Do You Have a Plan for Network Threat Detection and Response? You Should!

Though the market has been flooded with educational materials and technology to support threat detection and response, only 58 percent of organizations feel highly confident that they could detect an important security issue before it has significant impact. Attacks are coming from a myriad of sources and methods, making early data capture and analysis essential.

Few organizations are prepared to deal with the numerous threats. Phishing is the primary means of threat delivery, with over 90 percent of successful cyberattacks starting from a phish.[1] For a phishing attack to be successful, an insider need only be careless or duped long enough to open an attachment or click on a link. Once that happens, the next phase is most often some sort of malware.

No matter how it is delivered to the target, malware (including ransomware) has become more frequent and more damaging each year since 2010.[2] Once compromised, the target becomes a beachhead for a remote attacker to land in the corporate environment or it will be assimilated into botnets. Any device, including IoT, IIoT and OT devices, can be captured. These devices are not only gathered for botnets, but also for surveillance, control of services, capture of goods and numerous other nefarious goals. Insiders often aid attacks indirectly through social engineering means, and direct attacks from insiders are increasing. As of 2018, attacks from unprivileged users have exceeded those by administrators.[3]

The one thing all of these attack vectors have in common is their footprint on the network. Each of them has to traverse the network to reach the intended goal, target and/or victim. The reason many organizations are having difficulty dealing with these problems is not because they haven’t made investments in tools or implemented best practices. It is more often because they have detection blind spots, since they cannot deliver the vital information to the correct systems in a timely manner (or at all). This increase in activity tells us that threat monitoring is more than a best practice; it is a life-saving skill for your business that must be approached with vigilance and diligence. It also tells us that getting actionable information to the right tools and people is a business imperative.

Does your organization have a security strategy intentionally engineered to overcome data and toolset silos to get information to the right place at the right time? Is your current architecture based on a deliberate attempt to identify, respond to and counter threats?

If the answer to any of these questions is “no,” then you need to honestly appraise your threat detection and incident response tools and processes, and any architectural improvements you might need to make to stay a step ahead. Visit the Gigamon website to understand how network threat detection and response tools can help you execute on getting your data to the right places, and shift the balance of power against the attackers to make a positive difference in your security.