What the Cloud Transition Means for IT

Daniel Joseph Barry

Subscribe to Daniel Joseph Barry: eMailAlertsEmail Alerts
Get Daniel Joseph Barry: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Security Journal

Article

Beyond Walls: Modern Security Detection | @CloudExpo #Cloud #Security

Our walls of security prevention are actually being surmounted every day – we just don’t always know it

Our walls of security prevention are actually being surmounted every day - we just don't always know it. Assaults from within the network, as well as zero-day threats, are driving new types of solutions referred to as "advanced threat detection" (ATD). ATD brings in real-time packet capture and analysis in addition to monitoring of logs and NetFlow information, as well as recording of packet capture data for near-real-time and post-analysis. By analyzing data traffic, it is possible to build a profile of normal network behavior that can then be compared against real-time data or recorded data to detect anomalies. Alerts can be compared against security prevention solution data to assess if an attack is underway. Conversely, it can be used to determine "false positives."

The foundation for solutions like this is continuous monitoring and analysis, not just of logs and NetFlow data but of packets. Packet capture and network traffic analysis are therefore the very foundation that supports security detection solutions. Having an efficient, reliable security detection infrastructure is therefore paramount.

Here are a few suggestions for what to demand of your detection infrastructure:

  1. The ability to capture all traffic, all the time, without losing any data. This requires solutions with the capacity and speed to handle full theoretical throughput, not just to keep up, but also to avoid being overwhelmed by data deluges, which can be instigated as part of an orchestrated attack.
  2. The ability to analyze the data in real time, but also in near-real time and after the fact. This requires the ability to capture data reliably to disk and stored at full line rate without losing any data.
  3. The ability to go back and understand when and where a breach occurred is fundamental. That requires the ability to replay what happened on the network exactly as it happened. With the average cost of breaches exceeding $3 million for a typical organization, as well as the cost to reputations and executive careers, perhaps it is an investment in self-preservation that can be justified.

Attacks from within and internal vulnerabilities that no one could have dreamed of until recently now dictate a new strategy. A combined approach that captures all network data, continuously monitors it and uses automated tools to correlate alerts will provide the security detection and prevention that walls alone no longer can.

More Stories By Daniel Joseph Barry

Daniel Joseph Barry is VP Positioning and Chief Evangelist at Napatech and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, he was Marketing Director at TPACK, a leading supplier of transport chip solutions to the Telecom sector.

From 2001 to 2005, he was Director of Sales and Business Development at optical component vendor NKT Integration (now Ignis Photonyx) following various positions in product development, business development and product management at Ericsson. He joined Ericsson in 1995 from a position in the R&D department of Jutland Telecom (now TDC). He has an MBA and a BSc degree in Electronic Engineering from Trinity College Dublin.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.