When should firms raise a security alarm?

Our Bureau Updated - March 12, 2018 at 06:34 PM.

McAfee’s study lists the watchwords for internet security

BL22_Hand_press_password.jpg

When should an organisation raise a security alarm? Internet security solutions firm McAfee says when someone is trying to login at odd hours, when a system is re-infected within minutes after being cleansed of malware, or when some id is trying to login to the network from multiple points.

McAfee, now part of Intel Security, has come out with a list of some typical signals that indicate a possible compromise, intrusion or attack on computer networks. In its latest report ‘When Minutes Count’, the firm lists out eight most common attacks that watchful organisations track and neutralise.

Indicators
First, alerts that occur outside standard business operating hours signal a compromised host. Off-hour presence of malware indicates determined attacks, the report points out.

Second, if a system is re-infected with malware within five minutes of cleansing, it signals the presence of a rootkit or persistent compromise. Lastly, if a user account is trying to login to multiple resources within a few minutes from different regions, it shows that the user’s credentials have been stolen or that a user is up to some mischief.

Internal hosts communicating with known bad destinations or to a foreign country where organisations don’t conduct business is one of the most common attacks, the report said. “Multiple alarm events from a single host or duplicate events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures, indicate a problem,” the report warns.

Published on November 21, 2014 17:22