As long as organisations rely on purely preventive technologies instead of real-time monitoring techniques, they will continue to succumb to advanced threats that target their data, networks and people.
This is according to Richard Stiennon, chief research analyst from IT Harvest. In a whitepaper Steinnon says that most successful attacks that lead to data loss come from inside an organisation.
“The attacker may well be a state sponsored spy, a cyber criminal, or a motivated malicious insider. Each of these is either granted access to critical information or has obtained it by abusing weaknesses in the preventative security measures.”
These security concerns have spurred a demand from local enterprises to deploy alternative security solutions in the form of network monitoring technology.
Security vendor NetWitness signed a channel partnership deal with local network security specialist, Targaid Trusted Systems to distribute networking monitoring solution NetWitness NextGen in SA.
According to Billy Dick, Targaid MD, the company will be the sole reseller for NetWitness NextGen in SA.
Dick says that the South African market is ready for this solution, which is primarily suited for large enterprises, governments and the financial sector.
Chris Brown, NetWitness director of Europe, Middle East and Africa (EMEA) operations, indicates that this is NetWitness' first venture into Southern Africa.
According to Brown, the solution records everything across a network, indexes the information, extracts meta data and reconstructs it again.
He says that it can monitor everything a user does on a PC from the documents accessed and edited, e-mails, Internet activity, social networks, instant messaging and can record voice over Internet protocol (VOIP) calls.
Next-gen security
NetWitness NextGen is a single core security platform that has three core components, namely the decoder, concentrator and broker. The technology works by monitoring the entire network traffic at every layer in real-time, and provides a full-session analysis of the meta data.
Brown adds that the appliance can also detect if a user has clicked on a malicious URL in a phishing scam e-mail. In addition, NetWitness NexGen will send out an alert if a browser is outdated, it can monitor where most of the network traffic is going and provides a solution around data loss prevention.
“For the past 10 years, signature-based antivirus solutions and firewalls have failed,” says Brown. “Even heavily secured networks are still seeing the effects of the Confickr virus. There's no single deployment in an organisation that we haven't uncovered a risk such as misconfigured firewalls, routing and malware attacks.
“The future of security lies in recording everything and looking for attack vectors. This solution can pick up botnets and Trojans quickly and can provide forensic examinations of network traffic and audit trails.”
Inside attacks
The key to addressing these inside threats, says Steinnon, “Is effective network monitoring, but that is a daunting task as thousands of individuals, tens of thousands of programs, and millions of customers access a network every day.”
According to Steinnon, advanced threats are being successful in spite of big investments made by enterprises in layered security defences.
Steinnon pointed to an incident where Google suspected China of hacking into its systems using social networks to induce employees to click on malicious links.
Last month, international insurance group, Zurich Insurance was fined £2.3 million fine for losing the personal details of 46 000 clients from SA and Botswana. Commvault urged companies to design a pre-planned way around data recovery, instead of routinely incurring enormous expenses for e-discovery that does not fix the underlying problem.
Share