January 18, 2018
Here is how one of our customers, successfully discovered an intrusion attempt in the data center.
It started with an intrusion to one of the servers (an application that generates coupons). The initial alert about a possible intrusion came from the coupon application. Then, illuminIT was used to understand the scope of the intrusion – both in terms of which computers and users accessed the application, how many servers participated, whether there were other intrusions attempts, to other systems, by the same servers, and also when exactly each intrusion attempt happened. Without illuminIT, this analysis would be complicated, time-consuming, and a large part of it completely impossible. With illuminIT, the manager took a few steps to rectify the situation.
First, did this malicious user attempt to access other systems? If so, which systems and when? All this data is available by using illuminIT Network Topology queries, in combination with the historical traffic charts.
Second, did other users use the same intrusion path? Who used the intruding computer? And which other computers connected to the coupon system? All these queries are straightforward with illuminIT.
Third, understand how difficult it was to access the coupon system – how many intrusions were attempted before the first success? How long did it take?
This is another excellent example of how illuminIT brings visibility to the IT organization and helps understand the scope of break-ins and problems.