We’re going to show you things you might not want to see.
If Brian Butler knows anything, it’s that a security breach can happen to anyone. As a Consulting Systems Engineer, he’s seen a lot of notable behaviors on customer networks that, quite simply, shouldn’t be there.
“When we’re working with a new customer, we do an assessment of their network,” says Brian. “We implement several reports that draw out different data sets, and give us visibility into network behavior, abnormalities, and any malicious activity.”
One particularly ill-intentioned breach was unveiled when Brian conducted a proof of value for a midwestern hospital. “When monitoring their DNS (domain name server) traffic, we saw they had several requests sent to China,” he says. “In a small regional hospital you would not see DNS traffic going to China at all. It was totally malicious.” The hospital directory was compromised and their network was being monitored by hackers for vulnerabilities. Once identified by Stealthwatch, the hospital was able to shift focus to incident response and reimage the malfunctioning servers.
Some incidents, while still potentially damaging, are less malicious. When conducting a report for an existing Fortune 100 customer, Brian uncovered a connection that had been open, and unidentified, for 8 years. “I was able to reveal a clear text protocol that was reaching out across the internet to sensitive data sets and to their network,” says Brian. “But it was actually not malicious, it was a connection that was given to a vendor almost 8 years ago with the understanding that it would move to an encrypted connection, but never did.” Thanks to staffing changes and forgetfulness, the connection was left open all those years, and employee databases were accessible. When asked what, if any, damage was done, Brian says: “If you wanted to compromise it, it would be pretty easy, let’s put it that way.”
To learn more about how Stealthwatch can provide visibility to your network, click here.