Preventative controls such as firewalls, spam filters and anti-virus can be bypassed. Response controls such as backups and incident response is for events that happened after the fact. Most organizations lack that Detective controls which happens in real-time. Think of a Security Information and Event Management (SIEM) tool as a TSA agent at an airport. We scan all pieces of information looking for threats. Once we find these threats happening, you can take action before things get worse.
OWL offers a SIEM tool that can do the following:
- Catch unauthorized logins or attempts to restricted computers
- Identify a new user profile suddenly added to the business owner's computer
- Find an application just installed on a locked down system
- Get alerted to unauthorized wireless connections to the network
- Notice that a new user was just granted administrative rights
- Detect an unusual midnight log-in for the first time by a day-time worker
- Find sensitive personal data such as credit card numbers, social security numbers and birth dates stored on machines where it doesn’t belong
“33% of firms required 3+ days to recover from attack.”