You are a security analyst, sitting in the SOC, and you receive an alert that the user on machine 65.43.55.01 is accessing the customer database and initiating a backup. Should you worry?
It seems like an easy question to solve; either this user is supposed to be taking backups of the customer database and all is well, or else we have a security problem. Unfortunately, in many instances today, it’s quite difficult to answer the simple question: is this normal behavior, or not?
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access