You’re already aware of the cybersecurity risks that your company faces – but what will you do when you discover that your network has already been compromised?
And what would you tell senior executives if you found out that you had enough information to detect and stop the breach a long time ago – but just didn’t know it?
It’s a nightmare scenario that is coming true far too often. Breach analyses frequently reveal that attackers have been lingering on compromised networks for weeks if not months, and Australian respondents to the NTT Security 2018 Risk:Value Report said that, on average, it would take 82 days to recover after a breach.
Cybersecurity threats are steadily intensifying, with often severe financial and reputational consequences, and it has never been more important to understand your network and threat environment.
This is why data analytics has become so closely interwoven with contemporary threat-detection solutions – and why an effective cybersecurity defence relies on a robust analytics capability more than ever before.
“We’re trying to shrink the time in which customers understand what those indicators of compromise in their environment look like,” says David Quist, ANZ security solutions specialist with NTT ICT global strategic partner Aruba, a Hewlett Packard Enterprise company.
“There are probably all these indicators of compromise in their data, but they have no way of understanding that it has already happened.”
A smarter network fabric
Analytics hasn’t always been easy to harness: security specialists have not always been experts in data analytics, after all, and vice versa.
This has traditionally left security specialists chasing down security alerts from their management consoles and SIEMs, trying to pick out the most important alarms from a sea of often false positives.
Many alarms never get investigated, and a lack of context means that humans struggle to correlate multiple events that may be innocuous on their own – but together constitute a clear and present danger to the network.
Closing that gap is a key goal of the Aruba 360 Secure Fabric, which combines several key elements to provide businesses with both a close-up view of network activity, and a high-level context that illuminates malware behaviour and suspicious activity by users and networked devices.
That context is created by correlating the findings of purpose-built tools including Common Criteria-certified ClearPass secure network access control; IntroSpect user and entity behaviour analytics (UEBA) tools; and a secure network fabric that provides high visibility to ensure that all elements of the smart network fabric work in concert.
Collecting the data – and using it
If an intelligent fabric is the smart network’s circulatory system, the analytics engine is its beating heart – and this is where the 360 Secure Fabric shines.
Network event and performance data are collected on an ongoing basis, with details of every network conversation and data request passing through the platform’s filters.
This ensures that every unusual network event is spotted, and can be correlated with other incidents to better identify and stop a network compromise as it happens.
Analysis of the network data might reveal any number of unusual events – for example, if a particular network request is coming from an unexpected country, or whether a particular user account is requesting access to a server that they’ve never accessed before.
Careful baselining and monitoring is particularly important when dealing with the Internet of Things (IoT) – that important class of intelligent network devices that has become a favoured target of cybercriminals thanks to their often insecure designs.
IDC expects spending on IoT equipment to pass $US1 trillion ($A1.4t) in 2020, up from $US772.5b ($A1.07t) in 2018. But without the right security model, each of those devices represents a new potential vulnerability on the corporate network – and a tempting target for cybercriminals.
By using a smart network fabric to monitor the behaviour of IoT devices – which “should have a very standardised and predictable behaviour”, Quist says – enterprises gain an important new tool for detecting indicators of compromise that might otherwise go unnoticed.
The ability to spot and deal with issues has become an issue of survival – and companies that compromise partners’ data may find themselves out of business in no time.
That’s the value of the new approach being made possible through the Aruba 360 Secure Fabric. Its network protection is more representative and responsive than ever – and that can make all the difference between a cybercriminal stopping your business in its tracks, and you stopping them in theirs.
Learn more about NTT Communications’ Security Services and Solutions at https://www.nttict.com/services/ict-security
Learn more about Aruba IntroSpect User and Entity Behaviour Analytics at https://www.arubanetworks.com/products/security/ueba/