Blended threats are on the rise and are quickly dealing a fatal blow to the many single purpose security products inhabiting the market. Those blended threats are making it much harder to protect networks from intrusions and compromises. Nevertheless, network managers are still charged with keeping enterprise networks secure, regardless of the origin of the threat or consequences of a breach.
That is a lesson well learned, thanks to the recent security breaches at Target. Those breaches went undetected for some time, allowing infiltrators to gather plenty of account information and leading to the almost unfathomable compromise of credit card information. Whether it was a lack of detection, lack of network knowledge, or due to ignoring the automated warnings is yet to be determined. Still, that breach has led to one of the most visible security issues in recent memory.
While hindsight may be 20/20, the general conclusions about those breaches can be summed up as a lack of awareness, something that could be solved by using the proper tools. In the past, most security administrators have relied on the prowess of security specific tools, such as anti-malware technology, spam filters, Intrusion prevention systems, and firewalls.
Improve protection using new tools
However, those technologies are reactive in nature, and rely on external knowledge or the fingerprints of existing attacks to be effective. Simply put, those technologies lack the ability to identify zero-day, blended attacks. That means other techniques must be added to the equation to achieve improved protection.
Most of those other techniques require that security administrators roll up their sleeves and get their hands dirty in the soil of the network, an environment that network engineers refer to as infrastructure and data packets. Luckily tools have come onto the market that makes it much easier to understand what a packet is and what its payload contains. Even more important is the ability to look at the route that packet takes, starting from its origin and ending with its destination.
Case in point is the latest offering from Fluke Networks, Visual TruView V9.0, which has a new capability of end to end user analysis, which is able to delve into the network connectivity of a single IP address. That capability allows administrators to trend access and compare it to collected norms, making it simple to determine if an access problem lies with an individual user or the underlying network.
Although that capability lends itself well to troubleshooting, there is a security benefit that can be uncovered here - the ability to identify anomalous access. In other words, by trending the activity to a certain IP address or application, spikes in traffic can be quickly identified, where those spikes may quickly become the first clue in an attack.
Other security capabilities that network monitoring tools lend themselves to include packet capturing and analysis, where a network administrator can log access and capture the electronic conversations between endpoints to audit the information contained. A process that can uncover unauthorized access, identify what data was compromised and provide critical information to law enforcement agencies.
Other vendors in the market
Of course, Fluke Networks isn't the only player in the network monitoring tool set market, others such as SolarWinds, Paessler, Spiceworks, GFI, and several others offer tools for network monitoring and analysis. That said, there are some critical capabilities that network administrators should look for when selecting a network monitoring tool for security purposes, including:
- Full packet Capture: The ability to record all traffic
- Packet Analysis: Tools to delve into the payload of the traffic
- End to End Tracking: Identify the path and endpoints involved
- Trending: The ability to identify access trends
- Normalization: Tools that identify "normal" network use
Naturally, there are other capabilities that lend themselves well to the security process, however the above identified capabilities prove to be an excellent starting point for those security administrators looking to get their hands dirty in the mud of packet analysis and garner extensive knowledge of the networks that they are charged with protecting.
Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MCNE, MCSE, A+, N+, L+, and Security+.