How Can I Reduce Network Security Risk – Part 2
Step 2 of reducing network security risk is about finding intrusions on your network and quickly remediating those issues. The faster you find the problem, the safer you are. This is extremely important as the Ponemon Institute finds every year that it takes way too long to identify breaches on the network. For example, the 2021 Ponemon Institute Cost of A Data Breach report found that it took businesses an average of 287 days to identify and contain a data breach. This is over 2/3 of a year – which is plenty of time for a bad actor to find what they want and then exfiltrate that data.
While part 1 of the plan is to prevent as many intrusions as possible, SOMETHING is going to unfortunately make it past your defenses. Call it Murphy's law, call it Chaos Theory, call it whatever you want but something unpleasant is going to happen – whether you know it or not. This is when you need threat hunting activities.
However, for any threat hunting tool to be effective, it needs to see ALL of the data. Seeing part(s) of the data isn't good enough. The tool needs everything, or it will miss intrusions. This is why you need to deploy taps at critical points across your network and then aggregate and filter that content so that your security tools (IDS, DLP, SIEM, etc.) get exactly the right data at the right time so that they properly flag any anomalies or suspicious activities. The tap and packet broker combination give you the visibility you need so that your security tools are as successful as possible.
At the same time, you also need lossless visibility. You don't want to add just any packet broker. Depending upon their design, some packet brokers drop packets – i.e. they "lose" data. You could be missing up to 60% of your security threats and not even know it.
One fundamental reason is the way data is processed. A popular method is to use a CPU to process higher end data features, like deduplication. However, the CPU can become overloaded and drop packets, or miss certain types of data packets. This is where you need a packet broker that uses FPGA chips to process the data at line rate. This design decision becomes even more important as network speeds transition from 10GB to 40 and 100GB. Data loss at these speeds becomes a serious architecture vulnerability.
Rest assured, Keysight taps, bypass switches and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network - every bit, byte and packet. Once you have this level of visibility, threat hunting tools and security information and event management (SIEM) systems can proactively look for indicators of compromise (IOC).
- +1 Like
- Add to Favorites
Recommend
- Keysight‘s Taps, Bypass Switches, And NPBs Can Help Find Your Security Vulnerability Before Hackers
- Keysight‘s TAPS and NPBs Meet NERC CIP Standards For Threat Visibility&Detection for Critical Infrastructure
- 5 Steps to Satisfying OMB M-21-31 Compliance
- Suncall Corporation Taps Crocus Technologies TMR Sensor Technology to Develop Advanced Sensors for EV Industry
- Keysight Unveils Industrial Visibility Solutions for Electric Utility Market to Meet Monitoring Requirements Worldwide
- Keysight’s on-premises solutions as well as cloud-based solutions in RSA 2022
- Why Internal Network Security Monitoring (‘INSM‘) Begins with Visibility
- Keysight Technologies Acquires Quantum Benchmar, Augmenting Keysight‘s Quantum Portfolio
This document is provided by Sekorm Platform for VIP exclusive service. The copyright is owned by Sekorm. Without authorization, any medias, websites or individual are not allowed to reprint. When authorizing the reprint, the link of www.sekorm.com must be indicated.