CSW S1, E21 - How Can I Monitor My Network for Malicious Activity?

Fred Cobb – CISO and VP of Services, InfoSystems

Rob Ashcraft – Sr. Cyber Security Strategist

This episode of the Cybersecurity Weekly Podcast is Part 6 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

1) Inventory and Control of Hardware Assets
2) Inventory and Control of Software Assets
3) Continuous Vulnerability Management
4) Controlled Use of Administrative Privileges
5) Secured Configuration of Hardware/Software (on Mobile Devices, Laptops, Workstations and Servers)
6) Maintenance, Monitoring, and Analysis of Audit Logs 

In this episode, Fred and Rob discuss how to collect, manage, and analyze audit logs that help a corporation detect, understand, and recover from a cyber-attack. The maintenance, monitoring, and analysis of audit logs is most impactful when a company first has taken an inventory of Hardware Assets and Software Assets, practices Continuous Vulnerability Management, has Controlled Use of Administrative Privileges, and has Secured Configuration of Hardware/Software (following the CIS Top 20 Cybersecurity Controls).

Many companies don't understand the importance of maintaining, monitoring, and analyzing audit logs of their environments. Corporation that do not focus on securing and auditing their environment are giving hackers the opportunity to hide malicious software without being detected. For this reason, it's important for corporations to put an emphasis on audit records. Audit records not only provide proof of malicious activity, but they can easily detect unwanted activity.

The time it takes to maintain, monitor, analyze, and take action against audit logs can easily get out of hand for small teams or corporations. For this reason, there are a number of tools out there created to do the majority of the work for you. These include Log Analysis and SIEM (Security Information and Event Management) Software tools. There are cost efficient solutions available to assist in the management of your audit logs.

You can implement these controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses Control Six of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.