HOME
NEWS

Strengthen your Data Security with Network Monitoring


By VARINDIA - 2019-01-14
Strengthen your Data Security with Network Monitoring

In most IT organizations, network monitoring is an essential piece of the IT toolkit. Network monitoring tools play an important role in letting IT pros get complete visibility into the status of network devices, system s and applications. This enables identify where issues exist before helpdesk tickets start coming in- keeping the IT team aware of problems with services, networks, application performance and more.

 

Having said that, Network Monitoring tools are rarely used to their full potential. And that's too bad because one can easily put the data and insights generated by network monitoring to good use for security purposes.

 

With a little tweaking and creative thinking, all information, alerts, and reports that network monitoring tools generate can be used to beef up an organisation’s security posture.

 

Think of it this way: if your network monitoring tools look up the health of your network and security events such as attacks or malware adversely affect the health of your network, then network monitoring tools can in a sense monitor for security events.

 

Discover Breaches Faster by Knowing Your Network

 

It doesn’t take long for hackers to break into networks. Often it can be a matter of minutes or even mere seconds, but what matters most is what happens after they break in and the amount of time they’re afforded to move about in your network or systems.

 

According to Verizon’s 2018 Data Breach Investigations Report (DBIR), 68% of data breaches take months or longer to discover, giving hackers plenty of time to escalate their privileges, observe your network and look around for further vulnerabilities and valuable information.

 

A properly configured network monitoring solution can cut this discovery period drastically by giving you an understanding of how your network works and where key metrics typically stand.

 

When things go awry and your metrics start breaking away, your network monitoring system can alert that something is up. This capability makes network monitoring tools useful for security forensics because, in the process of gaining access to networks, attackers often employ techniques that can reconfigure services or hosts, or even make them temporarily unavailable- precisely the kinds of conditions that network monitoring tools are designed to look for and alert on.

 

Even something as simple as a downed machine or ports opening can tip you off though they are not supposed to. With a modern network monitoring tool, you can set up email notifications and alerts for changes to the configuration of network devices and audit configuration against defined policies.

 

Detect Cryptominers Using Your Resources

 

Cryptojacking or hijacking other people's processing power and using it to mine cryptocurrencies, is a growing trend amongst cybercriminals. This is typically achieved with scripts that run behind the scenes on websites, though it's also possible to hijack machines and servers to run full-blown cryptocurrency mining software, which is either installed by malware or by rogue employees.

 

For the perpetrators, the benefit is obvious: they can mine cryptocurrencies without worrying about the taxing resource usage that comes from such activity and if their victims are unprepared, it's easy to get away undetected.

 

Regardless of the method used, mining cryptocurrency is going to be a major resource hog, which will make the machines being used stand out. This is especially true in off-business hours when most machines will be less active.

 

Detect DDoS Attacks and Anomalous Network Behavior with Network Traffic Analysis

 

The most apparent crossover security capability of any network monitoring tool is Network Traffic Analysis, which analyse NetFlow, NSEL, S-Flow, J-Flow and IPFIX records to give you granular details about who or what is consuming your band width. This can alert you to a lot of unusual behaviour from on-the-clock Netflix binges to machines compromised by botnets, to hackers exfiltrating data.

 

By monitoring real-time band width usage and historic al band width trends, network flow monitoring can proactively identify security issues like DDoS attacks, unauthorized downloading and other suspicious and potentially malicious network behavior. Network flow monitoring can be your best ally for performing security forensic s and analysis by automatically identifying high traffic flows to unmonitored ports, exposing unauthorized applications like file sharing and video streaming, monitoring traffic volumes between pairs of source and destinations, and detect failed connections.

 

Unusual patterns in ingress or egress traffic (such when a machine pings an unknown or suspicious IP address) are good indicators of the presence of bad actors. We find that majority of the traffic on a given network is fast with relatively few packets of decent size. If a server begins to send small volumes of bytes via a large number of packets over a long time period, it is likely to be suspicious traffic. Unusual traffic should be treated with great caution during off-business hours such as nights or weekends.

 

Stop Rogue Users from Exfiltrating Data and Selling your Secrets

 

While outsiders account for the majority of cyber-attacks, that doesn’t mean they’re the only threat. Insider attacks also account for a large proportion of attacks and data thefts. Infact according to the Verizon’s 2018 D BIR- 28% of all attacks involved insiders.

 

But managing insider threats can be one of the most difficult areas of Cybersecurity. Identity and Access Management controls are a good start, but it's also important to utilize the tools you already have- the likes of activity and Netflow monitoring to search for suspicious behavior. Sometimes an increase in user activity may be completely explainable but on the other hand, it can also indicate something more concerning. Some users may work from home to complete projects which shouldn’t immediately be seen as suspicious behavior, while others may have work that calls for intensive GPU or CPU usage. That said, if an employee has sudden and dramatic increases in his or her activity and resource usage combined with suspicious activity, that should be cause for concern.

 

For example, if a member of your marketing team whose job usually involves handling social media and scheduling events is suddenly using 10 percent of the company’s GPU 24 hours a day, seven days a week, that's a good indicator that either there’s inefficiency at work or the machine in use has been compromised. If an employee is communicating with suspicious IP addresses, that can be another cause for concern. And traffic from Tor clients would be a major cause for investigation.

 

Conclusion

 

For the above situations what you need are solutions that alert administrators when users access the Dark Web (Tor) with features that monitor all Network Traffic Analyzer Sources and also when a host exceeds the configurable number of connections to known Tor ports during a set period. This allows administrators to control access to the Dark Web by their users.

 

Solutions that provide complete visibility to the status of network devices, systems, and applications and see network devices, servers, virtual machines, cloud and w ireless environments in context are the need of the hour.

 

Alessandro Porro
Senior Vice President, Ipswitch

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA