London, UK – April 13, 2017 – SOC Prime, Inc. is proud to announce new content in Use Case Library – Brute Force Detection Advanced for HPE ArcSight. Brute force attack is still one of the most effective ways to penetrate network infrastructures. Adversaries may use different brute force methods and have many possibilities to hide their actions. In addition, development of security tools forces hackers to improve constantly their techniques. To secure your organization, you need to monitor authentication logs scrupulously for any login failures on Legitimate Credentials. A large number of such errors indicates a possibility of the brute force attack aimed to gain access to your network. Profiling allows timely detection of suspicious connections caused by compromised accounts.
Brute Force Detection is a SIEM Use Case providing analysis of successful and unsuccessful authentication events from a wide variety of systems and services, starting at Hypervisor layer and all the way up to API layers. It detects password guessing attempts from one or more sources, performs statistical analysis and user profiling, and also significantly complements the capabilities of other UCL content. In addition, this use case is able to detect even a slow brute force attacks.