Client Experience - SIEM intrusion detection prevents theft of HR data by IoT device
The Problem
This business deals with insurance, HR benefits, and sensitive healthcare data on a daily basis
The business environment requires multiple secured connections to partners and vendors for automated secure data dumps
Although the environment is small it is subject to attack and contains a small number of IoT devices, including printers
After nearly 7 months with minimal activity, the SIEM system alerts to a printer which began attempting to access a sensitive local server using a series of different accounts.
The Solution
Dolce Vita had implemented EventTracker SIEM system and integrated it with the client’s servers
The SIEM system immediately alerted to this highly unusual behavior, allowing the administrators to immediately identify the relevant IoT device and stop the attack.
The attack progression can be seen in the graphic, in which the device begins in early June to suddenly attempt to log into the relevant server using a variety of account names in a classic dictionary attack.
Firewall rules were used to block the offending traffic to the server. The device firmware was then wiped and the device re-configured.
The Impact
The attack was detected rapidly and avoided theft of client data by providing timely and actionable security intelligence
This is one of the first active IoT (Internet of Things) attacks we have seen mounted against our client base
The lessons learned from this event were used to harden the security at other client sites
