Skip to main content

Network-Based Threat Protection Failure: Where Does the Issue Lie?

June 03, 2014

There have been a number of high-profile, successful attacks in the news, raising questions around the effectiveness of the network-based threat detection technologies companies have in place and the incident response teams that monitor them. But it’s difficult to point to one element or the other as the cause of a breakdown in a company’s defenses.

There are a number of elements that go into achieving security success. You’ve got to implement the right technology for your specific environment, but you’ve also got to create and enforce policies and processes to support your technology and your objectives, and involve the right people with the right skill sets. Each network-based security product has its strengths and weaknesses, but one might be better for your unique needs than another.

When determining the right network-based threat protection product for your environment, there are many questions to answer. Here are a few:

What is your organization’s level of expertise in-house to support the particular technology?

While many of the technologies can be automated, nothing is “set and ignore.” Every technology takes some type of care and feeding from staff, whether that is handled internally or through an external managed service provider.

What type of data is your organization protecting?

Taking inventory of the sensitive data that can be extracted by an attacker helps determine the best solution for your needs. Examples of sensitive data include:
•  Credit card numbers
•  CVV or card verification values
•  PINs
•  Names and addresses
•  Social Security numbers
•  Other information of value

What are the actual assets that need protection?

Once you have identified the type of data that needs to be protected, you can then determine the actual assets you need to focus on that contains this data. Examples of these assets include:
•  POS devices
•  Wireless infrastructure
•  Critical servers
•  Critical endpoints
•  Network devices

Who has access to these network elements?

It is important to identify users and limit access to only what is needed. This helps protect your network from both malicious and non-malicious users.

While it’s necessary to have the right technology for your environment, and have it appropriately integrated, the technology is only as good as the policies and processes you put in place to monitor and respond to findings. In other words – after selecting the right technology it’s equally important to focus on all three elements, and get the right people, policy and process in place. This could mean investing in the right level of technology and resources for an internal staff or leveraging third-party consultants and a managed service provider. Either way, as it is with most complex issues – it’s important to keep in mind that when it comes to circumventing an attack, there is no silver bullet.

Related Blogs

March 15, 2018

Pass-the-Hash

Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from ...

See Details

January 12, 2018

Regarding Spectre and Meltdown

On January 3, 2018, the Graz University of Technology released their papers on identified vulnerabilities dubbed “Meltdown” and “Spectre” via the webs...

See Details

December 13, 2017

Cyber Threat Intelligence Requires Commitment

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cy...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.