Why setup a security reporting ?
Your company probably already has different security infrastructure components such as firewalls, proxies, IDS/IPS, antispam, centralized antivirus etc.
But do you have any idea how many attacks you had through last months ?
Does the number of viruses, phishing or spams detected increase ?
If advanced attack is targeting your organization, would you be able to detect this attack ? Would you be aware of it ?
Do you prefer to anticipate cyber security incidents or wait for disaster to take actions and then be warned of security incidents by your own customers ?
What does security report contain ?
Main goal of security reporting is to setup a report containing what Security Officer needs to follow alarms or events based on current infrastructure and make right decisions on detection and analysis of security incidents.
- Web attacks on your website, web applications or webservices (OWASP Top 10)
- Network Internet attacks (such as DoS, DDoS, port scanning, reconnaissance attacks etc.)
- Application Internet attacks (SSL Heartbleed, vulnerability of server in DMZ, a bruteforce attack on Internet facing service etc.)
- PCs or servers infected by malware (including viruses, ransomware, RAT, worms)
- Phishing attacks (and spear phishing)
- Incidents related to servers exposed to sensitive networks (such as partner links, extranet for a group)
- Analysis of False positive which have impact on users (such as IPS blocking legitimate traffic)
Based on our expertise in security, we can compare your current situation and maturity with other organizations with similar profile. Besides detection of security events, we help you to apply incident response plan adapted to each category of cyberattacks. We advise you on future strategy to guarantee high level of security adapted to your risk profile and your activities.
Reporting demonstrates a good IT governance
Many organizations are interested in infrastructure and perimeter security: firewalls, WAF, SIEMS, proxies, VPN, antispam, antivirus etc.
Unfortunately, most of time we are discovering that logs and security alarms of these components are not treated or followed.
In best cases, a SIEM solution (Security information and event management) is set up to correlate logs of different equipment. Simple analysis is usually too superficial and unable to interact transversely with all of the security equipment. Moreover, cyber attacks are becoming technically more and more complex. The analysis of events by security expert is necessary to evaluate each alarm. The SOC (Security Incident Center) has a critical role in follow-up of security event and incident response process. But what about reporting ?
Which results can we expect after setup of security reporting ?
Multiple tangible results will be visible, like:
- Clear view on cyber-attacks and security events
- Real control of your ICT environment and knowledge of number of incidents and trend you are facing
- Answering audit points and improving maturity level of organization by setting up good practices for continuous improvement
- Deep and per use-case analysis of pc’s infection by malware (zombie bots, RAT) before these hosts could be used as pivot to threat the rest of your infrastructure
- Setup quick-wins to improve security or modify current IT architecture to ensure better protection
- Discover weakness in current security model
- Give visibility where improvements are needed. Drive investment program to invest first in the weak points.
- Demonstrate good governance and provide security KPI to management board
Your organization’s financial department has probably already set provisions for a long term strategy, why not setup one for such a critical and sensitive subject as cyber security ?
Contact us now by filling it this form. We will then be able to demonstrate you all of our services and answer your needs.
Get in Touch
Subscribe and stay up-to-date on the latest improvements and services.