Better Services at Reduced Cost and Risk
The drive for greater efficiency in the provision of public services means that ever greater amounts of data will need to be shared. It is essential that the public retains confidence in the confidentiality, integrity and availability of this data if electronic public services are to be taken up and trusted by the citizen. This is true whether the service is provided online, or is part of the wider government business agenda.
Rules based tools, such as anti-virus, Intruder Detection, Firewalls and Audit Logs are established as an essential element of any Information Assurance regime, however, they are now faced with increasingly sophisticated attackers who can understand and circumvent the rules. Against these attacks analytical monitoring can provide a step change in countering the threat, providing a complete new layer to the Defence in Depth approach.
Rules based tools work by assessing the current configuration of the system against a defined baseline and raise alerts when the system goes outside pre-defined parameters. However, they suffer from two major weaknesses.
1. Being rules based, a sophisticated and experienced attacker can design an attack to avoid tripping the alarms.
Analytical monitoring takes a different approach, analysing the behaviours within the system, building a picture of 'normal' behaviour and looking for anomalies. By constantly refining the parameters of 'normal' behaviours, it can move dynamically with changes in organisational structures and business processes. This means that it can find not only suspicious 'outlying' behaviour, but can detect anomalous behaviours that sophisticated attackers may try to hide 'within the crowd'. This makes analytical monitoring especially useful in the fight against Advanced Persistent Threats.
How SAS can help
Ready to learn more?
Call us at 01628 486 933 (UK) or request more information.
Transform the delivery of public service whilst maintaining confidence in the security of your information assets