With threats evolving rapidly, networks are more vulnerable than ever today. In order to prevent network intrusions and data compromises, network security managers need to combine network
knowledge with advanced detection and response technologies to protect their systems and customers’ data. Because hackers are increasingly launching multi-pronged attacks on networked systems, constant monitoring of network activity at all levels is crucial to pre-empting and confronting blended threats.
Because hackers are increasingly launching multi-pronged attacks on networked systems, constant monitoring of network activity at all levels is crucial to pre-empting and confronting blended threats. Unlike the single-vector attacks of the past such as infiltrating systems through an email or a pop-up window, today’s intrusions are engineered to penetrate through multiple vectors and spread fast. The general approach is to gain access to networked systems through server and network vulnerabilities and install malware. Unsecured network services such as file sharing, ftp and in some instances, VPN connections are often exploited by hackers.
The Target network attack demonstrated how the failure to segregate and secure sensitive data and the lack of detection capabilities enabled hackers to pull off a major data heist. Security administrators can no longer depend on anti-virus software, spam filters, firewalls and intrusion prevention systems (IPS) alone to protect data because we’re not up against only known threats here, but more insidious zero-day, zero-hour attacks that can spread very fast if not detected in time.
Network security managers therefore need to focus on securing access to databases, on deploying advanced detection tools as well as on developing swift and effective response capabilities. In-depth network knowledge and awareness of sophisticated network monitoring tools are crucial to improving network security.
Fortunately, some recently introduced tools are making it easier for network administrators to monitor the infrastructure as well as the content and movement of data across the network. Proper use of these tools can make it difficult for unusual access to go undetected for long or for a malware infection to spread.
For example, there are network monitoring tools today that enable administrators to trace the path of a data packet from origin to destination and know what information a packet contains. Also, these tools make it possible to log network connectivity of each IP address. This can help to detect unusual access and activity.
Writing in Tech Republic Frank Ohlhorst emphasizes the importance of ensuring that a network monitoring tool has certain key capabilities. According to him, a monitoring tool used to improve network security should be capable of:
- Logging all traffic so that no activity goes undetected
- Analyzing contents of data packets
- Tracing the path of a packet from origin to destination
- Monitoring network connectivity and recognizing access trends
- Distinguishing between normal network activity and unusual use
Securing a network today is a lot more challenging than what it was in the past, but it is imperative if an organization is to protect its systems, customers’ data and ultimately, its business. Multi-layered security protocols can help minimize the risk of a network breach. Dealing with complex threats is possible when one has in-depth knowledge of the environment, the capability to identify potentially harmful movements and the ability to respond swiftly and effectively in the case of an attack