There is no magical solution. There is no one tool that solves everything. It truly is, to this day, a game of cat and mouse.
Jeff Moncrief is a realist, and the reality of network security is that there are multiple different methods and angles for an attack, and it takes a suite of security solutions to combat them all.
Jeff has worked in the information security industry for 18 years. Over those years, he’s watched network security transition from primarily perimeter-based protection to insider threat detection. “Many organizations don’t have visibility into what’s going on inside their network,” says Jeff. “So the bad guys are off to the races from the inside out, and traditional security tools are useless.”
Exactly what kind of havoc can an undetected hacker cause within a network? Jeff has plenty to share there, too. Once, during a proof of value for a hospital system, his team unveiled an IP address that was scanning the Department of Defense on a well-known Windows networking port. “That was normal, known-good behavior,” says Jeff. “But what wasn’t normal was that this machine was scanning an IP address range on the internet on this port, over and over and over again, sequentially. That is suspicious.” Stealthwatch flagged the anomaly, and they were able to investigate the cause. Surprisingly (or not, if you’re Jeff) this was only a single instance of many instances that his team discovered during the POV for this hospital system.
On another occasion, Jeff received a call about a local school system desperate for help. The entire school system was experiencing a daily occurring denial-of-service attack. “This IT Director was in tears,” says Jeff. “It was taking down the school system’s network every day in the middle of school. They weren’t able to use their cloud learning management system, and were essentially unable to teach or learn.” Jeff and his team got to work, and Stealthwatch quickly exposed the “smoking gun.” An old Windows server that was supposed to be de-commissioned several years ago was compromised and being leveraged to commit inside out attacks. “They shut it down, and all the attacks subsided,” says Jeff.
The moral of the story? “Having visibility is powerful,” says Jeff. "If I’m a security admin, and if I care at all about my job security, I want that visibility.”
To learn more about how Stealthwatch can provide visibility to your network, click here.