Everyone knows that a standard doctor’s visit begins with a review of your vital signs. They take your blood pressure, check your breathing, read your pulse and take a look at your eyes, ears, nose and throat to get complete picture of your health. By taking baseline readings each time you visit, the doctor can monitor for anything out of the ordinary.
The same process applies for understanding the health and security of your network. Taking baseline readings for your network traffic is the first step to efficiently spotting potentially fraudulent activity.
Every manager needs to create a framework for understanding what network activities are normal and which should be considered aberrations. Here are some tips to get you started.
How to Determine a Baseline for Your Network Traffic Data
- Knowing what IP addresses are allowed to access the network: By performing a basic IP scan, you can learn which outside IP addresses are generally allowed talk to your network. When unknown IP addresses try to access the network, you will know to look into the suspicious activity. For additional visibility, you can find lists of IP addresses that are known to be used to deliver malware and cross-check network activity against them.
- Understanding your balance of network traffic: Understanding baseline traffic patterns is critical. Start analyzing the data at the WAN – the point where your network truly begins. Look at the balance of internal traffic vs that sent externally. Examine average load per server and key business application. Regardless of how your environment is set up – virtualized or hierarchical – you need to ascertain how often your critical data stores are accessed.
- Evaluating peak vs normal conditions: When persistent attacks are launched, hackers try their best to mimic normal conditions but their additional activity should still leave a trail. If you see peak traffic levels during traditionally off-peak periods, you may have an issue.
>> Download Now: Network TAPs 101 [Free eBook]
Dangers of Not Knowing Your Baselines
Back in 2015, cyber criminals launched a Trojan and Botnet attack that took remote control of bank computers at 100 different institutions in 30 countries. After they gained access to the network of banking computers, the attackers wired billions of dollars to fraudulent accounts. These attacks lasted an extended period of time, but could have been avoided.
Had any of the banks under attack understood the importance of baselines, the monetary losses could have been much lower. They would have identified the consistent increase in outgoing traffic patterns and noticed that there was a problem. In the end, a bank in the U.K. noticed some suspicious traffic patterns, began questioning it and was able to finally put a stop to the attack.
By understanding what is normal for your network, you can avoid a fiasco like the one these banks went through.
Visibility is the First Piece of the Puzzle
There’s no denying that total network visibility is essential to security. While creating a baseline covers a piece of the puzzle, you still have to ensure your physical security wall is strong. Implementing quality firewalls, web app firewalls and advanced threat detection systems all contribute to a smart cyber security system. However, without baseline traffic data, you won’t be able to accurately interpret the data these appliances provide.
Looking to add a visibility solution to better baseline your traffic, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
