What to monitor to stop hacker and malware attacks

Most organizations under attack have no clue they're being targeted. Here are security events to look for in case of a breach

The 2012 Verizon Data Breach Investigations Report released last week continues to reverberate. The stats that jumped out at me: 96 percent of data breaches were relatively easy for attackers to pull off, and 97 percent of those attacks were easily avoidable.

Want to protect yourself against malicious hackers and malware? Do the basics better and more consistently. Patch better, isolate better -- and for god's sake, enable your monitoring.

[ Also on InfoWorld: Find out what other security threats the 2012 Verizon Data Breach Investigations Report turned up. | Download InfoWorld's Log Analysis Deep Dive Report by security expert Roger Grimes. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

According to the report, 85 percent of victims were unaware of their compromised state for weeks- to months-long stretches. When they did become aware, 92 percent of the time it was because an outside third party told them. That's embarrassing.

In which group would you rather be? The 85 percent hanging their heads in shame or the 15 percent who had a clue?

I know InfoWorld readers care more than the average IT working stiff. It's why you read our publication and this blog in particular. I also realize that our readers are tasked with dozens of different projects every year, each one a high priority that overrides previous priorities.

But the bottom line is this: If you don't have a good security event logging program, become the champion in your organization and create one.

If you're not familiar with the basics of event log monitoring, see InfoWorld's Log Analysis Deep Dive Report. It will give you a great summary of all the pieces and parts needed to start putting a solid event log management program in place.

You should enable event log monitoring on all managed workstations and servers. Don't make the mistake of only monitoring servers -- 99 percent of the malicious action begins on a regular end-user's workstation before it spreads to the servers holding the data. Often, by the time attackers reach the servers, they are operating with an elevated end-user's credentials, and event log monitoring becomes much tougher.

1 2 3 4 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies