Network traffic analysis for IR: Data collection and monitoring

Introduction

Data collection and analysis for use by network engineers, security professionals and incident response has only exploded over the years with the growth of cloud-based services, mobile devices and tablets, remote workforces, interconnected applications and global enterprises. In fact, research has found that 41 percent of organizations claim that they were collecting significantly more network data for security analysis than they knew how to process. The same research found 49 percent of organizations had trouble correlating security issues with network performance. At the same time, cyberattacks are becoming more and more complex, sophisticated and tailored.

However, despite all of these complexities, the fundamental role of data collection, processing and analysis in incident response and security monitoring is unchanged, playing a crucial role in identifying and dealing with network intrusion. Instead, organizations have begun to utilize additional categories or types of network data that could be collected. This allows security professionals to gain deeper insight into their network’s activity, measure its security and make sense of otherwise overwhelming levels of data in order to detect cyberattacks.

Role of data collection

While most of the data that passes through network devices is of no value to network engineers, let alone security professionals, there are key pieces that contain vital information that should be collected, processed, protected and analyzed. Proactively, security professionals can employ real-time monitoring, testing and analysis of network data to help to identify network vulnerabilities, measure performance, evaluate service levels and even initially detect anomalous activity. 

Despite the structured nature of individual network data, different security threats, attacks and intrusions can cause differences in the type, amount, source and destination of network traffic. Combined with endpoint or host performance data, threat intelligence, application data and information from security products, security analysts have ample data from which to predict (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/xUKhpZPJZN0/