SECURITY INTELLIGENCE: Correlating and Detecting a Threat

Tom Barna Blog, Data Analytics, Network Security Leave a Comment

The 2017 data security landscape is more hazardous and risky than any previous year. Organizations are struggling with the reality that the tools they rely on to protect their network and data can’t keep up with today’s advance cyber threats. To combat these more sophisticated cyber threats, organizations must upgrade their monitoring to an equally sophisticated and comprehensive management tool.

Too Many Independent Tools

For several years the traditional method of dealing with these attacks was with an Event Management solution that would help monitor and address incoming cyber threats. As cyber threats are becoming more advanced and common, this system of IT security is beginning to show its limitations.

For most businesses, IT and Security staff members work with a variety of tools that monitor, manage and patch their systems. Many of these tools do not communicate with each other and this leaves the security staff to correlate any information manually.  This means that the Database Administrator (DBA) and his team are responsible for managing a large number of tools, trying to make sense of relevant data to find known and unknown threats.

This system of monitoring is incredibly tedious and rarely effective. On average it takes about 143 days for a breach to be detected on a network and even longer for a response to be issued. A large portion of data can be extracted in that amount of time, which is why real time analytics and monitoring is so crucial. A long lag time makes it near impossible to investigate where the damage has been done and what data has been compromised.

Modernize your Security Intelligence

With such noticeable limitations in the traditional system, how can companies plan to defend their online assets against these attacks? The answer is improving on the basic idea of an Event Management solution by creating a single platform that communicates with the various security tools and offers real-time monitoring of your entire network.

Red River, for example, uses Splunk software in our Security Intelligence and Event Management (SIEM) solution, which communicates with your independent tools to provide a more accurate view of your network and who is accessing your data. By having a single platform that brings together disparate systems, an organization is better equipped to monitor, recognize and investigate threats.

Our comprehensive SIEM solution is able monitor if an individual has gone from accessing 300 files to 30,000 files a day, a clear indicator that your network could be under threat of a data breech. This type of real-time monitoring gives you faster overall awareness and responsiveness to protect your network and infrastructure. Rather than relying on your DBA to find suspicious activity, our Security Intelligence solution can correlate changes in user behavior to help identify a compromise in their credentials. Real-time monitoring is crucial to stopping an attack quickly and minimizing damage.

Unfortunately the threat of external and internal attacks against your network and information isn’t going away, and in all likelihood the risk of an attack effecting you is only going to increase. The good news is that there are new solutions that give you heightened awareness over your network without interfering with your established systems and infrastructure. It’s time to go beyond traditional tools and gain greater visibility and security over your data with Red River’s Security Intelligence solution.


Read the latest Red River Viewpoint on Security Intelligence here, share your concerns in the comments section below, and contact us to learn more about our security analytics practice.



Tom Barna brings 20 years of professional experience, including a 15-year career in the information technology sector, with all 15 years focused on data protection and data delivery. Tom’s experience is comprised of experience in backup and recovery, disk storage management, Sendmail, EDI, UNIX Administration, Disaster Recovery and Continuity of Operations as well as Wide Area Network technologies in commercial and Government organizations. Tom is certified to design VMware vSphere as well as Virtual Desktop Solutions. Over the last 3 years his primary focus has been designing architecture required for Splunk solutions at Red River.

Leave a Reply