How Network Monitoring Tools to Help Mitigate Security Threats
A few months ago it was clear Frank (Ohlhorst) and I shared great enthusiasm for the network monitoring transformation underway in 2020. The remote/flex model had shifted the need for visibility outwards into more complex meshes of consumer gear, service providers and cloud apps beyond the reach of traditional network monitoring tools and their switch and router status pings. I was thinking network performance equals employee performance. Frank, however, had plenty to add in terms of security.
As I said, the user experience was now of primary importance for root cause analysis and remote/flex employee productivity. But Frank raised the legitimate question of, “What about security?”
So many things happening beyond the firewall could cross the perimeter in the guise of “normal” or trusted traffic until it was too late. Honestly, my ear was sweating and my wife asked as we ended the call: “Who was that you talked to for hours?”
That conversation, not in vain, led to his recent NetBeez review in eWeek, which preceded this insightful article in Security Boulevard explaining the important security role active monitoring of network traffic can play in augmenting existing perimeters protecting networks and applications.
“… zero-day attacks and vulnerabilities may initially go undetected, leaving IT managers unaware of the dangers and/or unable to take action in time to prevent a major breach.”
– Frank Ohlhorst -Security Boulevard
During the review process Frank got to spend some time talking to Stefano, reflecting on his own roots as a network engineer before launching NetBeez:
“When dealing with previously unseen attacks, it is important to gather as much intelligence as possible; that may mean going beyond your security tools,” said Stefano Gridelli, co-founder and CEO, NetBeez.net. “Network monitoring and reporting tools can provide additional insights, especially when it comes to lateral movement and attacks on infrastructure devices,” Gridelli said.
Network monitoring offers a larger and more complementary view of the traffic and devices on the network, including flows and loads that could signal a breach undetected by more firewalls. Active monitoring can serve as an early warning of a DDoS attack or reveal Rogue Access Points to security teams.
Active network monitoring can also help to enforce security policies, as Stefano indicated:
“Today, networks are highly segmented, yet still interconnected; there are numerous devices, such as content filtering appliances, load balancers and so on, that all work together to shape and control network traffic,” Gridelli said. “Here, active network monitoring can verify whether or not security policies are properly in effect, and detect unauthorized changes to the network infrastructure.”
If you missed the article you can read it here.
Thank you Frank!