they’ll be able to catch and contain risky trends – and hopefully minimize the damage inflicted. The source of those negative trends doesn’t even have to be hackers. It could be a case where a particular solution is edging toward failure. Regardless of the root cause, time to detection of problems/trends remains of the essence.
10 ways to get more from Log Analytics
One way to keep a better eye on what’s taking place on your network is through Azure Log Analytics, a component of Microsoft’s Operations Management Suite (OMS). Log Analytics delivers a singular visual analysis of everything taking place across your organization’s cloud and on-premises environments. If your business is currently leveraging Azure Log Analytics and you’ve surfed through its dashboards, then you have some idea of the insight it can provide. However, there’s plenty of value to be realized from Log Analytics beyond the basics, you just need to spin up the right add-ons.
Here are ten solutions you should turn on to get the most insight from Log Analytics:
- DNS Analytics – Monitor your DNS server analytic and audit logs for malicious domain name activity, aging resource records, server request load, and much more.
- Malware Assessment – Keep tabs on your organization’s anti-malware solution, including when protection is lacking and the kinds of threats it’s detecting.
- Security Audit – Store all of your organization’s OMS-related security information in one place, including snap shots of risk events detected in a customizable timeframe.
- Update Management – Manage security updates for Windows solutions deployed on-premises and in the cloud, preventing critical patches from going unimplemented.
- Alert Management – Track the system alerts generated by Log Analytics as well as by third party solutions (such as Nagios) to stay on top of network activity.
- Change Tracking – Oversee the changes being made in your organization’s technology environment, including to Windows services, Linux daemons, and more.
- Activity Log Analytics – Explore the backstory for any write operations conducted across your organization’s Azure environment, covering the who, what, and, when of any Put, Post, or Deletes.
- Network Performance Monitor – Spot network bottlenecks in close-to real time and at a localized level so that they may be resolved quickly, allowing the network to return to optimal performance.
- Azure Application Gateway Analytics – Drill down into reports on Application Gateway client and server errors, host health, and errors by user agent, among others.
- Azure Network Security Group – Gain a greater understanding of the traffic flow involving the network security group and MAC addresses.
Network Security G.I. Joe Style
Ideally, attackers will forever remain far outside your system, cursing your impenetrable perimeter. These defenses can only do so much to protect against click-happy end users, however, making interior awareness an equally important part of an organization’s cyber security posture. Anyone raised on the G.I. Joe cartoons of the 80s can attest to the critical nature of awareness, because, after all “knowing is half the battle.”
Arraya Solutions can help you stand up Log Analytics with our Dashboard in a Day offering, which connects Log Analytics with up to 20 servers, for a defined trial period. This engagement has provided customers with access to all types of insight into their technology systems, including identifying a running botnet!
Contact us today and we can help your business activate the above solutions or others and make sure you’re leveraging them to their fullest, right out of the box. If you’re new to Log Analytics, our team has the expertise to get you up to speed.
Arraya can be reached at www.arrayasolutions.com/contact-us/. Feel free to leave us a comment on this blog post through social media, LinkedIn, Twitter, and Facebook. While you’re there, remember to follow us to stay on top of all of our latest company news, special events, and industry insights.