make a good business better

Blog Information Security

Print Divider Print Divider Branding

Detection and Network Security Management: Know When You've Been Breached

09/06/2016  |  By: Frank Knobbe, QSA , Shareholder, Information Security


Social Logo Social Logo Social Logo Social Logo

Did you know that many companies find out from an outside source that their network has been breached? And guess who the messengers are. A business partner, an Internet news item, a customer—even the FBI. Now there’s a phone call you don’t want to get.

In truth, the best efforts of the most up-to-date hardware and software network security products fall short. Aside from a firewall and an anti-virus solution, a network security management system necessarily includes cyber security professionals that monitor your system and detect anomalies that will invariably occur. But the reality is, most companies do not have a network security management system in place that does a satisfactory job of monitoring their networks for suspicious activity.

Detection isn’t easy.

Why? Cyber attacks are purposely surreptitious. And the level of skill required to detect a breach often extends beyond the capacity of a company’s in-house IT team and most network management systems. But there are symptoms of a breach that most IT techies can detect. And so can employees in every other department who are frustrated because they can’t get their work done. (And if you’re on the IT team when this happens, they’re mad at YOU. Right?) Here are some signs to watch out for:

  • Is the network slowing down for some unexplained reason?
  • Have new users or accounts spontaneously appeared?
  • Are there a large number of attempts to log in after hours?
  • Is data getting tampered with or deleted?
  • Are mysterious files appearing—and reappearing after you delete them?

Sometimes, malware can shut down components of an anti- virus system, and quite often it will infect a single workstation to gain entry to multiple areas of the network. Unfortunately, a lot of damage can occur before symptoms appear, which is why a good network management system must have a skilled ‘detective’ at the helm—a cyber security expert trained to proactively root out suspicious activity or malware before its presence is felt by everybody else.

What should I do if I can’t afford to hire a cyber security expert?

Outsource it! Expertise is critical for this challenge, and hiring a full-time expert is often more than what is required, or feasible for many companies. When you outsource the requirement to a third party, you can buy just what you need. Direct your third-party cyber security provider to look for patterns (and malware) across all of their client networks, and to develop tactics that avert attacks. If breached, you want the clean-up to be contained in all ways possible. If you aren’t quite ready to outsource this task and you’ve already taken basic measures like installing a firewall and virus detection/scanning on workstations, there is still more you can do:

  1. Implement an intrusion detection system. These devices hang on the network at strategic points, collecting data and generating reports that keep you apprised of what’s going on inside the network.
  2. Use the data you already have. Firewalls have log information. You can check for precursors to attack, blocked IP addresses and unusual patterns of activity or attempts to gain entry.
  3. Your server has information, too. Log information will typically provide information as to their origins, and the ongoing reporting provided by the server should be analyzed regularly to detect inconsistencies as soon as they occur.
  4. And don’t forget about your people! Train your colleagues to alert you to any unusual activity they might be experiencing when they log in, use email or gain access to the Internet. The key here is to be proactive about network security. Become knowledgeable. Join a local chapter of the Information Systems Security Association (ISSA) or Infraguard, a public/private partnership between industry, academia, law enforcement agencies and the FBI. Get educated, and you will learn incrementally over time how to improve your organization’s network security management. 

Check out our free guide, Breach: Network Security Best Practices for Prevention, Detection, and Response, for more information on ensuring the safest network security for your firm.

On LinkedIn or Twitter? Follow us on LinkedIn and on Twitter @lbmcsecurity. Learn more about how our team at LBMC Information Security can help your team armor up with a wide range of network defense servicesContact us today!