Written by
Team Nucleus
Content
Written on
24th October, 2021
SHARE ARTICLE
A network security team can only fight what they can see, an organisation’s network security depends on their ability to rapidly detect and respond to emerging threats across their infrastructure, whether that is Tier 1 Operator, Enterprise or Cloud Provider. However, attack methods and strategies are constantly evolving, making threat detection an always-moving target. A good base to start from is understanding what type of threats may lurking in your network, these threats look very different depending on throughput of network traffic.
Cyber Security Monitoring
Effective cyber threat visibility, starts with real-time network security monitoring and behavioural analysis which gives system analysts a single pane of glass to look through to determine which threats pose the most amount of risk and which do not. For instance, an SME’s cyber security strategy is very different to that of a Tier 1 Operator, an SME’s strategy will look to detect threats such as Keyloggers, phishing e-mails and spam. Whereas for a Tier 1 Operator their biggest concerns may be a high volume DDoS attack or Cryptojacking.
The scale of the challenge facing defenders is observable in the ever-increasing number of breaches and security incidents. It’s there in the amount of spending on cyber security tools and annual budgetary increases to protect vital assets. It’s there when names like WannaCry and Wypr become part of the popular culture and Stuxnet gets the documentary treatment from an Oscar-winning director. Those hit with an attack face many losses such as financial hits from the attack itself or in fines, plus they can quickly lose the trust of the market, forfeit a good proportion of their reputation for poor management, and will see the overall value of their brand drop.
How Professionals Detect Cyber Threats
As part of this project we wanted to include the perspective of those with expert knowledge, so asked a couple of top cyber security experts their thoughts on evolution of the threat detection and what that means for IT Security Professionals.
“More than anything, the overall maturity of large organization’s InfoSec program dictates how proactive they are, or can be, in stopping identified threats. This has a lot to do with their level of visibility into their own IT environment and their ability to react quickly to incoming attacks — specifically comprehensively deploying patches against newly published vulnerabilities. From my experience, it seems on the average most everyone is being pushed to steadily improve year after year. What’s been most interesting is that in my experience, a year or more after a large organization is breached, they tend to become far more secure than the average”. Jeremiah Grossman, CEO Bit Discovery and Professional Hacker (@jeremiahg)
“Companies are investing in strategies to stop attacks at various points before an attacker can obtain his or her objective. Phishing, malware, and other attacks are prevented as best as possible with filtering, endpoint protection, and training, but even the best defense will still result in some attackers getting in. That is why companies deploy other technologies and services to monitor systems and networks and detect anomalies.
Furthermore, watching the pulse of today’s enterprise requires monitoring systems to extend across the enterprise’s myriad platforms, from corporate networks to the cloud. Alerts from monitoring systems are often combined with automated and manual incident response activities designed to stop attackers from leveraging system access or stolen credentials in a data breach or other cybersecurity threat. Today’s CIO’s, CISO’s and CSO’s know that it takes a 360-degree approach to detect today’s threats and robust incident response to stop cybercriminals from achieving their goals”. Eric Vanderburg, Cybersecurity, Privacy, and Tech Leader, Author, Consultant, and Speaker, VP (@evanderburg).
