<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Partner Digest: Week of 7/22/20 - Data Types to Prioritize and Insider Threat Best Practices

Partner Digest

Datashield Partner Digest for the Week of July 22, 2020 - At Datashield, we pride ourselves on partnerships and are always looking for way to highlight what's new in the industry and with our partners. This helps us bring out the latest and greatest trends and key features for the services we use to bring you the best in MDR service.

Check out our latest partner updates:

What Data Types to Prioritize in Your SIEM - Top 7


Customers regularly ask me what types of data sources they should be sending to their SIEMs to get the most value out of the solution. The driver for these conversations is often because the customers have been locked into a SIEM product where they have to pay more for consumption.

  1. Firewall Logs – Firewall logs are a great source of detailed flow information. However, with many of the next generation firewalls, you also get rich data on application types, threats, malware, C2 and other similarly interesting things.

    It’s important not to limit this data to just your perimeter firewalls. If you have firewalls between your user segment and your Data Center or even micro-segmentation inside the Data Center, send all of these logs to your SIEM. Where your end users are connecting is critical information from a threat analysis perspective. Internal visibility is key to looking for lateral movement.

  2. Proxy/Web Filtering Logs – Your NG Firewall may already include this data, but if you use a separate Proxy or Web Filtering solution, these logs should absolutely be sent to your SIEM too. The IP, Domain, and URL information is naturally very important and can give you information on connections to known-bad locations. And if you can also capture the User-Agent string, then you should. This can give the threat hunter lots of insight into what might be happening. There are countless stories about finding major breaches and issues by monitoring the various user-agent strings in an environment and investigating the anomalous or uncommon ones you find.

  3. Other Network Security Products – Some of these may already be covered with a next generation firewall, but you may have standalone systems in place. Logs from tools like Network IPS/IDS, Network DLP, Sandboxes, and even router NetFlow data are all rich intelligence sources for the SOC analyst.

Read more here

6 Best Practices to Fight a New Breed of Insider Threats

Carbon Black logo digest

The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks attacks during the pandemic according to data presented in the VMware Carbon Black Modern Bank Heists 3.0 report.

Use the following 6 best practices to combat these insider threats.

  1. Visibility is key—Know when you’re under attack, and when you aren’t. Conduct threat hunting on a monthly basis. Make sure you’re capturing all the data about your environment and storing it for at least 30 days. Leveraging data and analytics is crucial to creating a window into what is happening—or has happened.
  2. Don’t have a kneejerk reaction—Don’t rush to turn off all your servers. Find out what they’re doing. You need to sit and watch them, map out their activity.
  3. Take communications offline or on a separate channel—Odds are the attackers are monitoring your communications. Establish secure communications on a separate channel to make sure the attackers are following your every move.
  4. Create a separate war room—Here you can do physical forensics on compromised hardware. Make sure the room is separate and controlled, too. It’s important to log all the activity.
  5. Employ micro-segmentation—Flat networks are more susceptible to hacking methods, like lateral movement. Micro-segmentation divides the data center into distinct security segments, which are then assigned unique controls and services.
  6. Cover your bases legally—As covered, it’s vital to log all the activity for analysis and research but also to have an audit trail.

Read more here...


Topics from this Article

Sumo Logic, Carbon Black, SIEM, News, Security Information and Event Management, Insider Threats

Justin Bahr
Justin Bahr
Justin Bahr is one of Product Managers at Datashield focused on technology partnerships, analytics and business intelligence.

Related Posts

How Datashield and ExtraHop Work Together

Learn how Datashield partners with ExtraHop, our premier Network Detection and Response (NDR) partner, from our Director of Product Management Mike Heller. I first met the ExtraHop team at RSA Conference 2020, just weeks before the world changed from COVID-19. After the initial meet and greets, we decided to schedule a time to do a deep dive post-conference. Datashield saw an immediate value-add that our service would bring from a technology perspective.

What is Cyber Insurance?

Statistics show that the fallout from successful cybersecurity incidents has both financial and business-related consequences. A data breach costs the average enterprises approximately $60,000, and in extreme situations, small and medium-sized businesses may go out of business within 6 months from the date the incident occurred. Thus, to determine whether the financial cost of successful hacking attempts, businesses have turned to insurance to deal with extensive losses.

Datashield featured on Legal Podcast

Datashield was recently featured on a legal podcast, The Rose Report. Our CISO David Norlin spoke with host Madelaine Braggs on new cyber risks and vulnerabilities targeting the real estate industry.