CSIAC

Cyber Security and Information Systems Information Analysis Center

/ Cybersecurity

Cybersecurity

Visibility networks

This topic contains 8 replies, has 1 voice, and was last updated by  joecajun 2 years, 2 months ago.

  • Creator
    Topic
  • 2018-09-22 at 20:50 #50310

    JOSE ANTONIO ORTIZ
    Participant

    What recommendations would you make to assist organizations in developing visibility of their networks, and avoiding falling victim?

  • Creator
    Topic
  • Author
    Replies
  • 2018-09-23 at 03:42 #50314

    TABCH
    Participant

    In order to protect against a DDOS attack I recommend to implement a real time DDoS attack protection solution. Large, high-volume DDoS attacks are not the only form of DDoS attacks. Short duration, low-volume attacks are commonly launched by attackers to stress test the organization’s network and find security vulnerabilities within it’s security perimeter.

  • 2018-09-23 at 13:19 #50317

    VPuppala
    Participant

    It likely will depend on the requirements for the organization. Analytics certainly would help but they require more and more data and processing as the requirements become more stringent. It would help if you could post an example requirement to get specific recommendations.

  • 2018-09-23 at 14:26 #50318

    david
    Participant

    Is there a check list or basic required steps, in developing visibility of organisation networks?

  • 2018-09-24 at 13:52 #50355

    vedas
    Participant

    How important is reconnaissance as a cyber risk management tool for corporations experiencing visibility challenges?

  • 2018-09-24 at 19:18 #50364

    azizmalikus
    Participant

    It will be difficult not to fall victim but there are many things you can do to minimize your chances. I recommend you start with having an accurate inventory of all devices that connect to your network. This should include, hopefully, devices of third parties that are connected to you. Consider building a baseline of your normal network traffic patterns, so that you can tell what is abnormal down the road. Harden all devices, ensuring all unnecessary ports are closed and redundant software is uninstalled, and host-based firewall is set up, among other tweaks. I would also suggest you turn logging on in all critical devices you want to monitor and connect these to a cloud-based security information event management (SIEM) service that come with strong data analytics features. Over time, as you fine tune your SIEM, you should be in a better position to sift out attack signals from noise and arrive at better visibility of your network. Check out https://www.cisecurity.org/controls/

    • This reply was modified 2 years, 2 months ago by  azizmalikus.
    • This reply was modified 2 years, 2 months ago by  azizmalikus.
    • This reply was modified 2 years, 2 months ago by  azizmalikus.
  • 2018-09-24 at 19:40 #50369

    har-cyb
    Participant

    What would be some of the top strategies to get a better visibility into networks with PII and GDPR data and maintain a simple process/procedure?

  • 2018-09-24 at 20:20 #50370

    VPuppala
    Participant

    I had to think hard to understand what is meant by visibility. First I thought that the visibility meant that the management needed a clear picture of the networks and systems. That would help the leadership and also the hackers, particularly if they are inside.

    May be an exhaustive list of all the hardware, software, versions, configurations, etc. would help visibility. That would really help in case there is a recall or if the vendor reports an issue and provides a patch. That would be sort of Bill of Materials for all the resources. However, if an ISP is part of the network, it would not be possible to have full visibility of the network.

    The visibility that would really help is the visibility of the attack. We want to know as soon as the attack happens or hatched. Not after the hacker is gone or after the confidential data is published. That is where the tools really help.

    The tools are easy to use for some – those who are well trained on the tool and also understand how the network, systems, and particularly the most valuable resource, data, fit together and how they can be compromised. If the hackers get a copy of the data or a custom application, and do not divulge, then there is no visibility. It is like the attack never happened.

  • 2018-09-25 at 15:36 #50400

    joecajun
    Participant

    The starting point is always having an inventory of all the devices on the network, this includes all third party devices that might be there. Once that has been done carry out a business impact analysis (BIA) of the network to determine the category in which those devices will fall under. This will help in deciding how those devices will be configured. Always remember to keep things simple cause a complex network makes reconnaissance hard as well. The less complex security tools, the more likely that you can defend your network better and the more visibility you will have on the network.

    Among other things that you should have are intrusion detection and intrusion prevention tools as well as SIEM services to help in detecting, preventing as well as analysing the events on the network.

  • Author
    Replies

You must be logged in to reply to this topic.