An Enterprise Network Security program encompasses many areas of security from electronic bit matching in firewalls to regular education programs to keep employees on alert for subjective email messages or odd computer behaviors. A Zero-Trust approach when attaching to the network is a big step in the right direction.
Enterprise Network Security and Spear Phishing
Believing that the traffic on the internal network is 'clean' can be a false assumption. Remember, it's the internal users that bring the malware into the network and it isn't always caused by taking a laptop home at night. New types of malware are trying to infiltrate the corporate network every minute and the number one tactic is spear phishing via email. Most employees no better than to click on anything suspicious because they understand that this isn't their "lucky day!!!". But, true to the old saying "persistence pays off", eventually someone somewhere will click on a bad link and the malware then has a potential way in. Once in, it may take months if ever to discover it. Ideally, enterprise network security should address ongoing issues like this.Network Intrusion Detection
When spear phishing isn't the source of an infection, click jacking is often the second tactic use by the attackers. Surfing the web and clicking on a bad link will often allow malware to pass right under the nose of even the best network threat protection systems. Because systems like smart phone devices have already authenticated onto the network and because the malware makes outbound connections over SSL connections, most network intrusion detection solutions will let the traffic pass right on by where it reaches out onto the Internet for the command and control server. What can be done to detect these two forms of attacks that appear to be unstoppable?
Network Traffic Monitoring
Until recently the professionals responsible for enterprise network security were often kept separate from administrators who had to monitor bandwidth for traffic abusers. What network security companies have learned is that the network guys understand how the network should behave and the security guys understand the nature of threats and where they tend to originate. Fortunately a technology has emerged that lends itself equally useful for both network traffic monitoring and threat detection. It's called 'NetFlow' which often goes by its proposed standard name 'IPFIX'.
Threat detection vendors have been quick to add support for NetFlow in their enterprise network security solutions because nearly all switch, router, firewall and server vendors today support a flow technology such as NetFlow, NetStream, IPFIX, J-Flow or CascadeFlow. All of these are derivatives or direct copies of NetFlow. On the low end, other vendors are supporting sFlow which is a packet sampling technology and most NetFlow Collector vendors convert it to a flow like format before archiving the data for future reference.
To learn more about how your enterprise network security solution can be enhanced, consider attending a NetFlow Training class in a city near you. In the class you will learn how to leverage Scrutinizer and flow technologies to improve security posture. The class is largely hands on and also includes practical suggestions on how to work customized thresholds into network traffic monitoring procedures. In the end, you will enhance your enterprise network security efforts.
Contact Plixer - one of the best in NetFlow Collection.