Current Security Monitoring Approach Leaves Organizations Vulnerable
To assure security, IT operations over many years have optimized the real-time analysis of network traffic and device information as the most economical approach to address infrastructure availability and performance. Collecting statistical information such as NetFlow, events, or aggregated data allows for use of less storage and analysis for event detection, alarming, and performance analysis, and planning for network, application, and security operations.
As cost-effective as this approach might seem, it is insufficient when it comes to detecting security vulnerabilities and validating mitigation attempts:
- Detect – When traffic spikes, capturing and indexing may not be able to keep up. Monitoring solutions such as Intrusion Detection Systems (IDS) can miss 10% of all IDS events with only 3% packet loss1. Knowing that many intrusions are often masked by Denial of Service attacks, this is particularly troublesome.
- Resolve – For threat analysis of security events, statistics and logs can provide proof that an event happened, or an intrusion took place, but often by themselves are insufficient to determine the exact circumstances to mitigate the situation. Pre- and post-event information is essential to determine how an intruder was able to get into the network and what information was compromised.
- Validate – After implementing the mitigation or fix, it is essential to validate whether the issue has been resolved. Given the complexity of today’s networks, simulations are often difficult to generate, but without the original packet data pre- and post-event, a validation of the fix is difficult at best.
These issues have tangible impact on the organization. IBM-Security stated in their “2019 Cost of a Data Breach Report” that a data breach to the average US company results in over 25,000 data records stolen, costing the company as much as $8.2M per data breach.
Axellio developed PacketXpress™ to provide detailed packet data for any event and buffer the monitoring and analysis infrastructure from traffic spikes, which extends the useful life of the diverse security, network, and application operations infrastructure while reducing operation costs.
To learn more about PacketXpress, download the datasheet.
- É. Leblond/P. Manev, Stamus Networks, Nov 2019