Documente Academic
Documente Profesional
Documente Cultură
Network Detection:
What Is It Really?
Scott Millis
CTO, Cyber adAPT
A Growing Concern
Breakdown of Breaches:
- 75% are perpetrated by outsiders
- 51% involve organized criminal groups
- 62% feature hacking
- 51% include malware
- 81% of hacking-related breaches use stolen/weak passwords
- 66% of malware was installed via malicious emails
- 73% are financially motivated
- 24% affect financial organizations
Most approaches are incomplete. While attempting to An inside-out security policy helps identify when
tackle a complex issue with multiple layers, many so someone is trying to disguise malicious traffic inside
called cutting-edge solutions address one or two layers the millions of good packets. A clear understanding
at best, leaving the rest vulnerable to attack. of known threatening domains and IP addresses helps
prepare for potential issues and provides an outside-in
One of the most widely promoted techniques in detec- perspective.
tion today is network behavior analysis (NBA). An NBA
program can be excellent at monitoring network traffic The crucial element of the inside-out and outside-in ap-
in search of malicious activity. Most NBA programs are proach is advanced detection, which identifies protocol
used as an enhancement to the protection provided by and application specific messages out of the millions of
the networks firewall, intrusion detection system, antivi- packets per-second where threatening behaviors can
rus software, and spyware detection tools. be found.
Again, an individual technique on its own will not solve Although no magical or technical panacea is in sight
the problem of identifying attackers inside the network organizations need more vigilance, security measures,
perimeter; however, changing the approach from a sin- and risk policies to protect their customers and reputa-
gular focus to a multi-dimensional view of the network tion. Responding to attacks is not enough to combat the
is a great place to start. A multi-dimensional approach constantly changing threat landscape. Organizations
enables security analysts to identify threats in real-time need to analyze their network behavior and pinpoint
as well as monitor and look within each layer of the threats they are likely to incur.
network.
attack is real
attacks
Follow us @CyberadAPT
Cyber adAPT, Inc. 2017
Cyber adAPT, Inc. 2017