During a penetration test, login credentials are a highly sought-after item. While it is common to harvest that information via email scams (phishing attacks), it is not always the most practical or effective tactic to gain unauthorized access. That access, however, still requires a valid set of credentials. This poses a challenge. How does an attacker find valid accounts without social engineering? There are two main options: breached credentials and password spraying.
Security information and event management, or “SIEM,” is a tool that assimilates all of your log data to give you an all-encompassing overview of the activity on your network. SIEM tools watch over your network and help you stop trouble in its tracks. Whether your organization has 200 or 20,000 employees, SIEM software can be a vital part of any company’s cybersecurity posture.
In 1974, the great Mohammed Ali said of his opponent, George Foreman, “His hands can’t hit what his eyes can’t see.” The same principle rings true in the cybersecurity world; we can't stop an attack until we know it is happening. That is why SIEM experts, like ProCircular’s Josh Resch, dedicate themselves to monitoring our clients’ networks for suspicious activity. Although each SIEM product works a little differently, they are all designed to help identify and track early signs of malicious activity on your network. A well-maintained SIEM can drastically reduce recovery time from a security incident by showing exactly where the attacker has been.