{"id":5686,"date":"2021-09-07T21:33:42","date_gmt":"2021-09-07T21:33:42","guid":{"rendered":"https:\/\/datasecc.com\/?page_id=5686"},"modified":"2021-09-07T21:41:23","modified_gmt":"2021-09-07T21:41:23","slug":"siem-soc-threat-hunting","status":"publish","type":"page","link":"https:\/\/datasecc.com\/?page_id=5686","title":{"rendered":"SIEM, SOC & Threat Hunting"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\t \t \/\/ network security<\/span>\r\n\t

Choose The Best Preventative Security Measures<\/h2>\t <\/div>\r\n\t \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Your infrastructure creates a lot of logs. Hidden inside these logs can be evidence of wrongdoing \u2013 be it external criminals or employees planning or committing fraud. How do you extract evidence of illegal behavior when it\u2019s buried and concealed within millions, if not billions of records of perfectly legitimate business activity?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tHow to Effectively Sift Through Buried Wrongdoing<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

There are a number of ways to sift through data to ascertain security exposure: Security Information and Event Management (SIEM), Security Operations Centre (SOC) and Threat Hunting are all variations of the same concept. That is, a process for storing logs and other forensic evidence, and ignoring the good to investigate only the bad. Knowing which one is right depending on how your evidence is generated and what your tolerance level for breaches is.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tUsing SIEM For Basic Security Control<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

A SIEM is mostly an automated log solution with out-of-the-box and customizable correlation rules. If out of the box, the rules don\u2019t consider your risks, the value of your assets and how your business processes interact with your technology. However, it can make some good assumptions about detected hacking activity.<\/p>

A SIEM, for example, can detect when an account has had multiple failed log-ins, followed by a successful login. It can then follow the activity of the user after the login is ready for a security analyst to determine whether someone forgot his or her password or the account was \u2018brute forced\u2019.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tUse SOC To Maximize Security Control<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

However, a SOC goes further to provide real time response to events. Rather than logging and correlating all activity after successful login, the SOC operator can determine the most reasonable course of action: Call the employee? Lock the account or watch the account activity in real time?<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tUse Threat Hunting to Weed Out Highly Sophisticated Attacks<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

Threat Hunting uses the same infrastructure but takes it further again. After the SIEM has missed a relevant event or a SOC operator has dismissed an event as benign, threat hunting looks for patterns of behaviors that may indicate a compromise. Was an admin account created through a command prompt? That\u2019s not common. Is a computer visiting a blank website every 60 seconds? That\u2019s more likely a remote access Trojan phoning home than a user with precise timing<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tHunting Maturity Model<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"\"<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tThreat Hunting Maturity Model<\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"\"<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Ask an Expert for Help<\/strong><\/span><\/h3>

The forensic review of security information, whether through a SIEM, SOC or threat hunt, provides valuable intelligence on how well your preventative security controls are coping with contemporary threat landscapes. If you feel you aren\u2019t getting the most out of your current preventative security controls, contact DataSecure to help you deliver the appropriate level of information security assurance.<\/p>

Need help choosing the best preventative measures?<\/strong><\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\r\n\t\t\tContact Us<\/a>\r\n\t <\/div>\r\n\t \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

\/\/ network security Choose The Best Preventative Security Measures Your infrastructure creates a lot of logs. Hidden inside these logs can be evidence of wrongdoing \u2013 be it external criminals or employees planning or committing fraud. How do you extract evidence of illegal behavior when it\u2019s buried and concealed within millions, if not billions of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-5686","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/pages\/5686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/datasecc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5686"}],"version-history":[{"count":7,"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/pages\/5686\/revisions"}],"predecessor-version":[{"id":5694,"href":"https:\/\/datasecc.com\/index.php?rest_route=\/wp\/v2\/pages\/5686\/revisions\/5694"}],"wp:attachment":[{"href":"https:\/\/datasecc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}