SIEM Use Cases

PCI DSS: Monitoring & Detecting Unauthorized Access Privilege or Suspicious Data Access

Payment Card Industry Data Security Standard (PCI DSS) is the international standard protecting the card owner's data from malicious use or theft. Institutions accepting payment cards must follow the Payment Card Industry Data Security Standard. Institutions need to apply the technical regulations below for PCI DSS compliance: ● Monitoring access to network sources and card owner data. ● Making audit trails safe for them not to be changed. ● Regular testing of security systems and processes.

How to Monitor and Detect Unauthorized and Suspicious Network Connections

Logsign USO Platform can detect the access activities to IT systems by correlating them. Audit logs and process creation logs are used during the detection process. The cyber attacker is detected by means of the findings obtained after the logs are analyzed.
1.

Detecting Compromised User

Logsign USO Platform identifies abnormal behavior of users by means of correlation. For instance, Logsign USO Platform creates alerts to warn relevant IT managers in case of access to extraordinary data or systems at extraordinary hours.

2.

Detecting Suspicious Privileged Authorization Increase

The main target is to detect privileged user account accesses. Logsign USO Platform immediately identifies users that increase the authorization for critical systems.

3.

Command and Control (C&C) Communication

Logsign USO Platform may associate the network traffic with the Cyber Intelligence Module to discover malware that communicates with external attackers. This refers to a compromised user account.

4.

Detecting Data Leakage

You can use Logsign Correlation and Cyber Threat Intelligence (TI) service to analyze incidents that may seem irrelevant – such as USB disc driver adding and processing information, personal email services, cloud storage services, or creating high data traffic through the local networks.

5.

Rapid Ciphering Detection

It can detect the ciphering of the data on user systems. These abnormal movements on user data may be a ransomware attack.

6.

Efficient Incident Response Automation

Streamlining Incident Response By centralizing and correlating security event data, Logsign USO Platform streamlines incident response workflows. It integrates with ticketing systems and other incident response tools, allowing security teams to automate actions like quarantining compromised computers or blocking malicious IP addresses, usernames, URLs, domains, hashes, thereby reducing response times and minimizing the impact of security incidents.

Other SIEM Use Cases