|| Security information and event management ||

 

SIEM: Security information and event management is a field within the field of computer security, where software products and services combine security information management and security event management.

SIEM Defined

Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
 

SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system. SIEM technology collects event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis, and takes appropriate action.
 

In short, SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements.
 

In the past decade, SIEM technology has evolved to make threat detection and incident response smarter and faster with artificial intelligence.

SIEM capabilities and use cases.

SIEM systems vary in their capabilities but generally offer these core functions:
 

• Log management: SIEM systems gather vast amounts of data in one place, organize it, and then determine if it shows signs of a threat, attack, or breach.
• Event correlation: The data is then sorted to identify relationships and patterns to quickly detect and respond to potential threats.
• Incident monitoring and response: SIEM technology monitors security incidents across an organization’s network and provides alerts and audits of all activity related to an incident.
 

SIEM systems can mitigate cyber risk with a range of use cases such as detecting suspicious user activity, monitoring user behavior, limiting access attempts and generating compliance reports.

How to implement a SIEM solution

Organizations of all sizes use SIEM solutions to mitigate cybersecurity risks and meet regulatory compliance standards. The best practices for implementing a SIEM system include:

• Define the requirements for SIEM deployment
• Do a test run
• Gather sufficient data
• Have an incident response plan
• Keep improving your SIEM

Benefit of using a SIEM

SIEM tools offer many benefits that can help strengthen an organization’s overall security posture, including:

• A central view of potential threats
• Real-time threat identification and response
• Advanced threat intelligence
• Regulatory compliance auditing and reporting
• Greater transparency monitoring users, applications, and devices

|| Security Operation Center (SOC) ||

📡SOC will become a single point of contact for cyber security incident reporting & coordination in the state.

📡SOC is a centralized location (s) where key IT systems of an organization are monitored, assessed and defended from 

cyber-attacks.

📡Why SOC is needed 🔐

SOC is needed:

👉For continuous prevention against malicious attack

👉Easy detection of threat

👉Response capabilities against real time incidents in the network

👉Incident response including coordination, resolution, recovery & subsequent prevention of attack.

👉Threat Intelligence which includes threat information aggregation, correlation and dissemination of actionable intelligence for its constituents

👉Security advisory services including advisories on threats in the software and hardware in use by the constituents to minimize impact due to existing and zero day vulnerabilities & exploits) and coordination with CERT-IN and other public and private entities

👉Coordination with CERT-IN and other public and private entities including OEMs

📡The SOC is a cross-functional virtual center providing situational awareness through the detection, containment, and remediation of IT threats. Overview of the processes involved are mentioned below: 

📡Security Operations Centre’s process involve collection of logs and events from multiple sources, analysing and correlating with internal and external infrastructure components and generating alerts providing insights of overall security posture. Particular response activities can include:

👉Infrastructure Security

👉Endpoint Protection

👉Internal Vulnerability Assessment & Penetration Test

👉Internal Threat Management Program

👉Data Protection & Classification

👉Tool Engineering and Deployment

BY,

RAJU MAHTO

CCIO-ISAC INDIA, CNSS (U.K), ISO/IEC 27001-ISA

|| Four plead guilty to providing ‘bulletproof’ hosting services for cybercriminals ||

Four people have pleaded guilty to providing ‘bulletproof’ hosting services used by cybercriminals to distribute malware and launch other cyber-attacks.

The individuals – Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia – maintained the services from 2008 to 2015, according to the US Department of Justice (DoJ).

In a statement issued on Friday (May 7), the DoJ detailed how the group allegedly rented out IP addresses, servers, and domains to cybercriminals enabling them to launch malware attacks, gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds across the US.

Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, claims the DoJ, which “rampantly attacked” US-based companies and financial institutions between 2009 and 2015.

The DoJ also stated that the defendants helped criminals to evade detection by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities.

Stassi, Skorodumov, Skvortsov, and Grichishkin all pleaded guilty to one count of Racketeer Influenced Corrupt Organization (RICO) conspiracy.

All four defendants face a maximum prison sentence of 20 years.

Held to account

Acting assistant attorney general Nicholas McQuaid, of the Justice Department’s Criminal Division, commented: “The criminal organizations that purposefully aid these actors – the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like – are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable.

“Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.”

Safe haven

So-called bulletproof hosting services are known as a “safe haven” for criminal hackers since they can make it easier for malicious actors to conceal their wrongdoings and minimize the downtime of their cybercrime campaigns.

In recent years, authorities have looked to crack down on these operations which, among other services, provide illegal VPN networks.

The internet industry group i2Coalition also threw its weight behind a clampdown on illegal VPNs, calling for providers to adhere to a minimum standard of ethics.

Jessica Haworth, Journalist

BY,

RAJU MAHTO

CCIO-ISAC INDIA, CNSS (U.K), ISO/IEC 27001-ISA

Corona virus: Is India the next global hotspot?

The corona virus took hold slowly in India, but six months after its first confirmed infection it has overtaken Russia to record the world's third largest caseload.

With the world's second-largest population, much of which lives packed into cities, the country was perhaps always destined to become a global hotspot.

But the data behind its case numbers is questionable, because India is not testing enough, and an unusually low death rate has baffled scientists.

Here's five things we know about the spread of corona virus in India.

1. India's cases are rising fast

India has seen a series of record spikes recently, adding tens of thousands of cases daily

2. India is just not testing enough

India's official caseload is high in absolute numbers, but it's relatively low in per capita terms. The world, on average, has three times as many cases as India per capita - a fact pointed out by the government recently.

But, India's per capita caseload is low simply because it tests so little.

Compare India to countries that have a high per capita caseload and you will find those countries are testing far more.

3. India's recovery numbers are promising

The data suggests that those in India who have been diagnosed with the virus are recovering from it faster than they are dying from it.

This is crucial, because it determines the strain on the health system. Currently, deaths are rising more slowly than confirmed cases or recoveries - but if that rate quickens, it would increase the pressure on hospitals, possibly driving up deaths.

4. India's death rate is very low

"It's a fraction of what you are seeing in Western Europe," said Shamika Ravi, an economist and senior fellow at the Brookings Institution.

5. Each Indian state tells us a different story

Much like the US or the European Union, corona virus statistics vary widely across India's states. Three states - Delhi, Maharashtra, and Tamil Nadu - account currently for about 60% of the country's caseload.

The Visual and Data, Covid-19 pandemic: Tracking the global corona virus outbreak

 

https://www.bbc.com/news/world-51235105

AWARENESS OF COVID-19

Dear all Friends and Respected citizens all of you know aware of COVID-19, and we have  to protect to people from this disease, we have to take pledge to share those  people who are yet not  know how take care own self from Corona Virus.

प्रिय मित्रों एवं सम्मानित भारतीय नागरिकों, आप सभी को COVID-19 के बारे में पता है, और हमें इस बीमारी से लोगों को बचाना है, हमें उन लोगों को साझा करने का संकल्प लेना होगा जो अभी तक नहीं जानते हैं कि कोरोना वायरस से खुद की देखभाल कैसे करें।

1. Regularly and thoroughly clean your hands with an alcohol-based hand rub or wash them  with soap and water ...

2.Maintain at least 1 metre (3 feet) distance between yourself and others. ..

3. Avoid going to crowded places. ...

4. Avoid touching eyes, nose and mouth......

1. नियमित रूप से और अपने हाथों को अल्कोहल-आधारित हाथ से रगड़ें या साबुन और पानी से धोएं। ...

2. अपने और दूसरों के बीच कम से कम 1 मीटर (3 फीट) दूरी बनाए रखें। ...

3. भीड़-भाड़ वाली जगहों पर जाने से बचें। ...

4. आंखों, नाक और मुंह को छूने से बचें।

Read more »