When APTs (Advanced Persistent Threats) are discovered, network security operations professionals are instantly under pressure to explain and resolve the problems swiftly. Without a robust understanding of the context, network traffic and content, SecOps professionals are often left to rely on informed guesses and not verifiable facts.
FREE Download: Discover How Hackers Use AETs To Execute APT Attacks
Perpetrators of APTs use unexpected and diverse attack vectors to target nations, industries, organizations and individuals in order to gain long-term access into and control over a company’s IT infrastructure. Managing such threats without affecting the organization’s performance is an extremely difficult task, so it is pragmatic to accept the fact that APTs might happen and to quickly remediate them if and when they are identified. But how fast can one react to a suspected APT security anomaly as it traverses a network? And more importantly, are SecOps professionals doing the best they can to ensure that their actions are informed, appropriate and effective?
Here are some points to consider:
– The skills of the security analyst: Those responding to APTs need to know how to use the tools they have to quickly and accurately analyze the attack. They must also possess a baseline understanding of the network’s topology and the events shaping it. Thorough testing and documentation of how applications use a network, including a transaction-by-transaction understanding of how they work across the production network, is ideal. In cases where this is not practical, live data from the production network though less predictable is the next best thing, for real-time statistical analysis of network connections makes it easier to spot variations from the norm. Lastly, miscommunication between team members and delays can be minimized with effective workflow and processes.
– Evidence collected around a suspected network event: Captured packet data provides irrefutable evidence of what occurred. And the examination of network traffic before, during, and after an event can provide the clarity needed to gain an understanding of what happened and to enable professionals to make a truly informed response plan, all of which increases the likelihood of an effective outcome.
Unfortunately, human capabilities and solid data alone are not enough to effectively combat APTs. To decode packets and gain actionable insight requires appropriate analysis tools. Some tools operate autonomously and are invaluable for automation of specific processes but are limited to a single method of interpreting data. APTs, by their very nature, are tailored and unique, so automated analysis alone will never be completely effective. Truly confident, fact-based decision-making is only possible when an iterative interpretation of captured packet data and post-event analysis occurs.
By asking themselves if they are appropriately equipped with the right human and technological resources, security teams can determine if they are prepared to effectively execute their roles in the face of APTs. Network packet capture makes this appraisal possible by enabling teams to know what’s happening now and what occurred previously. With APTs, as with all threats, knowing exactly what you’re dealing with is invaluable.
By Matt Walmsley, Senior Marketing Manager, EMEA, Endace division of Emulex
About Emulex
Emulex, a leader in network connectivity, monitoring and management, provides hardware and software solutions for global networks that support enterprise, cloud, government and telecommunications. Emulex’s products enable unrivaled end-to-end application visibility, optimization and acceleration. The Company’s I/O connectivity offerings, including its line of ultra high-performance Ethernet and Fibre Channel-based connectivity products, have been designed into server and storage solutions from leading OEMs, including Cisco, Dell, EMC, Fujitsu, Hitachi, HP, Huawei, IBM, NetApp and Oracle, and can be found in the data centers of nearly all of the Fortune 1000. Emulex’s monitoring and management solutions, including its portfolio of network visibility and recording products, provide organizations with complete network performance management at speeds up to 100Gb Ethernet. Emulex is headquartered in Costa Mesa, Calif., and has offices and research facilities in North America, Asia and Europe. For more information about Emulex (NYSE:ELX) please visit http://www.Emulex.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.