Cyber Threat Visibility: Which threats should defenders be looking for?
A network security team can only fight what they can see, an organisation’s network security depends on their ability to rapidly detect and respond to emerging threats across their infrastructure, whether that is Tier 1 Operator, Enterprise or Cloud Provider. However, attack methods and strategies are constantly evolving, making threat detection an always-moving target. A good base to start from is understanding what type of threats may lurking in your network, these threats look very different depending on throughput of network traffic.
Effective cyber threat visibility, starts with real-time network security monitoring and behavioural analysis which gives system analysts a single pane of glass to look through to determine which threats pose the most amount of risk and which do not. For instance, an SME’s cyber security strategy is very different to that of a Tier 1 Operator, an SME’s strategy will look to detect threats such as Keyloggers, phishing e-mails and spam. Whereas for a Tier 1 Operator their biggest concerns may be a high volume DDoS attack or Cryptojacking.
Telesoft’s CTO Martin Rudd has put together a threat calculator based on the type and size of your network, so you can see the type of modern cyber threats that pose a risk to your organisations network security, he developed this concept from his research in Big Data Analytics, Network Visibility & Analytics and NetFlow Probe product development. The scale of the challenge facing defenders is observable in the ever-increasing number of breaches and security incidents. It’s there in the amount of spending on cyber security tools and annual budgetary increases to protect vital assets. It’s there when names like WannaCry and Wypr become part of the popular culture and Stuxnet gets the documentary treatment from an Oscar-winning director. Those hit with an attack face many losses such as financial hits from the attack itself or in fines, plus they can quickly lose the trust of the market, forfeit a good proportion of their reputation for poor management, and will see the overall value of their brand drop.
As part of this project we wanted to include the perspective of those with expert knowledge, so asked a couple of top cyber security experts their thoughts on evolution of the threat detection and what that means for IT Security Professionals.
“More than anything, the overall maturity of large organization’s InfoSec program dictates how proactive they are, or can be, in stopping identified threats. This has a lot to do with their level of visibility into their own IT environment and their ability to react quickly to incoming attacks — specifically comprehensively deploying patches against newly published vulnerabilities. From my experience, it seems on the average most everyone is being pushed to steadily improve year after year. What’s been most interesting is that in my experience, a year or more after a large organization is breached, they tend to become far more secure than the average”. Jeremiah Grossman, CEO Bit Discovery and Professional Hacker (@jeremiahg)
“Companies are investing in strategies to stop attacks at various points before an attacker can obtain his or her objective. Phishing, malware, and other attacks are prevented as best as possible with filtering, endpoint protection, and training, but even the best defense will still result in some attackers getting in. That is why companies deploy other technologies and services to monitor systems and networks and detect anomalies.
Furthermore, watching the pulse of today’s enterprise requires monitoring systems to extend across the enterprise’s myriad platforms, from corporate networks to the cloud. Alerts from monitoring systems are often combined with automated and manual incident response activities designed to stop attackers from leveraging system access or stolen credentials in a data breach or other cybersecurity threat. Today’s CIO’s, CISO’s and CSO’s know that it takes a 360-degree approach to detect today’s threats and robust incident response to stop cybercriminals from achieving their goals”. Eric Vanderburg, Cybersecurity, Privacy, and Tech Leader, Author, Consultant, and Speaker, VP (@evanderburg).
You may also like
400GBPS FlowProbe: Network Traffic Monitoring
Monitor real time traffic information and network performance whilst using anomaly detection to maintain cyber security with our ultra high performance 4x 100GbE network traffic monitor.
100GBPS CERNE: INTRUSION DETECTION
100 Gbps IDS engine and alert driven packet recorder that enables 24/7 real-time network threats monitoring and access control.
400GBPS TRITON: CYBER WARFARE SIMULATION
Prove and enhance your cyber security posture with our Cyber Warfare Simulation tool and our world class SLA and advanced on-site/ off-site support.
TDAC: Digital Forensics
Unlocks network visibility and threat identification