Strategy Day 7 Continuous Network Intelligence
Knowledge is power. A critical component of cyber readiness is having on-demand insight of anomalous activities, suspicious changes, potentially harmful misconfigurations or any other malicious activities occurring internally on your network. Promptly detect and remove threats before they cause damage.
I guess this is what I really like. finding bad stuff and removing or fixing it. Even better is when you later find bad stuff the same day and take care if it because you are now monitoring the network 24/7. Network Intelligence really has many pieces but not all are required for every situation. The three biggies are internal, external and compliance.
Both Internal and External intelligence is gathered through various methods. But to keep things simple I will not go into OSINT (Open Source Intelligence) which is composed of many different kinds of discovery about a business.
External intelligence happens all the time. usually not by the target business but by people looking for a way in. They have botnets that scour the internet looking for vulnerable access points. They are not necessarily targeting a specific company or business they are just gathering information. The person or group running the scans or botnets may not even be the ones who use the information or launch an attack. Often the information is sold on dark web sites to another party who will decide to launch an attack. The point here being that you should also be testing your public/internet facing assets. This includes not just your web servers and customer portals but also your endpoints such as desktops that are use for remote access. A third party company should always be used for this kind of activity. Even if you have your own IT department. A third party will have an unbiased and truly outsider view or your assets.
Internal intelligence also has many layers just like external intelligence. But just like above we will concentrate on strictly IT Systems and how they act and function. Also like external intelligence must be an ongoing process. Even if you discover and remediate a problem today doesn’t mean that a week from now something new won’t crop up. In fact most breaches are not discovered for many months after the initial exploit. That is why you need to continuously scan for anomalies within your entire network – 24/7. Again this is best performed by a third party.
Either one of these continuous scanning operations produces a lot of ‘Noise’ and it takes finely tuned automation and machine learning to filter through and make sense of it all. You should expect at a minimum weekly summary reports, a monthly detail report and quarterly in depth review. When you get the proper information you are able to see your current position, create a plan to remediate issues, create a roadmap to what position you want to be in for the future.
There is still the human factor that needs to be considered. Formal training for your users is imperative to the security of your network and data assets. If you are not building a security conscious company culture on an ongoing basis then your best efforts with other methods of internal and external security are much less effective.
From Cloud to IoT and remote working capabilities to Business Continuity and Disaster/Emergency Recovery and Compliance, DB Cybersecurity Consulting is serious about securing your mission critical assets.
Enable advanced internal security detection in your business today.