De-mystifying Security Series: Threat Detection
Threat detection and mitigation is a two-part process. As the name implies, threat detection deals with an organization’s attempts to identify security breaches that have already taken place, or which are currently in progress.
Mitigation outlines the organization’s response to an identified breach. More specifically: the remedial steps taken to close the breach, to minimize negative effects, and to prevent a similar security incident in future.
Detection and mitigation are conducted in parallel to reduce the time-to-fix and the window of opportunity exploited by criminals following a breach. This is particularly important in the age of the advanced persistent threat (APT) which may operate for many months without detection if a comprehensive program of checks is not in place.
End-to-End detection and mitigation
End-to-End detection and mitigation describes the data journey as a whole. From the client application, to the backend server infrastructure and back again, there are dozens of potential attack surfaces to be exploited.
End-to-End detection and mitigation is designed to monitor and protect data at every point of its journey across the corporate network and beyond. This includes requests across the internal network, VPN connections, or when serving/sharing data to end users and clients outside the network perimeter.
Endpoint detection and mitigation
The first point of most cyber attacks is the end user and their device. Any system connected to a network – PC, server, printer, IoT sensor etc. – has the potential to become a launch point for a cyber attack. Endpoint security provisions are focused on these devices and how to better secure them against breaches.
From basic antivirus applications, to local firewalls, to network asset monitoring, endpoint detection and mitigation uses multiple disciplines and technologies to prevent cyber attackers from establishing a foothold inside the corporate network.
Network detection and mitigation
Although designed to secure traffic within the network, switches, hubs, routers and WiFi access points all present opportunities for well-resourced hackers. Network detection and mitigation principles help to reduce these risks, and to establish a protocol for recovery in the event of a breach.
Network detection techniques vary, but will include stateful packet analysis, system hardening, and network configurations to detect and block potentially harmful traffic and to prevent unauthorized users from gaining access.
Perimeterless detection and mitigation
As uptake of third-party computing resources like cloud accelerates, businesses are being forced to radically transform the way that data is secured. Rather than create a traditional hard shell around the corporate network, the industry is moving towards ‘perimiterless security’. Rather than build external VPN connections, end-user identities are verified directly, usually using two-factor authentication.
Perimeterless detection and mitigation is concerned with protecting these perimeterless endpoints and the mechanisms used to verify user identity. Often this will involve automated log analysis to detect unauthorized or suspicious access attempts, and whether any breach has occurred. The mitigation protocol will then be invoked to begin remedial work and prevent future attacks.
How Navisite can assist
Navisite utilizes best of breed solutions in complementary configurations throughout our hosted platforms to ensure a comprehensive approach to securing workloads. From Cisco (ASA firewalls) and Alert Logic (SIEMless Professional Services) at the network level to Cylance on the endpoints, to Duo and Okta for managing identities. Navisite can design a solution for you using a combination of our hardened platforms and additional security controls to ensure that your data can be protected in a manner that meets both business and budgetary requirements.