Monitoring for Security Threats is not an Option (by Chris Greer)

August 16, 2012

Monitoring for Security Threats is not an Option (by Chris Greer)

2011 was called the “Year of the Hack” by many bloggers and technical writers. They mentioned the top 10 hacks of the year, and how increasingly more complex and expensive the intrusions are becoming.

Is this trend behind us?

Of course not. 2012 has proven to be just as good a time as any to launch a full scale attack on a major corporation, and already, several have succeeded with huge costs to the victims. In some of these successful intrusions, one of the listed reasons for success is inadequate monitoring of sensitive systems. Which makes sense. Why would a thief walk into a bank in broad daylight with cameras, alarms, and guards standing around, when he can just go around the corner to the much-less monitored small business? Not only are systems with less or no monitoring systems easier to attack, but they also make great candidates for repeat business. In today’s world, having solid monitoring systems is not an option.

What is needed in a Security Monitoring Solution?

This seemly complex question really comes down to a simple answer – we need to see and analyze traffic entering the network from the world, as well as to key systems where sensitive data resides, watching for suspicious conversations, connection attempts, or data transfers. This includes access through the wireless environment. The best analysis systems will watchdog these connections and automatically monitor for security events, alerting engineers if something occurs.

What analyzers are needed to monitor the network?

First, we need to involve a Network Recorder that will capture data 24/7 on critical links such as edge connections and Data Center feeds. One such product is the Network Time Machine by Fluke Networks, a stream-to-disk solution that won’t miss a beat, even on 10Gbps links. To feed data to the Network Time Machine, we should use a visibility product like the Anue 5236 Net Tool Optimizer which can filter and forward critical traffic to the recorder and other analyzers. Next, we should have a NetFlow solution such as the Solarwinds Orion NetFlow Traffic Analyzer (NTA) which can watch for spurious events in data flows, alerting engineers when they occur. To watchdog the Wireless environment, we can look back to the Fluke Networks product line with the AirMagnet Analysis tool. This analyzer features the AirWise Automated Security analysis feature, which will specifically flag security issues in the wireless environment.

These are just a few of the tools that are needed for a security solution. Sound expensive? Well, compare that to an attack! Monitoring and protecting key systems is the same as monitoring and protecting the business. So don’t be easy prey for attackers, invest in tools that will help to secure and watchdog the network and servers.

Chris_greer Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors. He can be contacted at chris (at) packetpioneer (dot) com.