Logo 1 (1)

SIEM vs EDR: Which Security Solution is Best?

SIEM technology has existed since 2000, so it’s hardly new.

A Security Operations Center (SOC) can now provide 24/7/365 monitoring and logging of security event alerts thanks to this essential instrument, which has evolved over time.

Security teams may better concentrate on locating, evaluating, and reacting to the threats and other warnings that are most important with the aid of SIEM. It is now simpler for technology service providers (TSPs) to offer their clients SIEM functionalities, such as visibility, thanks to next-generation, cloud-based SIEMs.

Modern SIEM solutions provide for complete access to inspect your alarm data when working with a SOC. Also, your team  can collaborate directly with the SOC professionals to swiftly identify and resolve key issues.

What is SIEM technology and how would you use it?

An organization’s network devices, systems, applications, and services produce log and event data, which is collected by a security information and event management (SIEM) system. Then, it compiles all of the data onto a single platform. Through a “single point of view,” a SIEM gives security teams more visibility into what’s occurring with all the components of the IT environment.

Automation is used by technicians to compare the data in the SIEM to different pre-made security rules. They can easily sort through all the “white noise” in these numerous data sources, which range from web servers to hypervisors, to find actual events that may be taken action on.

Since it enhances threat detection, the SIEM plays a crucial role in an organization’s IT stack. If a bad actor has managed to get past your perimeter defense, you can find out using a SIEM extremely quickly and respond appropriately.

Following are some use cases for SIEM technology:

At TSAROLABS we will either use a SIEM platform or collaborate with a TSP which offers SIEM capabilities as part of its cybersecurity offerings if it wants complete insight into your whole IT infrastructure.

Implement strategic detection: SIEM solutions of today can offer real-time visibility into security threats affecting network devices, systems, applications, and services, such as malware or suspicious network traffic. Security teams can prioritize the reaction to any warnings pertaining to the organization’s most important IT assets by using SIEM technology to stay focused on them.

Evaluate event data: Security teams may utilize SIEMs to examine event data in real-time, which improves their capacity to identify potential risks, such as advanced threats and targeted assaults, early on. Additionally, teams may hunt proactively for risks across the entire business with the “single pane of glass” perspective a SIEM offers, moving away from a reactive approach to cybersecurity.

Enhance logs: Event logs from firewalls, web filters, endpoint solutions, other devices including routers, and applications provide a plethora of information regarding potential risks. But, in order to be understood, they must be enriched, or given more context. Enriching a log of IP addresses with pertinent geolocation information for those addresses is an illustration of this approach. By integrating with other systems via APIs, a top SIEM platform can gather and correlate event and non-event data for enriching logs.

Meet compliance requirements: Businesses may more easily comply with regulations like the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act (HIPAA) thanks to real-time correlation and analysis of data, data preservation, and report automation (PCI DSS).

Accept data from a variety of network sources: A SIEM gives security teams a much clearer picture of what their various security tools are “seeing” and reacting to because it provides visibility into event data through a single pane of glass and has access to a variety of data sources in an organization’s IT ecosystem. They gain deeper understanding of prospective threats as well as their gravity and network targets as a result.

Current EDR solutions are cloud-based and employ machine learning (ML) and artificial intelligence (AI) for threat identification and behavioral analysis. By diagnosing faulty source processes and system settings, they may swiftly locate the core causes of harmful actions by tracking down every running process and mapping it to malicious behavior.  The most effective EDR solutions can also identify malware and pathogen variations.

When an AI-driven EDR platform detects a threat, it can automatically take action to stop, get rid of, or contain the threat while also alerting security personnel so they can look into it further, if necessary. Modern EDR platforms also include forensics and analytics capabilities, enabling security teams to investigate flagged threats and even conduct threat hunting to look for unusual activity.

Modern cloud-based EDR tools are simple to manage, keep up to date, and interface with other systems. Endpoints are constantly under attack from a variety of threats that change frequently and range in severity, therefore many businesses choose to outsource the process of triaging EDR alerts and remediation to a SOC provider rather than burdening their IT staff or adding more security talent.

So, What is EDR technology and how would you use it?

Endpoint detection and response (EDR) solutions are endpoint-focused security technology, as their name suggests. Endpoints effectively acted as network gateways. These include hardware devices that are vulnerable, such as servers, desktops, smartphones, and Internet of Things (IoT) devices. Malicious actors continuously target endpoints in an effort to infiltrate the network.

EDR technology is not new, similar to SIEM technology, even if the phrase “endpoint detection and response” was only created recently. Like SIEM, EDR technology can play a crucial role in an organization’s security technology stack. Nevertheless, unlike SIEM technologies, EDR solutions do not examine the entire network. An EDR system tracks and gathers information regarding endpoint activity, then analyses it to determine whether or not the activity is normal.

Many EDR systems are agent-based, which means that they need software or sensors installed on endpoint devices in order to be able to monitor and collect data. EDR tools’ ability to provide sophisticated and thorough threat detection and response is made possible by this software.

Following are some use cases for EDR technology:

Vendor-driven analysis has the following advantages: An EDR platform can gather data from endpoints and send it back to the vendor for analysis. The vendor will block the threat and issue an alert if the data is found to be dangerous. Typically, security administrators can monitor these notifications in the EDR solution’s dashboard and choose how to react. Crucially, vendors may also detect false positives, saving security teams’ time from chasing after ineffective threats.

Control and see how devices are used: Modern EDR platforms enable businesses to regulate the information that USB and Bluetooth-enabled devices linked to their networks can access. While those devices are in use in the IT environment, they can also keep an eye on how they are being utilized.

Use rollback capabilities: A contemporary EDR tool can offer comprehensive device visibility. Additionally, they may immediately roll back files to earlier safe versions in the case of a threat by monitoring modifications to the devices and restoring them to a low-risk condition. Rollbacks repair the harm that threats like ransomware assaults cause to endpoints.

Quickly analyze endpoint data: Security personnel may immediately look up data gathered by the EDR platform to gauge the danger and extent of threats. Also, they are able to look for signs of compromise in the EDR database. They can also instantaneously query endpoints directly.

Contain Threats: Threats can be contained at the endpoint by using EDR tools, which use event and behavior analysis to find threats, whether they include known or unknown vulnerabilities. The EDR platform will halt any processes that are now executing to contain the danger, stop any additional events, and notify the security team if an event is later determined to be suspicious. For quickly evolving attacks like ransomware to be contained, timely action at the endpoint level is essential.

When combined, SIEM and EDR are two technologies that can give enterprises a more thorough understanding of the state of their security. See SIEM and EDR as complimentary controls rather than as alternatives to one another in terms of technology.

They are a crucial component of an organization’s overall security strategy, which also includes a variety of other security controls (technological, physical, and logical), adopting best practices and industry-leading frameworks, putting in place and upholding efficient policies, developing and testing business continuity management plans, offering pertinent end user training, and much more.

A well-designed EDR platform should still beat a SIEM tool in prevention, even though a SIEM solution can cover for situations where threat prevention fails. EDR technology should also make it simpler for security teams to react to events.

Sai ram
Follow on LinkedIn

What went wrong with Dole – A Cyber attack story.

Time and again, TSAROLABS has been updating you on taking precautions in terms of cyber security! However, slight negligence can cost billions to any attacked organization! 

Food giant Dole was hit by a cyberattack, temporarily forcing the company to shut down its North American production. The attack affected Dole’s computer systems and disrupted its operations.

Dole, one of the world’s largest producers of fruits and vegetables, has not disclosed the nature of the cyberattack or the extent of the damage. However, the company has stated that it is working with law enforcement and cybersecurity experts to investigate the incident and to restore its systems as quickly as possible.

The cyberattack has forced Dole to halt its production across North America, causing disruptions in the supply chain and potentially affecting the availability of fresh produce in the region. However, the company has assured its customers that it is doing everything possible to minimize the impact of the attack and resume operations as soon as it is safe.

This incident is the latest in a series of high-profile cyberattacks that have targeted significant corporations and organizations worldwide. Cybersecurity experts warn that such attacks are becoming increasingly common and sophisticated and that companies must take steps to protect themselves against the growing threat.

Dole has advised its customers and partners to remain vigilant and to report any suspicious activity or attempts to exploit vulnerabilities in their systems. The company has also urged other organizations to protect their networks and data from cyber threats proactively.

The post-attack measures that Dole is taking now are very much required. But it is equally essential for organizations to consider taking cyber security measures to avoid such ‘worst-case’ and ‘what-if’ scenarios.

TSAROLABS is aware of the specifications needed for such cyberattacks. TSAROLABS is aware of what went wrong and works to fix it.

Through our best-in-class and industry-recognized cyber solutions, TSAROLABS offers the most promising and guaranteed ROI-based model.

Contact TSAROLABS for a quick demo session followed by a questions and answers round where we can address all your doubts and queries. 

The decision is all yours! 

Related tags: Cyberattack, Dole, NorthAmerica, ProductionShutdown, Cybersecurity, SupplyChain, , FreshProduce, LawEnforcement, Investigation, DataBreach, RiskManagement, DataSecurity, BusinessContinuity, ITSecurity, IncidentResponse, Resilience, ThreatIntelligence, VulnerabilityManagement, CyberAwareness, DataProtection, InformationSecurity, BusinessImpact, CrisisManagement, CyberInsurance, SecurityAwareness, DisasterRecovery

The importance of web penetration testing for your organization

Web penetration testing, also known as ethical hacking, simulates a cyber attack on a website or web application to identify vulnerabilities that a malicious hacker could exploit. By uncovering these vulnerabilities, organizations can take steps to fix them before they can be used to compromise the security of their systems and sensitive data.

Why web penetration testing is essential for every organization?

Identify and fix vulnerabilities: By simulating a real-world attack, web penetration testing can help organizations to identify and fix vulnerabilities in their web applications and infrastructure that a hacker could exploit.

Improve security: Web penetration testing can help organizations improve their web-based systems’ overall safety and protect against cyber attacks by identifying and fixing vulnerabilities.

Compliance: Many regulations, such as PCI DSS, HIPAA, and GDPR, require regular penetration testing to ensure the security of sensitive data.

Protect against data breaches: Web penetration testing can help organizations prevent data breaches by identifying and fixing vulnerabilities in their web-based systems before hackers can exploit them.

Maintaining trust: By showing customers and stakeholders that an organization takes security seriously and is proactive in identifying and fixing vulnerabilities, web penetration testing can help keep the organization’s trust.

In summary, web penetration testing is an essential aspect of maintaining the security of your organization’s web-based systems and protecting against cyber attacks.

Identifying and fixing vulnerabilities and ensuring compliance with industry regulations is crucial like never before, Get it done today!

Write to us at connect@tsarolabs.com for any assistance.

Related tags: Cybersecurity, Ethical hacking, Web application security, Vulnerability assessment, Compliance (e.g. PCI DSS, HIPAA, GDPR), Data breaches, Trust and reputation management, Penetration testing best practices, Web security trends, Network security, Security testing, IT security, Web security audits, Security remediation, Secure coding,
Secure development life cycle (SDLC)

Cyber security in Sports

While attacks against sports entities continue to advance and become more popular, the sports world needs to catch up regarding securing assets.

This means that sports organizations either have yet to grasp the magnitude of a continuing and worsening trend or they have yet to take the proper steps in implementing protection methods.
The technologies to protect sports organizations are out there, but the ” know-how ” is currently missing.”

Even when organizations do allocate budgets and purchase security products, they often buy the wrong ones or use them in the wrong way, having a common understanding of the products they need. They are “misconfigured.

Most attacks against the sports world fall into the organized crime category. These individuals are motivated by financial gain and want to extort money from the victim organization. Numerous assets to protect, but the crown jewels could be categorized as the following: fan data, proprietary assets such as athletes, social media accounts, mobile apps and websites, cloud-based servers, online bank accounts, and, finally, employees.

Sporting organizations must work hard to educate leaders and implement new systems to protect themselves from an ever-evolving threat. Cyber protection has to be a significant consideration per project, and implementing experienced personnel such as a dedicated CISO (chief information security officer) is a must.


  • Establishing and implementing a comprehensive cyber awareness program to ensure all club members — from players to executives — are aware of the risks and how what they click on could impact the club.
  • Encouraging organizations to invest in AI-based techs, such as inbox defense systems, which provide real-time protection, can significantly impact the number of emails reaching the user’s inbox.
  • We are establishing GDPR compliance and creating Privacy Shield to protect organizational data.
  • Protecting devices and networks by keeping them up-to-date, adopting the latest supported versions, applying security patches promptly, and using antivirus and scanning regularly to guard against known malware
  • Restricting intruders’ ability to move freely around your systems and networks
  • Paying particular attention to potentially vulnerable entry points, e.g., third-party
  • Adhering to supply chain security best practices to help you assess the third parties you do business with.
  • Adhering to Stadium cyber security best practices as laid down by the authorities and federations.
  • Putting risk on the agenda: Discussions of your organization’s values and actions to protect it should be part of regular business. Making time to cover these issues at your management meetings or weekly catch-ups. When compared to physical threats, determine where cyber security threats sit on the priority list.
  • Preparing your business for the most common cyber security threats by developing plans to handle those incidents most likely to occur. The best way to test your staff’s understanding of what’s required during an incident is through various exercises to test your organization’s resilience and preparedness.

Some tips for IT Practitioners

Make basic attacks more difficult: Implement Multi-Factor Authentication (MFA) for essential services such as email accounts. MFA buys a lot of supplementary security for relatively little effort. Organizations of all sizes can use MFA to protect their information, finances, and the services they rely on for day-to-day business.

You should also consider the application of other technologies to manage access to essential services, such as conditional access and role-based monitoring

Reduce the password burden:

Review how your organization uses passwords. To take some pressure off your staff, use technical security controls like blocking common passwords and allowing the use of password managers. Consider how you can identify or mitigate common password attacks, such as brute-forcing before harm is done.

Related Tags: Cyber Attack, Cyber Security, Password, Securing Assets, Sports and Games, Implementation of Protection, Multi-factor Authentication.

Incident and Response System

Incident response (IR) collects information security rules and processes to detect, contain, and eradicate cyberattacks. It helps companies plan, prepare and respond to various cybersecurity incidents. Every organization can benefit from incident response services.

About Incident Response Services

Security professionals establish the breach point, depth, and severity when a cybersecurity issue is discovered. Then, the incident response team starts the containment, eradication, and recovery process post-discovery and analysis.

The incident response teams’ objective is to create and maintain an environment that preserves the confidentiality and integrity of all users.

What do they do?

It is a group of IT specialists responsible for identifying and responding to organizational disaster. A proactive team maintains strong security best practices for all incident handling procedures.

On the other hand, a Security Operations Center monitors, analyzes, and defends a company against cybersecurity threats. As a result, individual risk profiles and business processes vary from company to company.
Few defined tasks like leadership, investigation, communications, documentation and legal representation are some fundamental duties of an incident response team.

How is it planned?

It is a document specific to an organization’s incident response protocols, actions, and responsibilities. It is meant to aid in the recovery of a company’s IT infrastructure after a cyberattack or other destructive event. It determines all of the above parameters, and businesses can employ incident response organizations ahead of time to prepare for potential assaults!

connect@tsarolabs.com – inquire to know more!

Related tags: incident response management, security operations center, Incident response, data breach, virus, corporate data, and equipment, employ incident response organizations, potential assaults, risk management

Understanding Encryption

Encryption refers to sending messages in coded form. Anyone who does not have the correct key cannot decrypt the message. Otherwise, the message is a random collection of letters, numbers, and characters.

Encryption is essential when trying to obtain sensitive data that others cannot access. Email travels over the internet
and can be blocked by cyberpunks, so adding an extra layer of security to your sensitive data is very important.
Encrypted data occurs randomly, but encryption proceeds logically and predictably so that no party receives encrypted data and knows the correct key to decrypt it back to plaintext. can Own In fact, secure encryption uses keys that are so complex that it is unlikely that a third party will crack or corrupt the ciphertext by brute force, i.e. guessing the key. Data can be encrypted “at rest” when it is stored, or “in transit” when it is transferred to another location.

How does encryption work?

Get the shared key of the reader. Once you have your key from Public Access, contact the person directly to verify your
identity. Most email clients have the ability to perform this task efficiently, so encrypt your email notifications with your public key and people can decrypt the message after receiving it.

What is a key in cryptography?

A cryptographic key is a string of characters used in the encryption process to change data so that it appears random. It locks (encrypts) data like a real key and can only be unlocked by someone with the original key.

What types of encryption are there?

The two main types of encryption,

  • Symmetric encryption
  • Asymmetric encryption.

Asymmetric cryptography is sometimes called public key cryptography. Symmetric encryption involves only one key and each communicating party uses the same (private) key for encryption and decryption.

Asymmetric encryption has two keys. One key encrypts and the other decrypts. The decryption key is kept private, but the
encryption key is public for anyone to manipulate. Asymmetric encryption is the underlying technology of TLS (often called SSL).

Why should I encrypt my data?

Privacy: Encryption ensures that only the intended recipients or fair data owners have access to messages or stored data. This protects your privacy by preventing ad networks, internet service providers, hackers, and routine
governments from blocking or reading your sensitive data.

Security: Whether data is in transit or at rest, encryption helps control data breaches. Hard drives are properly encrypted so information on lost or compromised corporate devices cannot be compromised. Similarly, encrypted
communications allow communicating parties to exchange personal information without the information being revealed.

Data Integrity: Encryption helps thwart malicious behavior such as on-the- path attacks. Encryption ensures that data sent over the internet has not been read or manipulated on its way to the recipient.

Regulations: Due to these factors, many industry and government regulations require companies that use user data to store encrypted data at rest. HIPAA, PCI DSS, and GDPR are examples of regulatory and compliance standards that require encryption.

What is an encryption algorithm?

An encryption algorithm is a method of converting data into ciphertext. Algorithms use encryption keys to predictably change data so that encrypted data appears random, but can be converted back to plain text using decryption keys.

What are some standard encryption algorithms?

Commonly used symmetric encryption algorithms are:

  • AES
  • 3DES
  • SNOW

Commonly used asymmetric encryption algorithms are:

  • RSA
  • Elliptic Curve Cryptography

What is a Brute Force Attack in Encryption?

To do. Modern computers make brute force attacks much faster. Therefore, cryptography must be very robust and complex. Most modern encryption techniques combined with strong passwords are immune to brute-force attacks. However, as computers become more powerful, they may become so. Brute force attacks using weak passwords are also possible.

How is encryption used to keep web browsing secure?

Encryption is fundamental to many technologies, but it is especially important for keeping HTTP requests and responses secure. The protocol responsible for this is HTTPS (Hypertext Transfer Protocol Secure).

Websites served over HTTPS instead of HTTP have URLs that begin with https:// instead of http://, usually represented by a secure padlock in the address bar.

HTTPS uses an encryption protocol called Transport Layer Security (TLS). In the past, an older cryptographic protocol called Secure Sockets Layer (SSL) was the standard, but TLS has replaced SSL.

Therefore, websites that implement HTTPS have TLS certificates installed on their origin servers.

How is encryption different from digital signatures?

Like digital signatures, public key cryptography uses software such as PGP to transform information using mathematical algorithms to create public and private keys, but there are differences. Convert to code. The purpose of a digital signature is integrity and authenticity, verifying the sender of a message and showing that the content has not been tampered with. Encryption and digital signatures can be used separately, but encrypted messages can also be signed.

You use your private key when you sign a message, and anyone who has your public key can verify that your signature is
valid. When encrypting a transmission, the public key of the sender is used and the private key of the sender is used to
decrypt the messages.

After authenticity, verifying the sender of a message and showing that the content has not been tampered with. Encryption and digital signatures can be used separately, but encrypted messages can also be signed.
You use your private key when you sign a message, and anyone who has your public key can verify that your signature is
valid. When encrypting a transmission, the public key of the sender is used and the private key of the sender is used to
decrypt the message. People should keep their private keys confidential and password protected so that only the intended recipient can see the information.

Why You Should Encrypt Your Files

A nightmare situation would be if your laptop with a million social security numbers, banking information, or Pll was
stolen. Not encrypted. it’s going to be a nightmare.

If you do not store such information on your computer and use it only at home, you do not need encryption. But it’s still a good idea. Encryption is especially important for people concerned about data breaches. Also, companies often require it in their information security policies.

Encryption is the key to protecting your data. It’s also an easy best practice to include in your security policy. A common security framework, SOC 2 confidentiality, requires encryption of sensitive information to limit access by unauthorized parties. Since this encryption process can vary by system and device, we’ll start with Windows 10 and Bitlocker.

BitLocker is Microsoft’s proprietary disk encryption software for Windows 10. By following these 8 steps, you can keep
your data is safe and secure. Plus, it’s free and doesn’t require you to install anything. You can use BitLocker to encrypt your entire drive to protect against unauthorized changes to your system.

How to encrypt a hard drive in Windows 10?

In Windows Explorer, under This PC, find the hard drive you want to encrypt. Right-click the target drive and select Enable BitLocker.

Select Enter Password. Please enter a secure password. Select To enable the recovery key, which is used to access the drive if the password is lost.

You can print the key, save it as a file on your hard drive, save it as a file on a USB drive, or save the key to your Microsoft account.

Select Encrypt Entire Drive. This option is more secure and encrypted the files you mark for deletion.

Select New Encryption Mode unless your drive must be compatible with older Windows computers.

Click Start Encryption to start the encryption process. Note that you will need to restart your computer to encrypt your boot drive.

Encryption takes very little time, but at the same time, it runs in the background.

Note: BitLocker is not available on Windows 10 Home Edition, but Device Encryption has similar functionality.

Related Tags – Encryption, BitLocker, cryptography, cryptographic.

The Internet of Things (IoT)

The Internet of Things (IoT) defines the network of physical objects “things” embedded with software, sensors, and other technologies to connect and trade data with different gadgets and systems over the internet. These devices vary from standard household objects to sophisticated industrial tools. More than 7 billion are connected to IoT devices today, and specialists expect this number to expand upto 22 billion by 2025. We can combine everyday objects, thermostats, kitchen appliances, cars, baby monitors to the internet via entrenched devices; seamless communication is feasible between people, processes, and things.

By Utilizing low-cost computing, big data, the cloud, analytics, and mobile technologies, material things can transfer and compile data with the tiniest human intervention. In this hyperconnected world, digital systems record, monitor, and adjust each interaction between related items. The physical world encounters the digital world and they cooperate.


Business-ready, SaaS IoT Applications
I0T Intelligent Applications are prebuilt software-as-a-service (SaaS) applications that analyze and showcase seized IoT sensor data to business users via dashboards. We have a complete set of IoT Intelligent Applications.

IoT applications employ machine learning algorithms to examine enormous portions of corresponding sensor data in the cloud. As a result, we can use real-time IoT dashboards and alerts to gain visibility into statistics between failures, key performance indicators, and other information. In addition, machine learning–based algorithms can identify equipment anomalies, transmit signals to users, and trigger automated fixes or proactive countermeasures.

Cloud-based IoT applications help business users quickly improve the process of existing customer service, supply chains, financial services, and human resources.

IoT provides sensor information and enables device-to-device communication, driving a broad set of applications.

What technologies have made IoT possible?

While IoT has existed for a long time, recent advances in several different technologies have made it valuable.

Access to low-cost, low-power sensor technology

IoT technology is possible for more manufacturers because it is affordable and reliable.


It is easy to link sensors to the cloud and other “things” for efficient data transfer with the help of an innholder of Network protocols for the internet.

Cloud computing platforms

The increase in cloud platform availability enables businesses and consumers to access the infrastructure they need to scale up without managing it all.

Machine learning and analytics

With access to a large amount of data stored in the cloud and advancements in Machine learning and analytics, businesses can gather insights faster and more efficiently. The emergence of these associated technologies persists in forcing the peripheries of IoT, and the data assembled by IoT also feed these technologies.

Conversational artificial intelligence (AI)

Advances in neural networks have fetched natural-language processing (NLP) to IoT devices (such as Cortana, Siri, and digital personal assistants Alexa) and made them appealing, affordable, and viable for home use.

Related Tags

Internet of Things, Software, SaaS, Intelligent Applications, CyberSecurity, Connectivity, Cloud Computing, Machine Learning and Analytics.

Online Charging System

OCS is a specialized transmission function that permits an assistance provider to charge a user for services in real-time. The OCS handles the subscriber’s account balance, assigning transaction control, correlation, and rating. In addition, OCS assists a telecom operator in ensuring that credit limits are enforced and resources are authorized based on transactions.

Traditional online charging systems charge the Customer after a service is generated, whereas the OCS charges as services are developed. Therefore, OCS is more flexible than Intelligent Network (IN) prepaid solutions.

 1. Architecture

   1.1 Event-Based Charging

  1.2 Session-Based Charging

    1.2.1 Account and Balance Management

Online charging system overview (Source- researchgate.net)

Event Based Charging

An Event-Based Charging Function (EBCF) is employed to seize events based on their happening, preferably than their course or volume used in the event. Typical events include SMS, MMS, and content purchase (application, game, music, on-demand video, etc.).

The event-based charging operation is employed when the CC-Request-Type AVP = 4, i.e., for event proposal ex: diameter-SMS or diameter.

Let us assume a sample of Event-based Charging. 

  1. Cost of one apple is Rupees 25/- You pay the amount, take the apple and go. Likewise, sending a text message may cost you Rupee 1/- and that’s it. But, on the other hand, you subscribe to Caller Ring Back Tone (CRBT), which costs you Rs.30/- a month, irrespective of the number of calls you receive in a month. Therefore, we can term event-based Charging as a one-time or one-time occurrence cost.


Session Based Charging

The session-based charging function (SBCF) is responsible for the online Charging of network/user sessions, e.g., voice calls, IP CAN bearers, IP CAN offer sessions or IMS sessions.

Let us consider an example of session-based Charging. Utility services like electricity or water are charged based on overall usage for a specific time duration. For instance, you consume ‘x’ power units in a month and pay for units engulfed in that month. However, the use may vary monthly and hence the charges, similarly for drinking water, etc. Therefore, charging based on how much one consumes is metered or session-based.


Account and Balance Management

The account balance management function (ABMF) is the subscriber’s account balance location within the OCS.

LTE OCS-Online Charging System | OCF-Online Charging Function

Online charging architecture (source- rfwireless-world)

In OCS, charging events are received by the “Online Charging Function (OCF). ”
The OCF decides about the usage of resources based on the Rating Function (RF) and Account Balance Management Function (ABMF).
CTF stands for Charging Trigger Function.

Offline Charging System

Offline Charging authorizes Subscribers to consume the benefit without an upfront balance check or reservation. Post Service consumption and usage logs in the state of files & batches are processed for charging the Customers. These service usage files are called Charging Data Records (CDRs) or Event Data Records (EDRs).

As it’s not practical to send this large no. of files (different formats) through other Network nodes directly to the billing system, they are first adjudicated through a technique known as Mediation. It models between the Network layer and the BSS layer.

Mediation in offline charging (Source- RajarshiPathak)

Mediation system performs operations like: –

  • Raw CDRs Collections via PUSH or PULL method. CDRs file format can be ASCII, CSV, Binary, TAP, XML, etc.
  • Validating, Filtering & Parsing the CDR’s.
  • Processing/Enriching the records as per the Northbound systems (like Rating Engine, Interconnect System, Roaming Clearinghouse, RA, FMS, Reporting, etc.) requirements.
  • Distributing the processed CDRs to Northbound systems.

Offline Charging mechanism works for Service usage: –

  • Customer initiates service usage.
  • Raw CDRs get generated about this usage. Usage can be Session-based (e.g. Video call) or Event-based (e.g. File transfer/SMS).
  • Accounting-Request (ACR) and Accounting Answer (ACA) Diameter Messages are used to construct CDRs for service usage.
  • Raw CDRs are collected and processed by the Mediation system.
  • Processed CDRs from Mediation are guided to the Rating Engine.
  • CDRs are rated by Rating Engine as per the rate plans by measuring the events.
  • Rated Event data gets generated and stored in the Billing system.
  • Billing process picks up these rated events during the bill run for calculating the Usage charges to be applied on the Bill.
  • Bill gets generated for initiating Customer payments.

Source- netmanias.com

Offline Charging supports Session-based (like Voice calls or YouTube browsing) and Event-based (like SMS, File transfer over Instant Messaging) services. In addition, operators use the Customers’ credit limit for the service allowance. Therefore, revenue leakage will be minimal when the CDRs are rated as soon as they are generated during service usage.

Offline Charging mechanism as per 3GPP standard: –

Source- netmanias.com

CTF (Charging Trigger Function): The network node generates charging triggers whenever a customer uses services. Examples are GGSN, PGW, SMSC, etc. In addition, it sends Diameter Accounting-Request (ACR) messages to CDF to generate Raw CDRs.

CDF (Charging Data Function): This network node renders Raw CDRs by processing ACR/ACA messages established on service consumption. On obtaining ACRs, CDF processes the offline charging information and induces the CDRs. Using Accounting Answer (ACAs) messages, inform the CTFs that the Charging record has been developed.

CGF (Charging Gateway Function): The Mediation system processes the Raw CDRs and transmits the processed CDRs to the BSS systems. More details of Mediation are mentioned above.

Billing System

Use documents obtained from CGF (or Mediation) are placed by the Rating Engine. Rated Event data gets generated and stored. The billing process consumes the rated events held in the database and counts the Usage charges against the Customer’s Bill. During Bill Run, expenses like monthly recurring, one-time, cancellation, etc., are also processed along with usage charges. In addition, actions like billing term deals, adjustments, compensations, taxes, etc., are also assessed during the Bill Run. Once the Bill is concluded, it accepts the Payments against the Invoice.

Related Tags: payment, online charging, offline charging, billing, security, taxes, charging data, charging gateway, data management.

Shoulder Surfing at cafes and offices – An underestimated threat

Are you safe working at cafes, offices, and co-working spaces?

Well, the answer is No. It’s laughably low-tech, but shoulder surfing, or snooping over people’s shoulders to pry at the information displayed, is increasing – and there’s a good chance it’s happening to you.

Shoulder surfing is one of the most undervalued threats that is rapidly advancing. It is a type of social engineering that is aimed at obtaining personal information through interpersonal connection. There are two types of shoulder surfing.

The first type of attack is when direct observation is used to obtain access to data. For example, a person looks directly over the victim’s shoulder to observe when they enter data, such as their PIN, at a checkout terminal.

In the second type, the victim’s actions are first recorded on video. Criminals can then analyze these videos in detail and obtain the desired information later. Nowadays, it is possible to use video recordings to determine the PIN for unlocking mobile devices, even if the display cannot be seen in the video. The movements of a user’s fingers are enough to determine the access code.

Shoulder surfing can happen anywhere at any given point in time. So one must be aware of their surroundings while working on mobiles/desktops/laptops/ATMs/Filling necessary forms at banks, offices, etc.

The person can be a little far away, e.g., sitting some rows behind you on a train and using their mobile phone to video or take pictures of what they can see on your screen. Which they later use to retrieve information or access your account.

While using an ATM, someone positioned themselves in such a way that allowed them to watch you enter your PIN. In a rush, you leave the ATM with your card and money without ensuring it exited entirely out of your account. If the ATM doesn’t require the card to be inserted for the entire transaction, other transactions are permitted if you don’t confirm that you have any other trades to make as long as the attacker knows the PIN.

Crowded public transit makes it easy for attackers to see the device screens of others or hear the conversations of others. In these cases, they’re looking over the victim’s shoulder.

The victim accidentally leaves their device unattended in a public place. Having watched the victim enter his password into their computer moments before, the attacker can unlock the device with this information, putting any sensitive data on the computer at risk.

Some quick tips to avoid shoulder surfing

  • Eliminate passwords: The ONLY way to prevent password-based attacks is by eliminating passwords. Learn more about passwordless authentication today and keep your most critical applications secure.
  • Add a privacy screen to your devices: Using attached privacy screens dramatically lessens the risk of data disclosure. Some glass protector manufacturers have versions with a privacy screen, which protects your phone’s glass and the information on your phone, too.
  • Always be aware of your surroundings: Don’t let your guard down in public places. Attackers gravitate to those that they see as the easiest. If you’re distracted, you may not notice someone is watching you and what you’re entering into the device or the ATM.
  • Use biometric authentication instead: Biometric authentication, either using your fingerprint or face, can offer additional security that a PIN cannot. Since the attacker never sees you enter a physical PIN, they can’t log into the device.


Related Tags: cyberattack, hacking, security, cyberrisk, financesecurity, data, authentication, cybersecurity

Personal Data Protection Bill 2022

The Digital Personal Data Protection Bill 2022 tries to protect personal data while also pursuing users’ consent in what the draft claims are “precise and plain speech,” depicting the identical kinds of data that will be composed and for what purpose.

Divisions of “significant” dimensions – founded on aspects such as the volume of information they process – should appoint an autonomous data auditor to evaluate compliance with provisions of the law.
Enterprises will be mandated to stop controlling user data if it no longer suits the business objective for which it was amassed. However, users shall have the right to modify and erasure their data.
The administration will have the power to specify the countries where companies can transfer personal data. This will allow businesses to send user data to servers in nations on that list. In addition, the government will establish a “Data Protection Board” to ensure compliance with the proposed law. The board will also hear user complaints.

The Data Protection Board can impose financial fines for non-compliance. The draft proposal said that the collapse of commodities to take reasonable security precautions to prevent data infringements could result in penalties of up to 2.5 billion rupees ($30.6 million).

No company or institution will be entitled to process private data that is “likely to cause harm” to children, and advertising cannot target juveniles. In addition, parental consent will be required before processing any confidential data of a child.
The law will cover unique data collected online and digitized offline data. It will also apply to processing confidential data abroad if such data involves profiling Indian users or selling assistance to them.

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*