Trace Record Analysis service is the service where the traces left by the attacker are analyzed and followed after an event occurs in the corporate network infrastructure. With this service, the traces left by the attacker to access the system are examined and the size of the attack is measured from the traces left on the systems. Cyber attacks have the understanding that no matter how complicated they are, they always leave a trace somewhere. When an attacker attacks systems, whether his attack is successful or not, it definitely creates noise (trace) in the infrastructure’ system. With the trace recording analysis, the traces of the noise made by the attacker are detected. Thus, the traces of the attacker are seen and the source of these traces (noise) is detected, so in which other systems it leaves traces or tries to attack are reported. This service does not include preventive activities.
During a cyber event, Trace Record Analysis, which is carried out on the systems where there may be digital traces left on the systems by the attacker in the process from the start time to the end of the event, consists of the following service titles.
- Detection of Systems that Need to Take Logs
- Analysis of Existing Log Management System
- Ensuring the Security of the Log Management System
- Defining Roles and Log Retention Periods in the Log Management System
- Determining the Logs to be Monitored Daily and Examining the Required Alarm Structure
- Preparation and Presentation of Periodic Event Analysis Reports