Extreme Archiving, Part 2: Understanding the ‘Normal’

You are a security analyst, sitting in the SOC, and you receive an alert that the user on machine 65.43.55.01 is accessing the customer database and initiating a backup. Should you worry?It seems like an easy question to solve; either this user is supposed to be taking backups of the customer database and all is well, or else we have a security problem. Unfortunately, in many instances today, it’s quite difficult to answer the simple question: is this normal behavior, or not?While no security professional secretly pines for the days of viruses and SQL injections, there was a certain simplicity to cyber-attacks a decade ago. That is, it was usually easy to see that a particular action was unwanted and unpleasant. Attacks were transactional: a bad guy enters a certain…


Link to Full Article: Extreme Archiving, Part 2: Understanding the ‘Normal’

Pin It on Pinterest

Share This

Join Our Newsletter

Sign up to our mailing list to receive the latest news and updates about homeAI.info and the Informed.AI Network of AI related websites which includes Events.AI, Neurons.AI, Awards.AI, and Vocation.AI

You have Successfully Subscribed!