Using analytics to secure your network

Knowing what's normal on the network will help identify attacks says Dirk Paessler

Using analytics to secure your network
Using analytics to secure your network

Every day, businesses face some 27,000 new IT security threats.  This makes understanding your IT infrastructure and how it works under normal circumstances absolutely invaluable.

Faced with the ever present risk of security threats, you can boost the capability of your IT security by using a software tool that you might not immediately think of as a means of shoring up defences: the network monitor.

IT professionals already know that network monitoring software is an extremely useful tool for ensuring that networks run smoothly. However, there is added value in the form of the analytics that the monitor collects and that can be deployed against malicious intruders.

Antivirus software is a crucial part of your network's armoury, but the most dangerous malware can be almost impossible to trace. On its own, antivirus software may not hold all the answers. A shrewder, more integrated and more delicate approach is required to safeguard your network.

While malware can be complicated and hard to identify, there are tell-tale signs that allow you to detect its presence. For example, sudden increases in bandwidth, unidentified protocols or surges of outgoing data might indicate that something untoward is happening on your network. With detailed and up-to-the-minute network information, you can quickly spot where and when these initially inexplicable events are happening and make an informed decision on whether the actions look suspicious – if, for example, an area of the network that holds restricted information is the site of the activity under investigation.  This information also helps build up a picture of where weak points and potential ‘back doors' exist in your network by showing which devices are interacting and how.

Using a network monitor to bolster your security is an active process rather than a passive one. You can monitor a great number and variety of devices and switches, so the choice of what to monitor and what analytics you want to collect is vital when implementing network management software within your security strategy.

Take monitoring your bandwidth as an example. An abrupt increase in traffic to your website might simply represent a harmless swell in demand. However, it could also indicate the start of a Denial of Service attack. By using analytics created from historic data collected on that particular probe, you can easily tell what would represent an unusually high amount of traffic.  So if the network monitor is displaying double the historic high, you could well have a security problem.

Though it might be tempting, closing a network down in an attempt to quickly stymie the attack isn't a sustainable solution. The fundamental issue that allowed the attack to happen in the first place will remain. Analytics can provide the answer to help solve the issue. Exploring the data collected about the near real-time events during the attack gives you the opportunity to harden defences or create alerts to inform you if a similar attack subsequently occurs.

Detailed information really is the key to keeping malware at bay. A great advantage lies in the fact that network security is as bespoke as networks themselves. So, if you know all you can about your network and what its normal functioning looks like, you will be well-equipped to spot and see off future attacks.

Contributed by Dirk Paessler, CEO of Paessler

close

Next Article in Opinion