Desktop software is a common target and infection vector for broader breaches - in fact, one of the most visible breaches of our time started with a malicious excel spreadsheet. AlienVault USM can help you identify when the presence of this type of software is okay and when it might cause a problem.
When a breach occurs, one of the most common ways for someone to get into your environment is through vulnerable desktop software. Did you know that one of the most visible breaches of our time started with a malicious Excel spreadsheet? Desktop software is a hard problem to track down. When is it okay, and when might it cause a problem? Today we’re going to take a look at the alarms coming from our data center to identify the use of desktop software. So in our system, we have a group of assets which are found on our DMC. Now, looking at that asset group, we see the full activity of all those assets in the environment. Remember, what we’re looking for today are any assets using desktop software. If we click on the alarms, we can see all the related alarms to those assets. Using our alarm taxonomy, we can quickly zoom into the alarms related to desktop software.
Here it looks like Windows222 is running a bittorrent client called Gnutella, and an IRC chat client. I wouldn’t want that stuff running anywhere in my environment, much less in my DMC. Let’s right click on that asset to see who owns the machine. From the user data collected by our built-in HIDS solution, we can see that this asset is being used by the user “Mike”. And that’s how you can easily identify who’s using bittorrent on the data center. With USM, you can achieve security visibility in minutes, not months. If you’re interested in exploring more, download our free 30 day trial to get some hands on experience in your own environment.