Cybersecurity 101: How does Avid detect and respond to malicious events happening on a server?
By Matthew Sutton, Director of Cybersecurity Operations at Avid Communications
We are constantly asked, “What sets Avid’s cybersecurity solution apart from the competition?” My answer is always the same, the Avid team. Make no mistake, technology solutions such as Next Generation Firewalls and our SIEM make our jobs easier. (SIEM is an acronym that stands for Security Information and Event Management.) Still, they require a talented and well-trained team to fully utilize their potential. We recently encountered an incident that put this on full display.
Our SIEM alerts our Security Operations Center (SOC) when a malicious event has happened. It also alerts our SOC when a suspicious event has occurred.
In this case, one of our customer’s servers had outgoing traffic destined for a suspicious address. One of our analysts took charge and began digging deeper into the event to see what was happening. Using the logs that the SIEM stores, they can look back in time and determine that amongst the “normal” server traffic was a beaconing event. (The server was reaching out to an IP address at a consistent time interval.) This beacon to an unfamiliar IP address, coupled with the suspicious event, was enough for our analyst to escalate to our incident response team.
The incident response team immediately contacted the customer and began working with them to run anti-virus and anti-malware scans on the server in question.
These scans found infected files that had made their way onto the machine through a malicious browser extension. The team also worked to have our Endpoint Detection and Response (EDR) application installed on the machine. Our EDR found and blocked several more malicious files on the device. This allowed the incident response team to remediate and monitor the server and determine that there appeared to be no spreading of this malware. It was no longer a threat.
Avid’s cybersecurity solution is made of many powerful and sophisticated tools. Ultimately, the essential layer is still the team of professionals that monitor, investigate, and react to these issues.
Hacking and breaches continue to impact companies. If you would be interested in learning more about our cybersecurity best practices for your company, please give us a call!
Leave a ReplyWant to join the discussion?
Feel free to contribute!