Published on October 28th, 2014 | by admin
What Enterprise Network Security Is Missing
In a recent post, I covered how perimeter defenses are not enough. I went over multiple layers of security and introduced a new layer called Network Forensics, which all Enterprise companies who are pushing towards better network security should have in their arsenal.
What is Network Forensics?
Network forensics relates to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. While other perimeter defenses focus on stopping security breaches. Network forensics tracks every action occurring within a company’s network. Its main use is the monitoring of a network for anomalous traffic.
Why is this so important?
Perimeter defenses are becoming increasingly easier to get through, and many times, the attackers are able to get around those defenses through someone within the company, thus providing direct access to the network. These advanced attackers intentionally mask their communications with common protocols in order to blend in with surrounding traffic, so your existing infrastructure won’t notice. They may even barrage and distract your security staff with false alarms. Security staff could gather the statistics on internal-to-external system communications, but this will result in millions of IP communications for your security staff to analyze. Unfortunately the task would not be humanly possible.
Hacker’s success comes from the inability to identify and track their actions.
It’s not strange for a company to never know that they have been breached. Even enterprise companies who spend millions on defenses experience beaches that are not recognized until weeks or months later. The biggest issue is when it comes to knowing who, what, and how.
There are very few who have this technology, which is caused by the immense focus on perimeter defenses. Enterprises commonly believe they should get the best front-end protection on the market, thinking they are then adequately protected against all attacks. Unfortunately the hackers are ahead of those defending against their attacks. It’s a truth that needs to be accepted. Even Next Gen defenses are being breached.
Regardless, perimeter security is still crucial to have. It’s extremely valuable, but often misinterpreted for being an all-in-one solution. How will you avoid becoming another statistic in the cyber security industry and maintain your reputation?