Leveraging network intelligence for cybersecurity
When it comes to cybersecurity, boldface security organizations can seem just as susceptible to hacks as anyone else. For example, NATO suffered over 2,500 significant cyber attacks in 2012 alone. Security experts believe that the number of sophisticated offensives against NATO is likely to increase over the coming years. As a result, NATO rolled out its €58 million Computer Incident Response Capability (NCIRC) cyber defense upgrade project with the goal of helping better protect its networks against the increasing number of cyber attacks.joes new balance coupon
NATO, like many large governing bodies, is a hot target for hackers. As such, government agencies like these must be on constant high alert against threats and monitor for whispers of new attacks that could jeopardize their assets. The risk is so high that former U.S. Secretary of Defense Leon Panetta recently characterized a hypothetical cyber attack perpetrated by nation states or violent extremist groups as potentially being as destructive financially as the attacks of September 11, 2001. With the stakes this high, cybersecurity teams must devise new strategies to keep data secure.
Experienced security teams can follow the trail left behind by attackers that use certain steps. If the teams have adequate visibility into their organizations’ extended networks, they will have the threat intelligence needed to identify and stop an attack in its tracks before harm is done.new balance 860
A strategy in stages
Government agencies should devise security strategies that outfox attackers and address the extended network if they hope to quickly stop an attack and secure vital data. Addressing the attack continuum -- before, during and after -- is a logical approach. This should be a familiar cycle for anyone in the security profession. It is helpful to examine each of these stages to understand why each is mission-critical.
Before an incident occurs, the IT security staff is on the alert, scanning for any area of vulnerability. Historically, security has been all about defense. Today, teams are setting up ways to more intelligently halt intruders by gaining total visibility into their network environments, including (but not limited to) physical and virtual hosts, operating systems, applications, services, protocols, users, content and network behavior. Defenders can use this knowledge to take action before an attack has even begun.
During an incident, it’s critical for IT teams to take immediate action. Security professionals must be able to identify and understand threats and how to stop them quickly to minimize impact. Tools including content inspection, behavior anomaly detection, context awareness of users, devices, location information and applications are critical to understanding an attack as it happens. Security teams also need visibility into where, what and how users are connected to applications and resources.
After the incident, cybersecurity teams need to be able to visualize the nature of the incident and how to mitigate any damage caused. Advanced forensics and assessment tools help security teams learn from attacks. Where did the attacker come from? How was the attacker able to get in? Could anything have been done to prevent the breach? Retrospective security creates an infrastructure that can continuously gather and analyze data to create security intelligence. Compromises that would have gone undetected for weeks or months can instead be identified, scoped, contained and remediated.
The critical elements in any defensive strategy are intelligence and understanding. Cybersecurity teams are constantly trying to learn more about malicious actors, their motivations and techniques. This is where the extended network provides unexpected value, delivering a depth of intelligence not possible anywhere else in the computing environment. Just like counter-terrorism, intelligence is key to stopping attacks before they happen.
Government agencies must not be lulled into complacency by the idea that their attackers have fewer resources. Relatively small adversaries with limited means can inflict disproportionate damage on larger adversaries. In these skewed situations, intelligence is one of the most important assets for addressing threats. But intelligence alone is of little benefit without an approach that optimizes the organizational and operational use of that information.
Best practices for network intelligence are as follows: network analysis techniques that enable the collection of IP network traffic as it enters or exits an interface empower security teams to correlate identity and context. Then, security teams can combine what they learn from these multiple sources of information to help identify and stop threats. Sources include Web intelligence, what is happening in the network and a growing amount of collaborative data gleaned from exchanges with public and private entities.
A best-in-class security strategy is designed to contain threats throughout the attack lifecycle: before, during and after the attack. This approach enables security teams to more quickly discover threats, defend against them and prevent them from happening again. Network intelligence used throughout government entities’ operations ensures a more far-reaching security structure, and ultimately, better safety for all.
Greg Akers is the senior vice president of Advanced Security Initiatives and Chief Technology Officer within the Security and Trust Organization at Cisco.