Network monitoring and anomaly detection: A company’s best bet for reliable defense

July 1, 2015 Arctic Wolf Networks

Hardly a day goes by anymore without some mention of cybersecurity, either a new data breach happened, a virus has popped up or a scam to steal money has come to light. However, the conversation surrounding cybersecurity has shifted recently, with experts continually discussing a new breed of malicious software they've dubbed advanced malware.

While there isn't a single definition for this type of cyberthreat, it has become known as a strain of malware that carries modern, sophisticated capabilities that separate it from the other millions of ordinary malware samples being created on a daily basis. According to TechTarget contributor Peter Sullivan, these capabilities include being able to evade detection for long periods of time, targeting specific people or groups by exploiting zero-day flaws and attacking a number of vulnerabilities at once by combining multiple techniques.

One of the things that makes this new type of malware advanced is that many enterprises have a difficult time defending their critical IT assets from it. This lack of protection is due in part to organizations failing to realize that security is not limited to network perimeters, but must extend beyond them. Those that try to implement a broader defense solution often find themselves lacking the funds or knowledgeable personnel to create an effective strategy. However, even if a company does put a larger scale security solution in place, advanced malware can still find its way inside as the sophisticated evasion techniques the software employs are incredibly difficult to detect and remove.

"In several of the recent large retail network attacks in the United States, the network owners never discovered the intrusions, but rather were informed by third parties, including law enforcement and — in one case — a security blogger," wrote Sullivan. "Unfortunately, by the time a third party notices that tens of thousands of credit cards from a given retailer are being sold on the underground market, the opportunity to quickly detect and stop the intrusion has been lost."

Fighting back against sophisticated cyberattacks
So what can be done to prevent this type of malware from making its way onto sensitive enterprise networks? As mentioned above, widening defense perimeters is the first step. But once that has been done, a better way of detecting intrusions and suspicious user behavior must be added to stop advanced malware in its tracks. By detecting anomalies in the network, IT administrators can identify when an intruder is inside their networks much more quickly than through traditional defense methods.

Detection and response managed services like FireBreak from ArcticWolf provide businesses with detection and response when prevention fails. Adding a network anomaly detection service like FireBreak provides organizations with the most robust defense solution possible to ensure that they are one step ahead of the cybercriminals.

"In other words, it becomes possible for an organization to determine whether a user's account is transmitting a large amount of email directed by a botnet, or large amounts of intellectual property data are attempting to exit the network; when compared against the activity baseline profile, data transmissions like these will look anomalous," explained Sullivan.

Cybersecurity news and analysis brought to you by ArcticWolf, inventors of FireBreak detection and response security services. FireBreak, when your firewall fails.

Previous Article
Trump hotels hacked in apparent data breach

After both NBC and Macy's department stores cut ties with Donald Trump for making derogatory comments about...

Next Article
Hersheypark investigating data breach

One of America's top candy makers is investigating a big data security breach at its theme park in Hershey,...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!