Enhancing security with the right network architectureDate: Mar 10, 2014
Signature-based detection is a key feature of most network architectures today. For a variety of reasons, though, their effectiveness in detecting and controlling advanced threats is fading. Security teams need to rethink their network architectures now so that they can effectively combat a rising number and variety of sophisticated malware threats. In this presentation, expert Dave Shackleford, principal consultant for Voodoo Security, examines a variety of topics with an eye to enhancing security in the enterprise network with new approaches and techniques.
First, Shackleford takes an in-depth look at how segmentation can be used to isolate traffic into "zones" so as to improve the detection of malware. The latest malware attacks rely on lateral movement within networks; it's essential to use strategic access controls to enable zoning and network isolation. In addition, log and event monitoring can speed up detection of lateral movements that might be system threats.
He then addresses behavior monitoring, which can be done through a variety of methods, including flow data analysis, full packet capture platforms, next-generation firewall systems (the type that examine both protocol behavior and application use) and network malware detection, including both DNS and C2 analysis. Behavioral monitoring can pinpoint attack attempts or breaches in highly specific ways, including time of day, traffic type, attack patterns and more. The behavioral approach detects such patterns as DNS lookups, NPT data and ICMP types and generally makes response times faster and more effective.
Data exfiltration detection is another essential component to improving network monitoring and enhancing security. Shackleford identifies, among other subjects, where best to perform exfiltration monitoring and control. For instance, by intercepting user traffic that is bound for the Internet before it hits a proxy lets network security pros see what data is being sent to the Internet. As Shackleford explains, DLP platforms can do network exfiltration monitoring on a variety of variables, including data types and keywords.
In an ideal world, the goal is attack prevention. In a threat-laden world, attack detection is a must. This means information security pros must act now, to review and rethink their security design and make sure they have the right network security architecture in place. Only then can they hope to rapidly identify and thwart malicious behavior.