by Mark Allen, Director of Technology
Whether we want to admit it or not, many of the hackers who infiltrate company and government entity IT networks aren’t sitting in some sophisticated command center surrounded by multi-million dollar technology.
As Cisco chillingly demonstrates in its YouTube video, “Anatomy of an Attack – Inside the mind of a hacker”, a young woman launches a ransomware attack on a publicly traded company that wreaks havoc throughout the organization and ultimately brings down its CEO. What’s even more disturbing is that the hacker has no scruples about what she’s done. In her mind, she got paid well and her act of sabotage was, well, just another job.
Faced with untold numbers of similar threats across the globe, it’s no wonder that cybersecurity budgets are expanding as never before to address the quest for better network security solutions.
Looking forward to 2019, total spending on information security products and services is expected to reach $124 billion. That’s an estimated increase of nine percent over 2018’s $114 billion, which accounted for a 12.4 percent increase over 2017, according to Gartner.
And two Neustar reports released this past summer indicate that security professionals are twice as concerned about data breaches and cyber attacks this year compared to last year. The reports state that systems being compromised and ransomware are the top concerns.
In order to stay ahead of malicious attempts to infiltrate your network, you need to proactively manage access to your network.
Central to any successful and proactive cybersecurity plan is network access control, also known as NAC. Essentially, NAC determines who’s allowed to access what, when and where pertaining to anything on your IT network. NAC defines everything about who does or does not have access to your network.
“Central to any successful and proactive cybersecurity plan is network access control, also known as NAC.”
– Mark Allen, Director of Technology
Within your organization, for example, that means your human resources department only has access to HR data. Or, your marketing team is the only authorized staff to access marketing data or gain access to the company’s Facebook account. The same is true for accounting’s data, etc.
In fact, you can get as granular as you want with NAC. But the more granular you do get, the more secure your organization and data across all areas.
In addition, NAC provides cybersecurity forensics which allow you to drill down much deeper into what a potential internal or external threat is doing, not doing and how they’re going about it.
First, before you invest in NAC, make sure guest access to your network is under control. If someone sitting in your lobby waiting for an appointment easily gains access to your network, that’s a sure sign that your network is vulnerable.
Once your guest access is under control, then look to NAC to ensure that everyone who has authorized access to your network is onboarded with the right profile. After that, you can move on to more advanced cybersecurity tools, which include User and Entity Behavior Analytics (UEBA).
Two excellent cybersecurity machine-learned AI solutions include Aruba 360 Secure Fabric, which employs UEBA to monitor and detect gestating attacks with machine-learned intelligence, and Cisco Talos Intelligence Group, one of the world’s largest commercial threat intelligence teams that covers ongoing cyber threats to email, networks, cloud, web, endpoints and more.
When using a machine-learned AI solution like these, one of the best IT security intelligence reports you can receive might look something like this:
While starting your work day, your security report shows that your firewall prevented eight threats from compromising your network the previous day because your machine-learned AI solution identified the threat, routed it through your UEBA, and sent it to your firewall where it was identified at 2 pm, actually stopped at 2 pm and immediately quarantined.
Keep in mind, however, that as helpful as machine-learned AI solutions are, they do come with a steep learning curve. They can also be highly complex to set up. That’s why it’s best to rely on a capable network security solutions partner who understands your business model, expected cybersecurity outcomes and who can provide you a baseline for your entire cybersecurity strategy.
Once your baseline’s established, your network security solutions partner can help you make the necessary adjustments or educate you on how to make the adjustments yourself.
As demonstrated in Cisco’s “Anatomy of an Attack” video, hackers know all too well what they’re doing. And they’re only going to get better at what they do.
That’s why it’s imperative that you thoroughly understand the vulnerability of your network’s visibility, including which IoT devices are on your network and who has access to your network. The more you can rely on machine-learning AI to alert you about any anomalies in your network, the faster you can react and remediate any damage.
“… it’s imperative that you thoroughly understand the vulnerability of your network’s visibility, including which IoT devices are on your network and who has access to your network.”
– Mark Allen, Director of Technology
That’s because your network security goal is to stop cybersecurity hacks and quarantine them immediately, certainly not days or even months after the fact. The very life of your organization depends on it.