Cybersécurité pour l’administration publique

Pour les institutions gouvernementales, l’efficacité opérationnelle est une obligation. Et les systèmes informatiques aident à répondre à ce besoin, facilitant la communication, l’accessibilité, la mobilité et la productivité. Mais avec toujours plus de connectivité, le risque de violations de données devient réel.

Les réseaux publics – gouvernementaux, commerciaux et personnels – font face à un niveau d’intrusion sans précédent. En outre, de nombreux organismes gouvernementaux utilisent des produits standards du marché connectés à Internet – exposant dès lors les pays et les organisations au cyberterrorisme et à la cybercriminalité. Les vulnérabilités des logiciels et des systèmes d’exploitation sont devenues la pierre angulaire de la cyberguerre moderne, et l’infrastructure informatique des organisations gouvernementales est plus vulnérable qu’elle ne l’a jamais été aux attaques inattendues. Les responsables de la sécurité de ces institutions doivent disposer de la bonne solution.

Contactez LogPoint

Prenez contact avec nous via le formulaire et nous reviendrons vers vous le plus vite possible:

LogPoint pour Durham County Council

PXP Solutions

En choisissant LogPoint, le County Council de Durham a immédiatement économisé 50% du coût par rapport à son fournisseur précédent. De plus, l’organisation a amélioré ses capacités SIEM en :

  • Satisfaisant les exigences de conformité et d’accréditation
  • Permettant un déploiement plus large du serveur et par là même l’introduction d’un plus grand nombre de données en raison de la structure de tarification simple par nœud
  • Distribuant facilement des droits permettant, par exemple au Service Desk, d’effectuer ses propres recherches et résoudre plus efficacement les cas

Detailed insights

With software and operating system vulnerabilities becoming a cornerstone of modern cyber warfare, the public sector IT infrastructure is more vulnerable to unexpected attacks than ever before. Public cybersecurity relies on the right solution – now, more than ever.

The LogPoint SIEM solution allows the public sector to immediately detect cyberthreats without severely restricting access to digital resources. LogPoint provides monitoring, detection and alerting of security incidents. It provides a comprehensive and centralized view of the security posture of the infrastructure and gives public cybersecurity professionals detailed insight into the activities within their IT environment.

Threats

Public IT infrastructure are facing an unprecedented threat level, stemming from actors as diverse as nation-states, cybercriminals, hacktivists, trill-seekers and insiders. Adding to the problem, many public organizations use off-the-shelf products that are connected to the Internet – exposing nations and organizations alike to cyber terrorism and criminality.

LogPoint SIEM use case Login failed attempts on disabled accounts

Detecting lateral movement

LogPoint UEBA uses a mix of endpoint, Active Directory, and repository data to scan for suspicious behaviors deviating from the baseline. These include

  • Login failed attempts on disabled accounts
  • Unusual activity by day of week or time of day
  • Unusual access to servers, file shares, applications or other resources
  • An unusually high amount of access to certain resources
  • Anomalous application usage and anomalous access patterns to storage

As LogPoint UEBA incorporates netflow analytics, new models scanning for an unusually high amount of connections by an endpoint or anomalous connections between endpoints, and unusual port scans will be added.

Example

Login failed attempts on disabled accounts

Query

label=Login label=Fail sub_status_code=0xC0000072 | chart count() by user order by count()

Detecting Data staging and exfiltration

Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.

Example

High Outbound Data Transfer

Query

sent_datasize=* source_address IN HOMENET -destination_address IN HOMENET | timechart sum(datasize/1000/1000) as Outbound Data | search OutboundData>10

LogPoint SIEM use cases Trend of failed authentication attempts

Compromise of privileged accounts

LogPoint UEBA is designed to identify privileged accounts and uses machine learning to do the rest. LogPoint’s UEBA continuously monitors privileged accounts to track and score activity time, authentication, access, application usage, and data movement. LogPoint UEBA then assigns a risk score to any account that deviates from the baseline, and if it continues to act anomalously, the risk score increases. In the meantime, LogPoint UEBA analytics visualize the account’s activity and alert the security analyst to validate the incident and quickly take action.

Example

Trend of failed authentication attempts

Query

label=Authentication label=Fail | timechart count()