Is it the firewall or the logging that caused the hacking?

Cybersecurity starts with good logging.  Networks must be monitored to react to threats as they happen.  When thinking about your organization, is there anyone who can identify the number of failed login attempts on your servers? Do you know how many failed login attempts have occurred within your organization in the past day, week, or month? If these questions are not easily answered, then your organization is at risk.

To limit these cybersecurity risks, keeping an accurate log is vital.   Logging will provide key metrics to recognize when someone (or something) is trying to connect to your network.  It will show when your server has accepted logins from the public internet. Even worse, it will identify an exploit on your internal network.  Therefore, it’s imperative to have a logging and alert system in place for your network.

By having a logging system in place, security scanners can run in the background. The scanners will alert proper personnel within your organization to investigate compromising situations and take action. Advanced logging scanners can integrate with your firewall. Once integrated, scanners can make decisions based on your company’s security policy and firewall type. Overall, logging will help identify many possible threats to your network.

This same logging mentality can scale dramatically when utilizing AWS Cloud watch. When set up correctly it can monitor and alert on not only traffic but also actions on your AWS VPC.

As a veteran in the IT field, I have seen cybersecurity threats compromise the most secure networks. I anticipate it can happen to yours.  Logging and alerts are the only way to limit the risks and increase cybersecurity.  At Nettology we can help your IT staff set up the proper logging and notification framework for your organization.