Cyber threats are quickly becoming more sophisticated with Advanced Persistent Threats (APTs) creating a new level of security risk. That’s why it’s now more important than ever before to use next generation threat intelligence combined with network visibility to add an additional layer of security to your network.
Cyber threats and breaches are the norm now, so it’s vital to a company’s interests to have a plan in place so you know what response to take if your network is breached.
The best network security starts with complete network visibility
And that visibility starts by seeing 100% of the data, every bit byte and packet®. Any security tool that is being installed in an out-of-band, listen-only mode, needs to be installed with a Network TAP. When you start with a SPAN port you are essentially asking the switch to reproduce the traffic on your production switch. So if your switch isn’t configured correctly, timing can be changed, or if your switch gets busy, you’ll drop packets because it isn’t a priority. If you are making the investment in the security tools to protect your network, you want to provide them with all of the data they need to do their job.
Don’t compromise network uptime with security tools
By utilizing a bypass network TAP, you gain the ability to take your active inline devices offline without interrupting the live network to do updates and troubleshooting. In offline mode, the Bypass TAP routes the traffic around the inline device, but still secures your network .
Incident Response Preparation - Build the Framework
Any proper incident response (IR) program starts with creating a program goal, policies and procedures for your internal team, as well as any external groups you may be working with.
- Get technical - provide documentation to all the individuals involved.
- Guidelines, cheat sheets, checklists that are customized to your network infrastructure
Security Monitoring - Know Attacker Habits
- Hackers are aware of many technologies and learn to abuse them
- Credential abuse is a major issue, and always will be due the fact that people repeat passwords and often write them down.
- SysAdmins make errors. People aren’t perfect, so you can’t expect your IT team to be.
- Most hacking is done over the wire, not physically.
- The hacker community is strong and they will share resources to find ways into different networks.
Detection and Post-Breach Analysis
About 60% of small-to-mid-sized businesses who suffer a security incident will be out of business within 6 months, so the main goal of incident response programs are actually dedicated to quick detection and response to keep you in business. The companies that do stay in business most likely have full visibility into their network, which shortens detection time. Because after all, if you don’t know what you don’t know, incident response becomes that much more difficult. To be able to effectively detect a breach or network incident, ask yourself the following questions:
- Do you have the tools and technology to identify root cause issues?
- Have you streamlined the process of collecting incident information? How are you asking the questions to non-IT people so that you get the answers you really need?
- Are you updating IR procedures as your business changes?
- With you current technology, how can you contain a bad actor, malware, etc?
- How will you ensure that the root cause is eradicated?
- Do you currently possess the capability to recover from a breach?
If you find yourself struggling to answer some of these questions, working with a team of security experts to help develop an plan of attack may be your best bet to secure your network. The team over at Avalon Cyber turns to Garland Technology to provide the network TAPs that ensure they have the visibility needed to provide prompt and comprehensive response to cyber attacks.
[Want to learn more? Watch the Garland Technology + Avalon Cyber on-demand webinar: Cyber Security Roundtable - I’ve been breached, now what? For insight into developing an incident response plan of your own.]