//Public Administration

Cybersecurity for public administration

For public organizations operating at large scales, increasing efficiency is a constant requirement driven by political demand.

Public institutions are facing a number of challenges, including:

  • Compliance requirements are increasingly difficult to meet (GDPR, ISO, NIS etc.)
  • Increased complexity in the infrastructure makes it challenging to obtain centralized analysis across the organization
  • Difficult to detect advanced persistent threats, data loss and insider threats
  • Increased privacy requirements have to be met while maintaining smooth IT operations and
    secure data of citizens
  • Rising data amounts means more expensive analysis- and cybersecurity operations

Many public organizations tasked with securing data may not have the right solution to do so. It’s a problem – but one with a solution. That solution? SIEM. LogPoint’s seamless, quick reporting on unusual behavior in the network easily adapts to compliance requirements specific to your agency or institution. By keeping an eye on everything going on in your network, LogPoint positions you to address a possible breach quickly, limiting potential

Download our solution brief to learn more about how to get going with SIEM and UEBA for the public sector:

Contact LogPoint

Get in touch with us and learn why leading brands choose LogPoint:

LogPoint for Durham County Council

PXP Solutions

By choosing LogPoint, the County Council instantly saved 50% cost compared to their previous vendor and additionally, Durham improved their SIEM capabilities.

  • Making compliance and accreditation requirements to be met comprehensively
  • Due to the simple per node pricing structure it can be widely deployed and more data can be fed into it
  • Easy distribution of rights enabling e.g. the Service Desk to perform their own searches and solve cases more effectively

Detailed insights

With software and operating system vulnerabilities becoming a cornerstone of modern cyber warfare, the public sector IT infrastructure is more vulnerable to unexpected attacks than ever before. Public cybersecurity relies on the right solution – now, more than ever.

The LogPoint SIEM solution allows the public sector to immediately detect cyberthreats without severely restricting access to digital resources. LogPoint provides monitoring, detection and alerting of security incidents. It provides a comprehensive and centralized view of the security posture of the infrastructure and gives public cybersecurity professionals detailed insight into the activities within their IT environment.

Threats

Public IT infrastructure are facing an unprecedented threat level, stemming from actors as diverse as nation-states, cybercriminals, hacktivists, trill-seekers and insiders. Adding to the problem, many public organizations use off-the-shelf products that are connected to the Internet – exposing nations and organizations alike to cyber terrorism and criminality.

LogPoint SIEM use case Login failed attempts on disabled accounts

Detecting lateral movement

LogPoint UEBA uses a mix of endpoint, Active Directory, and repository data to scan for suspicious behaviors deviating from the baseline. These include

  • Login failed attempts on disabled accounts
  • Unusual activity by day of week or time of day
  • Unusual access to servers, file shares, applications or other resources
  • An unusually high amount of access to certain resources
  • Anomalous application usage and anomalous access patterns to storage

As LogPoint UEBA incorporates netflow analytics, new models scanning for an unusually high amount of connections by an endpoint or anomalous connections between endpoints, and unusual port scans will be added.

Example

Login failed attempts on disabled accounts

LogPoint SIEM UEBA use cases High Outbound Data Transfer

Detecting Data staging and exfiltration

Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.

Example

High Outbound Data Transfer

LogPoint SIEM UEBA use cases High Outbound Data Transfer
LogPoint SIEM use cases Trend of failed authentication attempts

Compromise of privileged accounts

LogPoint UEBA is designed to identify privileged accounts and uses machine learning to do the rest. LogPoint’s UEBA continuously monitors privileged accounts to track and score activity time, authentication, access, application usage, and data movement. LogPoint UEBA then assigns a risk score to any account that deviates from the baseline, and if it continues to act anomalously, the risk score increases. In the meantime, LogPoint UEBA analytics visualize the account’s activity and alert the security analyst to validate the incident and quickly take action.

Example

Trend of failed authentication attempts