0
£0.00

Mutiny Blog

Using network data for cyberthreat detection

As Chancellor George Osborne pledges to double public spending on cybersecurity by 2020, stating the internet represents “a critical axis of potential vulnerability,” the damage that can be caused by advanced breaches in security has never been more apparent. Take, for example, the £35m cost of the recent TalkTalk cyberattack during which 15,656 bank account numbers and sort codes were accessed. The UK mobile phone network confirmed the security breach included the seizing of the personal details of 156,959 customers.

Using Network DataGone are the days when advanced firewalls and antivirus software could provide sufficient protection from network intrusion. As we see the security of the heavily-armed enterprise sector compromised, the UK’s five million SMEs inevitably feel ever more vulnerable as they also contend with growth in mobility, cloud services and the connectivity of a multitude of disparate, non-standard devices. 


The good news is that many security breaches can be avoided if network operators were to analyse the data that event-related information continuously generates. The first and most fundamental step to securing your estate therefore is to use the data readily available from a robust network monitoring system.

We can consider four steps to implementing improved security of your network infrastructure.

  1. Identify critical systems and applications
    Take some time to assign the most critical areas of your business and ensure you monitor performance of these applications together with supporting infrastructure.
     
  2. Set baseline metrics
    Baselining involves taking measurements provided by historic data at regular intervals. Create baselines of normal operating activity and set-up alerts to be triggered by sudden excessive deviations from them.
     
  3. Ensure total visibility
    Easily readable dashboards can display real-time activity at a glance and highlight issues in your application and systems performance that might indicate the presence of malware or unusual activity. If network activity spikes unexpectedly administrators are made aware of a potential problem. For example, large data transfers or unauthorised encrypted traffic should generate an automatic alert, as should sudden peaks in CPU load, memory and disk usage or high latency. The administrator is then able to consider the extent and severity of the issue and follow-up.
     
  4. Report and re-analyse
    As well as representing trends and activity in graphical form exporting into report formats is useful for issuing to management teams as well as for sharing throughout the IT department. In the event of sudden turbulent activity administrators are quickly able to present management with the reason for their concern and justify focussing time and resource on a troubleshooting process. Reports may also signal trends in the network and bandwidth usage not apparent until evaluated against historical data over comparative timeframes.

    Ensuring sophisticated visibility of your estate can reduce your vulnerability significantly without needing to deploy complex or expensive network management systems. By centralising historic data into a single platform and utilising customisable display and reporting mechanisms anomalies in network activity levels, which may signal a breach in security, can easily be detected. Administrators are then able to deal with threats before they have the opportunity to cause disruption or serious damage to services.
     

Visit us on Social Media: