All traffic should be monitored, but when you make a cost/benefit analysis, it may seem excessive to do so.
"You need to make a judgement call based on the threat analysis [to ascertain] whether it is worth putting these controls into some segments," said Jirasek. "It would be very bad practice to have it all on the same network, but this is what small companies are doing. SMEs don’t really have money to segregate the network."
The best approach would be to have anomaly detection protection which baselines the network traffic and looks at the patterns and identifies the anomalies.
"That would be the best from a pure network traffic point of view, but for the determined attacker you need to be prepared on the host – so have it tightly secured, users not having admin rights, some sort of protection against RAM-scraping malware, good anti-virus and anti-malware, the data classified and potentially segregated – with access over some kind of Citrix session, and then ideally if the user has access to secrets in
For large corporate and government networks, he said that in addition to reactive security information event management (SIEM), there needs to be a complementary proactive capability to build a picture of overall risk by identifying all network access.
This enables organizations to reduce risk by blocking unnecessary access paths before there is a security incident. "Most organization are astounded when we show them how many paths there are to their network that could be used for unauthorized access," said Brazil.
Fire Mon, he said, goes beyond rival configuration management systems by combining traditional operational capabilities with continuous risk monitoring and visibility, which includes the ability to identify and priorities risk mediation tasks and model the knock-on effects of any network configuration changes.
0 comments:
Post a Comment