Transcript
Lock360. One of the primary functions of security operations is to keep the threats at bay. To do this, you need to monitor your network constantly and look for subtle signs of potential threats. Mapped to the initial access, defense evasion, and persistence attacking techniques, critical changes to security tools, firewalls, servers, and cloud platforms are one of the solid indicators of potential threats. Lock360 ManageEngine SIEM solution monitors and alerts you on the following things. Firstly, we've got firewall rule changes under which you can see reports for the addition, modification, and deletion of firewall rule. Here, you can see the precise time of when the rule was added and which device it originated from and the rule ID, the rule name, and the profile name. You will find all these details in the other reports as well pertaining to firewall rule changes. Next, we've got registry changes. This includes the creation or modification of registry values, insights on failed registry modifications, and failed registry permission changes. Critical information such as the user involved and the time of the changes is also highlighted. Here, you can see that it shows what exactly had been modified in the registry and also provides the previous value. Let's move on to router configuration changes. Here, we can see the router configuration changes report. It categorizes changes initiated from remote devices and shows change trends. Detailed insights include users who made the changes, the source, and the time of each modification across various devices like routers, switches, firewalls, across vendors like Cisco, SonicWall, and others. Now, let me take you to Cloud Security Plus, a component of Lock360, where we'll be looking at the cloud configuration changes report. Within the report, you'll find details such as the exact moment the configuration change occurred and the source that the change originated from, the event name, and which user made that change, and the source IP address. This detailed report breaks down a recent VPC deletion. We see who initiated it, the exact time, and the specific VPC removed. This report is crucial for maintaining a strong security posture in your cloud infrastructure, specifically for both AWS and Azure platforms. Now, going back to Event Log Analyzer, let's look at configuration changes to critical servers such as IIS web servers and others. The configuration reports include information about who made the changes, where they originated from, and when they occurred, and also the old values and new values. And that's not all. Lock360 also captures critical changes to system processes with its out-of-the-box correlation rules based on the MITRE ATT&CK Threat Modeling Framework. To conduct thorough investigation of these indicators and subsequent events stemming from them, invoke Incident Workbench of Lock360 and visualize the user accesses and activities post-event to validate threat condition. Get in touch with our technical experts to know more about Lock360's configuration change monitoring and optimizing it to your environment.
