“Spot the bad guys, stop the bad guys,” are rational and valid goals when it comes to securing your network. In fact, many organisations commit the majority of their security resources and investment to defense and detection, often by deploying automated technologies and solutions. But by their very nature, such solutions focus on protecting against known vulnerabilities and threats, have little context of your own network and can’t be a complete security solution.
Attack vectors continue to diversify and accelerate and so many of the security threats now faced are unknown. Such unknown unknowns are therefore impossible to accurately anticipate. Combine that with threats that increasingly embedded themselves within your network and operate autonomously from external command and control functions, and it makes sense that early identification and understanding of anomalous and nefarious network traffic is fundamental to understanding, retarding and then eliminating the propagation pathways of attacks and the staging of malicious code.
Your network is the digital backbone and an essential resource of your organisation, but it’s also the conduit exploited by threats to propagate and infect. Identifying and understanding what, why and how such threats can propagate is key. When you combine your skills, experience, instinct and understanding with hard evidence and insight, then you give yourself the very best chance to make rapid, successful security interventions and actions that close down threat propagation.
Examining your network traffic before, during and after events of interest can provide you a source of actionable insight. Approaches to capture, indexing, search and recall of captured traffic can vary in cost and complexity, ranging from simple open source software tools to high performance, high fidelity Intelligent Network Recording solutions capable of operating at sustained link bandwidths up to 100Gb per second (100Gbps).
I recently shared some thoughts around how to use network recording and analysis for this issue in our recent webinar “Stop Nefarious Network Hitchhikers: Controlling Threat Propagation” – in which we provided practical tips and techniques using freely available software tools that will enable you to identify, mitigate and close down the transmission pathways and expansion of threats. The webinar is available on demand for you if you’d like to find out more.