While debate continues on the recent report of Chinese microchips on US servers, the key takeway is network visibility. Industry expert, Jake Williams recently tweeted this particular point: “Most of us obviously don’t have the capabilities to inspect our motherboards for rogue chips, but we do have the ability to monitor network traffic”.
It matters not if you had this product or this technology. In reality, the advanced attacker gets in through any means possible, and your organization’s security comes down to how fast you are able to detect , investigate, and respond.
The critical capabilities of Network Detection and Response (NDR) are necessary for a robust network security:
- Detection of known attacks mostly based on signatures, rules, or known IOCs (threat intel).
- Machine learning-powered unknown behaviors detection.
- Full packet capture to enable network forensics and full compromise investigation
With threats designed to evade traditional, perimeter-based network security tools (firewalls and IDS/IPS) and attackers leveraging encrypted protocols to go below the radar and the future increased adoption of TLSv1.3, network visibility and deep analysis are more critical than ever. Especially in the case of third-party products as part of your product supply chain infrastructure. Implications can be devastating.
When I say Network Detection and Response what do I mean?
- Full packet capture. Native ingestion of north/south & east/west network traffic across your virtualized, on-premises, and private/public cloud environments across standard and custom protocols.
- “Hybrid” visibility. Especially in a cloud-operated world where the network is (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Maor Franco. Read the original post at: http://www.rsa.com/en-us/blog/2018-10/protect-your-network.html