Monitoring Your Network: Is Firewall Best?

I’m always monitoring multiple newsfeeds for the latest Security news (this is why I set up my top30 Security News Analyzed page).

 

In my review I found the following 2 links which are tied into a recurring theme us security people attempt to work through.

 

CIO’s real security headache

http://www.techrepublic.com/article/the-cios-real-security-headache/

Six technical measures to mitigate the insider threat

http://darkmatters.norsecorp.com/2015/07/09/six-technical-measures-to-mitigate-the-insider-threat/

Knowing what is going on in our network is important, and Techrepublic says that the current solutions are too expensive

 

i.e. here is the sentence that says it all to me:

I need all of them if I want to be secure and compliant and they are all expensive.

And in the 2nd link the way to keep an eye on insiders is to… yes you guessed it,  check logs in a SIEM (Security Information Event Management), monitor encrypted activity. The same piece of equipment that the “Anonymous CIO” in the Techrepublic says is too expensive.

 

Sure the equipment we all dread to have the ‘NGFW’ Next Generation FireWall  http://oversitesentry.com/what-makes-a-nextgenerationfirewallngfw-why-use-it/

IT governance requires some log analysis, some detection capability for PCI compliance and ISO27001 for example.

ngfw_large-sonicwall

Ok, let’s do this another way – what if it is not on the firewall, as the IDS(intrusion Detection System) or IPS(Intrusion protection System) does not have to be on the firewall.  Since a logging and detection of network events is needed, on the whole network, what could be done is a tap is placed in an advantageous place in the network. Or the IDS/IPS is done at the switch level with Cisco or other switches connecting to logging systems.

 

networktap

Image from info.ontrouve.com

The slave sensors (or taps) are placed in a place where all traffic will go to the Internet, and then maybe you can monitor traffic from there. But monitor means leave it alone, you are always playing catch-up.  That is the NGFW need – going from just monitor to prevent bad malware and attacks from going into our networks.

 

Yes these devices are expensive, and they have limitations (as the Anonymous CIO mentioned) but there is nothing else to be done.

We have to increase network surveillance, increase our capabilities. Which means it costs more. Sure in a perfect world everything would work better, but this is a start and the systems are getting better.

 

Contact us to discuss this more

 

Advertisements