Analecta Cyber Company Blog: Using Network Monitoring to Identify Potential Security Threats

2018-04-24

Using Network Monitoring to Identify Potential Security Threats

Analecta LLC banner graphic - Using Network Monitoring to Identify Potential Security Threats

Monitoring your network and analyzing critical data sources provides early identification of in-progress attacks and reduces threat damage


Many small and medium-sized businesses (SMBs) operate with only one metric regarding their network: “Is it working?” This falls woefully short of the idea that the organization should know it’s network inside and out. What traffic is typical? What volume is typical? What hosts are most or least active? These are important details that should be recorded to understand the “baseline” of network activity.

Responsible network monitoring


Using your network traffic and performance baseline, network monitoring can serve as the first level of security to your digital assets by identifying spikes in traffic levels. It can also alert you when an unfamiliar device connects to your network and notify your IT personnel to take action - helping you secure business-critical data. Network monitoring includes both external and internal monitoring:
  • External monitoring focuses on identifying attempted threats to your perimeter or boundary protections originating from outside your network.
  • Internal monitoring observes in-house events, whether they stay within the network entirely or traverse the network and eventually leave.
Your organization can monitor its network by observing network activities in real time or by observing collected data such as access patterns, characteristics of access and other actions performed or events occurring on the network.

Hackers are targeting SMBs more often because they believe that these companies will be less likely to notice network attacks, let alone be equipped to handle them.

Network monitoring software


At a minimum, your network monitor should analyze all system traffic to identify the volume being generated as well as the traffic origins and destinations. With this information, company IT security professionals will be able to identify unexpected changes to network patterns or anomalies that may indicate a potential network intrusion.

Network monitors are typically placed in strategic locations such as on the perimeter of the network and near server farms supporting critical applications. This serves the same purpose as placing security cameras at entry/exit points to your business and at important “high value” areas. Many high-end, business network devices have built-in capabilities for monitoring traffic. Router operating systems typically include a method of recording the metadata that passes through the device, providing a low-cost option for gathering information on the flow of traffic.

Adding value through integration


Firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) also use anomaly detection and signatures to identify suspicious activity. Combining information and reports from all these systems along with network monitoring adds significant value to protecting your network. On their own, each of these alerts tell a piece of the security story, but configured together into dashboard tools like ELK, they become meaningful and give a more complete view of a potential situation.

Analecta Cyber help me protect my network?


Monitoring your network is about more than just knowing if it is up or down. Continuous monitoring of network traffic serves as the first level of network security. Off the shelf network monitoring software comes in a variety of price points and configurations. What works for one organization may not be the best choice for another organization. If you are looking for expert advice on how to implement monitoring across your company’s network, contact us.

Analecta Cyber brings decades of expertise implementing secure information systems based on the NIST Cybersecurity Framework guidelines. Reach out to us to learn about a robust, more complete cybersecurity program for your company.

Using a holistic approach and industry-standards, our 96-point Analecta Cyber Risk Assessment enables small-to-medium sized businesses to minimize or even eliminate the risk of data breaches that can cause customer loss, reputational damage and severe bottom-line impact. Our assessment identifies the most important next steps in your firm’s cyber security program to maximize protection. Email us at info@analecta-llc.com or visit the Cyber Security page on our website. We are here to help!

Further Resources