While locking the doors and windows of your home helps prevent thieves from entering, there is a good chance they will bypass these deterrents if they are motivated and equipped. The same is true when it comes to protecting your business from security threats. Cyber criminals are getting more determined and adept at finding vulnerable entry points. So, while it’s important to put up barriers to prevent them from accessing your environment, it’s prudent to assume breaches will happen.
To be prepared, you need a robust monitoring system to quickly detect and respond to threats. The sooner you can find a problem, the easier it can be to take action and lessen the impact.
Multi-level monitoring for a holistic view
Detecting security issues starts with having a holistic view of the environment. This requires monitoring every critical asset that supports your business, whether it resides on your internal network or exists as part of an externally hosted environment:
- Monitor firewall logs, server logs, devices, and applications to know who is accessing what data.
- Examine inbound email to spot spam or phishing attempts and outbound email to detect when sensitive data leaves the company, such as credit card information.
- Monitor the network, your greatest vantage point for identifying threats.
- Keep informed of current threats, especially those targeted at your specific industry.
- Integrate visibility across various data sources to create and maintain a big-picture view of threat activity.
Correlating data for actionable alerts
The vast data you collect and integrate could yield hundreds of millions of security events a day. Left in raw form, it can be meaningless. A threat management system can automate monitoring, detection, and response by:
- Correlating detected events across data sources
- Distilling events down to meaningful, actionable information and alerts
- Sending alerts to your security team with recommended actions
For example, if one alert flags a DNS change, while another alert flags data being exfiltrated to that IP address, a threat management system can combine those two critical pieces of information and recommend a response: lock this IP address.
Intervention shouldn’t stop there. The threat intelligence gleaned from that experience needs to feed your prevention and detection tools to guard against further damage from these known threats.
Stepping up cyber security
As a first step to stronger threat management, make an assessment of what you monitor today and identify any gaps. If you’re overwhelmed with what’s ahead, consider using a security solution provider to help.
One of the advantages of working with a network provider for threat management is that they have broad visibility into network and threat activity across thousands of customers a day. For example, at AT&T, we monitor six petabytes of network traffic a day and can apply what we learn from one customer to all of our customers.
To gain a deeper understanding of threat management, attend the Cyber Security Conference in New York, NY on September 3-4, 2014. Hosted by AT&T, the event will feature many security experts and vendors from across the threat management industry. Join your peers who are responsible for security in their organizations while you learn about ways to combat cyber threats, including the AT&T Security Event & Threat Management Service.
While you’re there, be sure to stop by the AT&T Experience at the Technology Showcase to test your knowledge with our Security IQ Test. Take the challenge and win a pair of geek glasses!