Public Administration

With the increasing digitalization of the public sector and its services, granting secure and seamless access to critical services is becoming a strategic priority. Due to the intricate infrastructure, covering regional, national and even overseas level, providing sufficient protection can be difficult. With Converged SIEM, we deliver comprehensive threat detection, analysis and response, so you effectively can spot and counteract threats.

Ensure NIS2 compliance with Logpoint

NIS2 Directive is stepping into force, striving to enhance protection of critical infrastructure in EU from cyberthreats. It introduces stricter security demands, reporting obligations and enforcement requirements for a broader scope of sectors. Inability to comply can impose fines up to 2%* of the worldwide turnover.  

WHY LOGPOINT:

Converged SIEM platform provides automated threat detection, investigation and response, empowering organizations to protect themselves effectively. With out of the box use-cases, alerts and playbooks, security teams can quickly spot and effectively counteract security incidents.

WHY LOGPOINT:

Detecting Lateral Movement

Logpoint UEBA uses a mix of endpoint, Active Directory, and repository data to scan for suspicious behaviors deviating from the baseline. These include:

  • Login failed attempts on disabled accounts
  • Unusual activity by day of week or time of day
  • Unusual access to servers, file shares, applications or other resources
  • An unusually high amount of access to certain resources
  • Anomalous application usage and anomalous access patterns to storage

Example – Login failed attempts on disabled accounts

LogPoint SIEM use case Login failed attempts on disabled accounts
LogPoint SIEM UEBA use cases High Outbound Data Transfer

WHY LOGPOINT:

Detecting Data staging and exfiltration

Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, Logpoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.

Example – High Outbound Data Transfer

WHY LOGPOINT:

Compromise of Privileged Accounts

Logpoint UEBA is designed to identify privileged accounts and uses machine learning to do the rest. Logpoint’s UEBA continuously monitors privileged accounts to track and score activity time, authentication, access, application usage, and data movement. Logpoint UEBA then assigns a risk score to any account that deviates from the baseline, and if it continues to act anomalously, the risk score increases. In the meantime, Logpoint UEBA analytics visualizes the account’s activity and alerts the security teams.

Example – Trend of failed authentication attempts

LogPoint SIEM use cases Trend of failed authentication attempts

Use Case:

Logpoint for Durham County Council 

With Logpoint, the County Council instantly saved 50% cost compared to their previous vendor – and additionally improved their SIEM capabilities:

  • Making compliance and accreditation requirements to be met comprehensively
  • Due to the simple per node pricing structure it can be widely deployed, and more data can be fed into it
  • Easy distribution of rights enabling e.g. the Service Desk to perform their own searches and solve cases more effectively

The outstanding offering – in terms of features, look and price – was Logpoint.

Paul WoodsInformation Security Officer, Durham County Council

Latest Research, Trends, and Insights

  • Webinar – Infrastructure and Cloud Security

    Title: Infrastructure and Cloud SecurityDate: Thursday 21st March at 11:00 CETPresenters: Sergio Lozano Álvarez and [...]

  • Inside DarkGate: Exploring the infection chain and capabilities

    As the threat landscape continually evolves, some positive developments, such as authorities tracking down Maldevs, [...]

  • A Comprehensive Overview on Stealer Malware Families

    Fast FactsOver the last seven years, there has been a noticeable increase in the sale [...]

  • Unveiling the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

    On February 19, 2024, ConnectWise issued a critical advisory concerning two highly concerning vulnerabilities, namely [...]