Time is of the Essence When Faced with an Active Network Attack
A Partner at a major law firm walks into the office of the company’s CIO. “How are we set up to prevent a data breach?” he asks. The CIO explains the various systems and practices that have been put in place over the past year against a backdrop of so many news articles covering the latest organization that has been breached. “So, can we tell if there is an attacker inside our network?” Almost immediately the confident look of the CIO vanishes. “Well, no” the CIO slowly admits. “That’s not currently possible.”
These sorts of conversations are occurring with greater frequency at law firms around the world. The ashen look of the CIO and fallen confidence are not at all unusual, and the answer he gives is just plain wrong. It is indeed possible to find an active attacker on a network. You just have to know how to look. The impossibility is to ensure that an intrusion won’t occur—it simply is not possible to keep a motivated attacker out of your network. The challenge quickly shifts to network attack detection—finding the intruder before theft or damage can occur.
How can you find an active attack? It isn’t with traditional means. To find an active attacker requires behavioral profiling of all users and devices on the network. Knowing what is good and usual for your network can help you find an intruder or malicious insider quickly.
Do you have an active attacker on your network? Do you have the means to know with any certainty? What are you planning to do to protect your firm’s reputation and the wealth of confidential information that resides on your network?