A recent article on SearchSecurity.com speaks to enterprise negligence when it comes to breach detection and incident response. Citing the 2013 Verizon Data Breach Investigations Report, the article points out that the majority of breaches are detected by a third party versus the affected organization.
The author goes on to say that “organizations have devoted significant resources toward buying and implementing new security products to protect against cyberattacks, but not nearly as much on breach detection.” He also states that “many organizations have had to focus IT and specifically information security resources on meeting compliance regulations, which has also resulted in fewer resources devoted toward detection.”
Lancope agrees that organizations must place more emphasis on threat detection and incident response, as opposed to relying too heavily on conventional technologies that are designed to block attacks at the perimeter or only detect known attacks. Today’s attackers are using stealthy techniques like phishing and stolen access credentials to infiltrate enterprise networks and remain undetected for extended periods of time.
Unfortunately, tracking this type of activity with traditional security tools is very difficult. However, as the SearchSecurity.com article mentions, NetFlow-based monitoring can provide a robust picture of network activity for faster breach detection and response. The article points out that network monitoring can help enterprises identify many potential indicators of a breach – such as rogue wireless access points, unauthorized VPN connections, communication to suspicious destinations, and the list goes on.
Lancope’s StealthWatch System collects and analyzes NetFlow and other types of flow data from existing infrastructure to fill in the gaps left by conventional security solutions and provide comprehensive, cost-effective monitoring of the entire network. This type of insight has become critical for effectively combating today’s constantly-evolving security threats. In addition to detecting attacks in real time, NetFlow and StealthWatch can also be used for forensic investigations to better understand and prevent future breach attempts.
According to the SearchSecurity article, “continuing to follow only standard compliance requirements is not sufficient to adequately protect enterprises from advanced attackers.” Click here for further information on how to improve network security with NetFlow.
TAGS netflow, network security, forensics, incident response, security breach