An enterprise network security program encompasses many areas of security from electronic bit-matching in firewalls to regular education programs to keep employees alert for suspicious email messages or odd computer behaviors. A zero-trust approach when connecting to the network is a big step in the right direction.
Enterprise Network Security and Spear Phishing
Believing the traffic on the internal network to be clean can be a false assumption. Remember: it's the internal users that bring the malware into the network and it isn't always because they took their laptop home at night. New types of malware are trying to infiltrate the corporate network every minute and the number one tactic is spear phishing via email. Most employees know better than to click on anything suspicious because they understand that this isn't their "lucky day!!!" But "persistence pays off," and eventually someone somewhere will click on a bad link and the malware will have a way in. Once in, it may take months to discover—if you ever do. Ideally, enterprise network security should address ongoing issues like this.
Network Intrusion Detection
When spear phishing isn't the source of an infection, click jacking is often the second tactic used by the attackers. Surfing the web and clicking on bad links allows malware to pass right under the nose of even the best network threat protection systems. Because systems like smart phones have already authenticated onto the network and because the malware makes outbound connections over SSL connections, most network intrusion detection solutions will let the traffic pass right on by when it reaches out to the command and control server. What can be done to detect these two forms of seemingly unstoppable attacks?
Network Traffic Monitoring
Until recently, the professionals responsible for enterprise network security were often kept separate from administrators who had to monitor bandwidth for traffic abusers. Network security companies have learned that the network guys understand how the network should behave and the security guys understand the nature of threats and where they tend to originate. Fortunately, a technology has emerged that lends itself equally useful for both network traffic monitoring and threat detection. It's called 'NetFlow' and often goes by its proposed standard name 'IPFIX.'
Threat detection vendors have been quick to add support for NetFlow in their enterprise network security solutions because nearly all switch, router, firewall, and server vendors today support a flow technology such as NetStream, IPFIX, J-Flow or CascadeFlow. All of these are derivatives or direct copies of NetFlow. On the low end, other vendors are supporting sFlow, a packet sampling technology, and most NetFlow collector vendors convert it to a flow-like format before archiving the data for future reference.
To learn more about how your enterprise network security solution can be enhanced, consider attending a NetFlow training class in a city near you. In the class you will learn how to use Scrutinizer and other flow technologies to improve security posture. The class is largely hands-on and also includes practical suggestions on how to work customized thresholds into network traffic monitoring procedures. In the end, you will enhance your enterprise network security efforts.
Contact Plixer—one of the best in NetFlow collection.