One of the best ways financial institutions have of protecting critical infrastructure is to monitor system logs, which contain a gold mine of information about the health of the network. When properly configured, logs record the day-to-day activity of system users, administrative changes made to critical production systems, and evidence produced by malicious activity. With the right logging configuration financial institutions can capture the history of a hacker’s activity, from the establishment of unauthorized accounts to the installation of back-doors, enabling them to quickly isolate and repair affected systems after an intrusion.<\/p>\n","protected":false},"excerpt":{"rendered":"
At Citizens & Northern Bank, a $1.2 billion community bank headquartered in Pennsylvania, log management is a requirement for complying with information security regulations such as Gramm-Leach-Bliley and Sarbanes-Oxley. The auditors who review the bank’s systems interpret those laws to mean that it should be actively monitoring those logs. “As administrators responsible for various network devices and operating systems, we need to know what typical behavior is,” says Pete Boergermann, head of MIS at Citizens & Northern.<\/p>\n
The FFIEC has stated that “log files are critical to the successful investigation and prosecution of security incidents and can potentially contain sensitive information. <\/p>\n
While collecting and storing logs is important, it’s only a means to an end — knowing what is going on and responding to it. Network intrusion detection systems often produce false alarms of various kinds (“false positives”, etc.) leading to decreased reliability of their output and inability to act on it. Comprehensive correlation of network intrusion logs with other records such as firewalls logs, server audit trails allows companies to gain new detection capabilities from such correlation (such as real-time blocking and attack mitigation).<\/p>\n
It’s also critical that logs be converted into a universal format which allows financial institutions to compare and correlate different log data sources.<\/p>\n
http:\/\/www.bankinfosecurity.com\/articles.php?art_id=242<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-173","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=173"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173\/revisions"}],"predecessor-version":[{"id":2660,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173\/revisions\/2660"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}