Network forensics: The no-brainers

A CTO explains why most organizations are only managing to catch the lower-level hackers, and why more advanced skills will become an obvious need in 2013.

Share this article:

2012 was a year of organizations finally “getting it” when it comes to thinking about cyber security and the power of network forensics – investigative strategies of dealing with emerging threats and risks. Trouble is, the average organization is likely only detecting the low hanging fruit of the cybercrime tree, notes one IT expert.

That said, this year was a good one in terms of a lot more cyber security awareness taking hold in the enterprise, notes AccessData CTO Rich Cummings.

“I think that this will continue in a dramatic way in 2013. A lot of folks on the network side will be getting involved in security because of advanced attackers coming in and stealing their intellectual property.”

When it comes to network forensics, there are two primary approaches: “catch it as you can” and “stop look and listen” method of preventing threats. Ultimately, it really doesn’t matter what industry vertical an organization is in, notes Cummings: organizations need to get proactive in leveraging forensic tools and techniques in tracking and monitoring threats to the network.

“If you’ve got a widget or piece of data somebody wants it. And they are going to try and get it,” says Cummings.

As for determining if things are improving on the network threat detection front, Cummings notes that many organizations still have some ways to go. “I come from the trenches and I know how bad it is – so without question it will continue to get worse. I believe what we’re now detecting is that I call the C-team, or lower level hackers. (Organizations) aren’t catching the elite or even the B-Teamers. We’re catching the guys who are using the backdoors and reworking those same back doors and approaches. But there is definitely a whole set of different skill sets out there who are super advanced.”

On the brighter side, he notes that organizations are starting to understand the scope of the threat intelligence situation when it comes to the network.  Companies have always been done the basic blocking — setting up firewalls, etc. — but now savvy organizations understand that they need to be a bit more dynamic and forward thinking in addressing cyber security, he notes.

The major pain points for organizations, says Cummings, are around being able to handle the rapid growth of mobile devices in the enterprise — devices that are often just a Bluetooth connection away from being compromised. “That is scary. You’ve got to be able to manage all those devices. Security is about people, process and technology,” he says. And if it even comes down to collaborating with competitors, he offers, to better determine the security threats out there, so be it. “It’s more than just getting the latest anti-virus software or widget. It’s about threat intelligence.”

Ultimately, reducing the risk of cyber attacks — inside or outside the enterprise network — is all about preparedness. This includes having teams of people and tools at the ready. A fire department is equipped to handle various attacks — fire, chemical or disasters. So too moves the IT team, he notes. And at its essence, network forensics is all about better decision making across the organization.

“That’s what (cyber) security is about — getting the right information to make the right decisions.”

Take the next step by downloading our free white paper on ‘Planning Security Budgets.’

Share this article:
Comments are closed.