Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

Last Updated on December 23, 2021 by Admin

There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

  • Attack Signature detection tool
  • Variance detection tool
  • Audit Reduction tool
  • Heuristic detection tool
Explanation:

Trend/Variance Detection tool are used to look for anomalies in user or system behavior. For example, if a user typically logs in at 9:00 am, but one day suddenly access the system at 4:30 am, this may indicate a security problem that may need to be investigated.

Other types of audit trail analysis tools should also be known for your CISA exam

The following were incorrect answers:

Audit Reduction tool – They are preprocessor designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tool can remove many audit records known to have little security significance.

Attack-signature detection tool – They look for an attack signature, which is a specific sequence of events indicative of an unauthorized access attempt. A simple example would be repeated failed logon attempts.
Heuristic detection tool – Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. Multi Criteria analysis (MCA) is one of the means of weighing. This method differs with statistical analysis, which bases itself on the available data/statistics.

Reference:

CISA review manual 2014 Page number 336
and
http://en.wikipedia.org/wiki/Heuristic_analysis