Hacking Book | Free Online Hacking Learning


the chief security officer who loves buying and buying. what happened later?

Posted by herskovits at 2020-02-27

2019-11-29 | Written by:

Categorized: Security

Reading time: 2 minutes

Unexpectedly, things are fermenting very quickly, more and more orders are blocked, and the task end of the system can't receive the demand. 4S stores, agents, auto show principals, and mid year promotion parties are all urging the delivery of cars, and every day there are visible losses. At this time, we haven't found out the reasons.

I have no idea about the safety devices that have not responded to the situation. I knew that. Why did I have to work so hard to buy them all at the beginning!

Since then, I have tasted the sweetness and started to be fully equipped with all kinds of tools. Firewall, antivirus software, vulnerability scanning tool, IPS, IDS, WAF Until recently, I've been constantly exploring new and better tools and guarding every corner of the company.

Looking at the excellent results of my "buying" in one hand, the corners of my mouth are always slightly upturned unconsciously.

Hacker attack has become a fact, but no matter how we analyze and check, we can't find the cause of the accident, and the security equipment doesn't give any evidence. So far, the increase of the loss is not allowed to slowly find the source of the attack.

Therefore, we have found major manufacturers to solve the problem quickly, accurately and ruthlessly. Many manufacturers need us to provide problems to be solved. However, our biggest problem is that we cannot find problems. There's no way out for us. It's just the time for IBM's safety, immunity and health examination. IBM qradar has helped us find the crux!

IBM qradar carried out a comprehensive physical examination of the system, and found that the internal mainframe of the enterprise was implanted with the "mining" Trojan horse, which has become someone else's mining machine. At this time, the implanted virus is establishing contact with external malicious sites. The attacker can avoid detection and steal data information by switching IP, protocol, port and application. What's more, I didn't expect that IBM qradar also detected that the enterprise email server was under attack, and immediately attacked and intercepted it, which helped us prevent a disaster.

After the robbery, I made a deep investigation and reflection. I found that, in fact, as early as the attack, the security equipment of the monitoring host had detected problems. The reason why it was not prompted in time was that there was no connection analysis and assessment of event risk and attack defense tools, and information could not be transferred between the non linked devices. Only relying on one-way combing by professional security personnel, the problem could not be solved quickly and efficiently.

IBM QRadar

As an intelligent Siem platform, it can collect security data and associate security data, so that security analysts can "check in advance, link in the event, and optimize after the event feedback", and understand the active threat through a single interface view sorted by risk priority. These solutions, together with AI support accelerated analysis, help save valuable investigation time, respond to events faster, resist network attacks, and cooperate with IBM response incident response platform to coordinate and automatically perform event response, so that enterprises can fully respond to complex attacks. Through the integration of input information from people, processes and technologies, provide analysts with relevant information and tools to help them respond quickly and confidently. Based on one of the world's largest vulnerability notification laws and Regulations Database (stored in an event response solution), it simplifies the process of delivering necessary vulnerability notification and provides the latest dynamic implementation tactics, including normative behaviors in response to threats.

Click here to learn how to improve threat protection and compliance with qradar integrated investigation report system, and see if your enterprise's network system is safe, so that you can be smart and safe without "buy buy buy buy" any more!