Cyber Defense

Don’t Let Cyberattacks Wreak Havoc on Your Network

Organizations across the globe, whether government, public or private, are often challenged by the increasing pace, complexity and sophistication of security attacks. Recently, the WannaCry ransomware attack and Equifax data breach proved that many networks remain susceptible and are unprepared for the devastating effects of a massive security breach.

However, your company’s network is not helpless against such network vulnerabilities. In fact, cyber defense can be improved by understanding what systems and networks are critical to the business’ complete infrastructure visibility (i.e., network, endpoints, events and secure configuration of the network infrastructure).

To help frame the problem, both NIST and SANS endorse the Cyber Defense Workflow, which includes key steps to ensure your company is prepared for a security attack: 1) Identify and protect, 2) Detect and respond, and 3) Recover.

Step 1: Identify Vulnerabilities

The first step to protecting your network from attacks is to identify vulnerabilities before they can be exploited.  Thus, network engineers must document existing network infrastructure, including inventory and network maps, ensuring they’re able to pinpoint any issues that may arise. An engineer’s limited understanding of application requirements and traffic flows could be the downfall of a team’s ability to protect its network. A lack of understanding of existing design (e.g., security, routing, layer-2, etc.) will put teams a step behind a hacker during an attack.

Unfortunately, most teams live without accurate diagrams because it can take months to document a large network and, once the project is complete, the maps are already out of date. NetBrain creates network diagrams automatically and keeps them up-to-date.

Step 2: Detect and Respond to Threats

Network security is a cat and mouse game and it’s virtually impossible to prevent every attack. When your network does fall victim, it’s important that network and security teams are able to identify and a respond in a timely manner. It is very challenging to detect, analyze, isolate and remediate a security event. While network and security teams don’t typically collaborate effectively, when a network is under attack, collaboration is instrumental in stopping the threat at hand. In our recent survey, 72 percent of network engineers and managers cited lack of collaboration as the number one challenge when troubleshooting security issues.

It is difficult to understand the live performance of the network (e.g., traffic flows, bandwidth utilization, interface errors, etc.). Teams need to ensure that all ingress and egress points from internal networks to external networks are continuously monitored. With NetBrain, engineers can apply automation to every phase of troubleshooting – from ticket creation to data collection, and for sharing knowledge of best practices.

NetBrain can also provide meaningful insights around a security attack through API-triggered diagnosis. By integrating with security information and event management (SIEM) or intrusion detection system (IDS), these systems can trigger NetBrain to dynamically map the attack path and assess its impact in real-time. By collecting this data within NetBrain’s Executable Runbooks, teams gain historical data that can be visualized to support downstream forensic analysis as guide lessons learned.

Step 3: Recovery

Once a security attack has been mitigated, it’s imperative that network teams update existing playbooks, incident response plans and network infrastructure immediately. For instance, this can include best practices that hardens the network by verifying and validating that the network is configured per industry standard compliance (e.g., NIST, PCI, HIPAA) as well as any internal security requirements.

Regarding cyber defense and incident response plans, it is best practice to use playbooks and rehearse on a regular basis. With NetBrain, content within those playbooks can be easily digitized, kept up to date, and shared across teams through Executable Runbooks helping to mitigate ever-changing security threats.

Combat Security Threats With Automation

Whether your team is prepared for a cyberattack or not, NetBrain’s dynamic mapping, visual troubleshooting, and automation technologies can help your network and security teams uncover and diagnose many vulnerabilities. Collaboration between network and security teams prior to an attack, documenting your infrastructure, and ensuring your teams have a set plan in place will help your network become less susceptible to security threats.