Blog :: Security Operations

You can’t stop Malware claims Yahoo CEO

Despite the hundreds of billions spent by companies over the last several years, malware continues to infect our networks, sabotage our systems and steal our intellectual property.  Even with repeated failures, the investment continues to climb.  In fact, the cybersecurity market is expected to grow from USD 137.85 Billion in 2017 to USD 231.94 Billion by 2022, at a Compound Annual Growth Rate (CAGR) of 11.0%. source

udp forwarder

Even robust defenses and prosecutors aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent” Marissa Mayer former CEO of  Sources: here and here

Pretty much everyone submits to the understanding that anything connected to the Internet can be compromised.  For those who are still holding out and believe that their firewall and antivirus are preventing them from the latest zero day infections, consider an analogy.

Most of us work in a building or live in a home that has some type of electronic security system.  We set it before we leave and we turn it off when we enter.  The security system probably has contacts on the windows and doors in case they are opened while the alarm is set.  Often times there are motion detectors in different areas and some even have water and temperature sensors.  Many security systems even have cameras in several areas to constantly record any movement.  Overall, these systems work great and give us piece of mind when we leave for a length of time.  We gain comfort knowing that we have taken reasonable steps against most forms of unauthorized intrusion.

These technologies may make us feel better but, almost no one with a security system believes that it can’t be circumvented.  Most consumers of security systems are aware of this and yet despite the imperfections surrounding them, the investment was made. Stickers and signs on the doors tell the would be intruders that a security system is in place.  Perhaps we hope that an approaching criminal will see these signs and move onto an easier target.

The cyber security industry can draw comparison to the physical security systems described above. Firewalls, IDS, antivirus, etc. can all be compromised.  Even though the network and security teams are keeping systems patched, there is no stopping certain types of malware.  If the system is connected to a network that eventually leads to the Internet, it can absolutely be compromised.  So now what?

Imagine if your business was broken into.  Hardware was stolen, perhaps money was taken and maybe there was physical damage.  The first think you might do is call the police who would visit your location, inspect the situation and ask a few questions.  One of their questions would be “Roughly when do you think the event took place?” in which you could reply with a range of time.  This might be when the security cameras are brought up in the discussion.  The cameras could allow the investigators to determine how the intruders entered the space.  What they looked at once inside, where they went and what was taken that wasn’t noticed prior to reviewing the footage.  Even if the assailants wore masks on to cover their faces, investigators can often determine the height, weight, sex, race, etc. of the burglars.

Similar to camera security systems, logs and flows are the digital foot print of all activities on the network.  When collected properly from the right locations, NetFlow and IPFIX collection systems provide the insight to determine who, what, where and when.  In nearly every cyber security compromise, 100% of the movements are tracked with these technologies.  Logs and flows are one of the first things cyber investigators will ask for when called on to investigate an intrusion.  If your organization isn’t collecting them, the investigation and recovery will take longer and ultimately cost more money while leaving your organization without insight into what happened.  Need more protection?

When flow collection is paired with a UDP forwarder, compromising the flow collection system becomes extremely difficult. Contact our team to learn more.