Cybersecurity for public administration
For public organizations operating at large scales, increasing efficiency is a constant requirement driven by political demand.
Public institutions are facing a number of challenges, including:
- Compliance requirements are increasingly difficult to meet (GDPR, ISO, NIS etc.)
- Increased complexity in the infrastructure makes it challenging to obtain centralized analysis across the organization
- Difficult to detect advanced persistent threats, data loss and insider threats
- Increased privacy requirements have to be met while maintaining smooth IT operations and
secure data of citizens
- Rising data amounts means more expensive analysis- and cybersecurity operations
Many public organizations tasked with securing data may not have the right solution to do so. It’s a problem – but one with a solution. That solution? SIEM. LogPoint’s seamless, quick reporting on unusual behavior in the network easily adapts to compliance requirements specific to your agency or institution. By keeping an eye on everything going on in your network, LogPoint positions you to address a possible breach quickly, limiting potential
Download our solution brief to learn more about how to get going with SIEM and UEBA for the public sector:
Get in touch with us and learn why leading brands choose LogPoint:
LogPoint for Durham County Council
By choosing LogPoint, the County Council instantly saved 50% cost compared to their previous vendor and additionally, Durham improved their SIEM capabilities.
- Making compliance and accreditation requirements to be met comprehensively
- Due to the simple per node pricing structure it can be widely deployed and more data can be fed into it
- Easy distribution of rights enabling e.g. the Service Desk to perform their own searches and solve cases more effectively
With software and operating system vulnerabilities becoming a cornerstone of modern cyber warfare, the public sector IT infrastructure is more vulnerable to unexpected attacks than ever before. Public cybersecurity relies on the right solution – now, more than ever.
The LogPoint SIEM solution allows the public sector to immediately detect cyberthreats without severely restricting access to digital resources. LogPoint provides monitoring, detection and alerting of security incidents. It provides a comprehensive and centralized view of the security posture of the infrastructure and gives public cybersecurity professionals detailed insight into the activities within their IT environment.
Public IT infrastructure are facing an unprecedented threat level, stemming from actors as diverse as nation-states, cybercriminals, hacktivists, trill-seekers and insiders. Adding to the problem, many public organizations use off-the-shelf products that are connected to the Internet – exposing nations and organizations alike to cyber terrorism and criminality.
Detecting lateral movement
LogPoint UEBA uses a mix of endpoint, Active Directory, and repository data to scan for suspicious behaviors deviating from the baseline. These include
- Login failed attempts on disabled accounts
- Unusual activity by day of week or time of day
- Unusual access to servers, file shares, applications or other resources
- An unusually high amount of access to certain resources
- Anomalous application usage and anomalous access patterns to storage
As LogPoint UEBA incorporates netflow analytics, new models scanning for an unusually high amount of connections by an endpoint or anomalous connections between endpoints, and unusual port scans will be added.
Login failed attempts on disabled accounts
label=Login label=Fail sub_status_code=0xC0000072 | chart count() by user order by count()
Detecting Data staging and exfiltration
Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.
High Outbound Data Transfer
sent_datasize=* source_address IN HOMENET -destination_address IN HOMENET | timechart sum(datasize/1000/1000) as Outbound Data | search OutboundData>10
Compromise of privileged accounts
LogPoint UEBA is designed to identify privileged accounts and uses machine learning to do the rest. LogPoint’s UEBA continuously monitors privileged accounts to track and score activity time, authentication, access, application usage, and data movement. LogPoint UEBA then assigns a risk score to any account that deviates from the baseline, and if it continues to act anomalously, the risk score increases. In the meantime, LogPoint UEBA analytics visualize the account’s activity and alert the security analyst to validate the incident and quickly take action.
Trend of failed authentication attempts
label=Authentication label=Fail | timechart count()