Blog :: Security Operations

How to Maintain a Secure Small Business Network (Even When You Work Alone)

Hourglass

Cybersecurity is never easy, but maintaining a secure small business network is arguably even harder because the IT team has much fewer staff. Even high-stakes networks, such as in hospitals or schools, are often managed by a single person. In situations like this, the biggest hurdle is time—you need to know exactly where to invest it and you have to work fast. Unfortunately, security infrastructure often can’t help you do either.

The Inefficiency Problem

If you examine security solutions one by one, there are plenty of great ones out there. The problem is that they’re not designed to work together. If you wear many hats and manage NetOps as well, this challenge is much thornier.

To start with, suppose you can only devote 20% of your time to anomaly detection and investigation. What fraction of that fraction do you dedicate to each security tool? And then to each time and place you can investigate? When you don’t have much context informing where your investigation starts, you can spend hours manually combing through logs for nothing.

And when you’re responsible for customer (or patient, or student) data, or you work in a highly-targeted industry, the cost of this inefficiency skyrockets. That’s a ton of pressure for you to shoulder—even more so during a breach.

So then, there are two improvements needed to overcome the time hurdle and maintain a secure small business network:

  1. Get all your tools and devices talking to each other
  2. Visualize all that data so that it’s easy to spot a break in the pattern
    • This is when you can switch to logs or packet capture—when you know exactly where to start looking

Get Your Tools and Devices Talking

The easiest way to have your devices work together is to collect and aggregate all of their respective information in one place.

If you’re at all familiar with Plixer, it’s obvious that we love flow data. Tons of network devices, including your routers, switches, and firewalls, are capable of exporting flows. This is lightweight data that’s packed with useful information.

(You may find our NetFlow, IPFIX & sFlow Configuration Guide helpful in setting up these exports.)

But on top of that, many platforms—like Gigamon, Ixia, Palo Alto, etc.—export unique metadata. The problem with flow data is that it only extends to layer 4 of your network. Metadata, on the other hand, can extend all the way to layer 7.

By using metadata, you maximize the value of your infrastructure. It’s trickier to find a way to collect metadata from multiple platforms all in one place, however.

Visualize & Automate

Now that everything is in one place, it becomes much easier to analyze and cross-reference. You also have just one place where you need to set up thresholds and automatic alarms.

For example, one IT Manager at a small healthcare system relies on automatic alarms while he focuses on other necessary tasks. Because he’s collecting different data from all over his network in one place, those alarms come with the rich context he needs to know exactly where and when to start investigating. This saves him precious time.

In one instance, another tool indicated a massive infection. But after a short investigation and cross-referencing, he discovered it was a false alarm. Sure enough, the developer of that tool confirmed the next day that it had been a false positive due to a product update.

Saving time otherwise wasted on things like fully investigating false positives is key to maintaining a secure small business network.

Putting It All Together for a Secure Small Business Network

Today, security infrastructure is often overwhelming. This is counterproductive. But that doesn’t mean you should get rid of all the useful tools and devices you’ve invested in.

We’ve designed a network traffic analytics system that easily fits into your network and works with your other tools with pre-built integrations or via API. You can quickly drill down on your traffic and then pivot within the UI to another tool for even more data on the event. Furthermore, it keeps on monitoring your network when you can’t, emailing you when it detects a possible event. This efficiency helps even teams of one maintain a secure small business network.

To try it out for yourself, you can download the free edition of our network traffic analytics system.

Related

insider threats

What are insider threats? Challenges, indicators, & more explained

Insider threats bypass traditional security systems, which focus on the network perimeter. This is because, as the term suggests, the attack originates from behind

::
network analytics

Network Analytics: What It Is, How It’s Used, and Who Benefits the Most

Simply put, network analytics is the practice of using different types of network data to identify trends and patterns. Then, that information is used

::
endpoint protection FI

Endpoint protection isn’t enough: you need network traffic analytics

The recent SANs 2018 Survey on Endpoint Protection and Response makes clear that point-security solutions are not enough to quell the ever-growing barrage of

::