Wednesday, April 12, 2017

Get ready for the Apocalypse

The report of the week

We all know someone who is paranoid about the end of the world coming. As they are convinced that the apocalypse is nearby (there are several types: nuclear annihilation, doomsday, an alien invasion, zombies...), they are prepared for every possible scenario. Dozens of canned food, clothing for extreme conditions, matches, gas cans, guns, a bunker ... all preparations are too short to deal with the decline of civilization.

Maybe in the cybersecurity world  the end is not close (among other things, because cybercriminals are not interested in it), but it is true that we must always be prepared to avoid an attack that could leave us with a security gap which it will be difficult to recover from.

According to the latest Viavi Solutions study, enterprise network teams are spending more time and resources than ever before in the fight against security threats. This conclusion is the result of a survey of 1,035 computer chiefs and specialists in the sector. But this statement is not the only conclusion of the study conducted by Viavi Solutions. The company also highlights four key points:
  • More involved staff in cybersecurity terms: Eighty-eight percent of respondents say they are involved in solving cybersecurity problems. Almost 80 percent out of them say that they spend more time on these issues, and almost three out of four spends up to 10 hours a week learning about the subject.
  • Evolution in cybersecurity threats: When asked how the nature of security threats has changed, IT teams have identified an increase in email and browser malware attacks (63 percent) and an increase in the sophistication of the threat (52 percent). Almost one in three also reported an increase in distributed denial-of-service attacks (DDos).
  • Main sources of information in cybersecurity: Syslogs protocols is the main method to detect security problems, since it is the option chosen by almost a third of the respondents. In second place would be the capture and analysis of long-term packets (23%), and closing the podium would be performance anomalies (15%).
  • General factors driving the workload of network equipment: Bandwidth usage in enterprises continues to increase, and two out of three respondents expect bandwidth demand to grow by as much as 50 percent by 2017. This trend in turn drives greater adoption of emerging technologies; including software-defined networks (SDN), public and private Clouds and 100 Gb. Network teams are managing these initiatives while at the same time facing an aggressive increase in security issues.
These issues are of concern to the community, as traffic growth increases security risks, creating a situation of unprecedented challenges. That fact coupled with the growing concern of citizens about their privacy, makes companies take more serious the possible threats. So ... what should IT teams do to anticipate these attacks? The study responds with four points:
  • Control your regular traffic: Recognizing abnormal traffic is critical to identifying an ongoing security problem or attack. Start comparing traffic and network behavior, either manually with the freeware Wireshark analyzer, or by using automated benchmarking in commercial network performance monitoring and diagnostics (NPMD) tools.
  • Speed discovery with traffic evidence: According to the recent Mandiant M-Trends report, the average number of days that attackers are present in a victim's network before being discovered is 146 days, despite the use of IDS and other traditional security tools. By using packet capture with backward analysis, network computers can back up to the time of the incident and track the files accessed by hackers.
  • Ensure long-term packet retention: For companies with high traffic, data centers, or high-traffic forensics security, the next step may be a device specifically designed with their own analysis. Depending on the size and volume, there are devices that can capture and store up to a petabyte of network traffic for further analysis, simplifying forensic investigation for a faster solution.
  • Facilitate effective cooperation between networks and security teams: Ensure successful collaboration between security teams and networks in investigations with documented workflows and integration between security, network forensics tools and performance management tools.
Perhaps thinking that the end of the world is near is a little exaggerated, but nobody will be able to deny that the preparation to save any type of situation can take us out of a tight spot. It is nice to see how companies are becoming more and more aware of security and have become a bit paranoid about it. Even so, there is still a long way to go.


Post a Comment