When should an organisation raise a security alarm?
Internet security solutions firm McAfee says when someone is trying to log-in at odd hours or when a system is re-infected within minutes after cleansing it for malware or when some id is trying to login into the network from multiple points.
McAfee, now part of Intel Security, has come out with a list of some typical signals that indicate a possible compromise, intrusion or attack on computer networks in organisations. In its latest report ‘When Minutes Count’, the firm lists out eight most common attacks that watchful organisations track and neutralise.
Here goes some of the signals.
Alerts that occur outside standard business operating hours (at nights or in weekends) signal a compromised host. Off-hour presence of malware indicates determined attacks, the report points out.
If a system is re-infected with malware within five minutes after cleansing, it signals the presence of a rootkit or persistent compromise.
If a user account is trying to login to multiple resources within a few minutes from or to different regions, it shows that the user’s credentials have been stolen or that a user is up to some mischief.
Internal hosts communicating with known bad destinations or to a foreign country where organisations don’t conduct business is one of the commonest attacks, the report said.
“Multiple alarm events from a single host or duplicate events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures, indicate a problem,” the report warns.
The report assessed preparedness of different organisations “to detect and deflect targeted attacks”.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.