“The problem with network monitoring,” said Steve McGregory, Senior Director of Application and Threat Intelligence at Ixia, “is that networks are complex, security is even more complex, and there’s a lot to deal with.” If this sounds obvious, it is, but the truth is, managing that complexity is hard. So hard, in fact, that even companies with cushy budgets and plenty of resources are failing to adequately address that complexity. Hence the breach-a-day headlines we’ve all grown accustomed to reading.
The key to managing complexity, said McGregory, is visibility: visibility into your networks, your tools, your processes, and your baselines. Security professionals need a better and more coordinated view of their networks to learn what’s going on and determine what’s important—in terms of resources, access, and anomalies. Adversaries are so easily able to bypass perimeter controls (firewalls, IDS/IPS, etc.) through phishing and piggybacking on approved network traffic that trick isn’t necessarily keeping the bad guys out (though that’s optimal), but rather monitoring network activity more closely, especially for lateral movement inside the network.
“Attackers are always going to piggyback on things you expect to see in your network,” he said, referring to attackers’ use of protocols like SSL/TLS to hide malicious traffic inside approved network paths by looking “normal.” With adversaries leaning on the pain points of enterprise security practitioners—like the fact that next-gen firewalls don’t always support decryption and inspection of TLS traffic—this is how networks are compromised and evade early detection.
Listen to Steve in this brief interview recorded during Black Hat this past summer as he explains how organizations can beef up prevention and detection capabilities.
For more in-depth information on this topic and others, mark your calendar for our upcoming Threat Intelligence Summit in Austin, Texas, and next year's highly-anticipated InfoSec World Conference & Expo in Orlando, Florida.