Remote - Summer 2013 - (Page 17)

Feature Article pensive probes can be deployed, which provide the necessary insight. By collecting metrics in every corner of the network, MSSPs claim to increase situational awareness that empowers them to make faster, more informed decisions. Some MSSPs are deploying a distributed NetFlow collection solution that can be compared to tapping sugar maples in early spring. By running the sap back to a sugar house and boiling down huge volumes of sap to a manageable size they can utilize the reduction to enhance their visibility into the collective security landscape. The leaders in MSSP claim that by using flow technologies and implementing best practices they can improve NetFlow Dashboard security posture for customers. By leveraging NetFlow for threat detection, the benefits often include: • Faster detection times: Mean Time To Awareness (MTTA) • Improved response times - improving internal support • Quicker Mean Time To Mitigation (MTTM) NetFlow in Forensic Investigations All companies are under attack every day. Just as a retail store can’t stop all shop lifters, neither can the best IT security teams stop all forms of malware from getting into a company. When an exfiltration does occur, flow analysis is often either directly involved with the detection or certainly a significant part of the investigation and reconnaissance effort. NetFlow Analysis after the infection is also an important function per- formed by MSSPs. Because most NetFlow collection systems archive data, they prove extremely useful during forensic investigations to answer tough questions such as: • What was the machine’s behavior leading up to the problem? • Who else did they communicate with? • Are there other machines on the network exhibiting the same behavior? Summary Although deep packet inspection continues to be a primary APT detection method, flow technology is without a doubt an ideal additional layer of protection. Packet capture provides greater detail. However, it often can’t be done on every Internet connection in every remote office. Flow Analysis allows security teams to cover and record all traffic, to every location, at each customer network -- and at all times, similar to the security cameras deployed in a financial institution. If the traffic entered the company then it was almost always captured and recorded with NetFlow or IPFIX. Although NetFlow and IPFIX add a great additional layer of protection, MSSPs understand that one of the best proactive counter threat measures is education. This is why some MSSPs make great efforts to educate the customer’s employees on such topics as: • Best practices for bringing files in and out of the IT infrastructure. • Definition of spear phishing • Best Practices for social networking sites. Although MSSPs can be an attractive alternative to hiring a security expert, when considering vendors, make sure you ask about the mechanisms they use to detect and investigate threats. Make sure they explain how they work with a customer to mitigate a confirmed intrusion, and the processes they go through to determine if the problem has spread. Your MSSP should be able to provide detailed answers and stories from the field. For more information visit www.plixer.com. Remote Site & Equipment Management \ Summer 2013 17 http://www.plixer.com http://www.ZigBeeResourceGuide.com http://www.ZigBeeResourceGuide.com http://www.ZigBeeResourceGuide.com

Table of Contents for the Digital Edition of Remote - Summer 2013

Editor's Choice
Grid Modernization and Cyber Security Trends
Navigating the Big Data Jungle - How Utilities Can Rise To the Challenge with Analytics
Remote Monitoring: Is it a Global Trend?
Critical Infrastructure, Crital Need
Solutions for Transformer Monitoring
Securing Remote Networks Against Cyber Security – NetFlow to the Rescue
ZigBee Resource Guide
SCADA
Networking
Remote Conference Update
Security
Onsite Power
Industry News
Application Feature

Remote - Summer 2013

https://www.nxtbook.com/nxtbooks/webcom/remote_2016winter
https://www.nxtbook.com/nxtbooks/webcom/remote_2016fall
https://www.nxtbook.com/nxtbooks/webcom/remote_2016
https://www.nxtbook.com/nxtbooks/webcom/remote_2016spring
https://www.nxtbook.com/nxtbooks/webcom/remote_2015fall
https://www.nxtbook.com/nxtbooks/webcom/remote_2015m2m
https://www.nxtbook.com/nxtbooks/webcom/remote_2015spring
https://www.nxtbook.com/nxtbooks/webcom/remote_industrialnetworking2014
https://www.nxtbook.com/nxtbooks/webcom/remote_2014fall
https://www.nxtbook.com/nxtbooks/webcom/remote_2014m2m
https://www.nxtbook.com/nxtbooks/webcom/remote_2014spring
https://www.nxtbook.com/nxtbooks/webcom/remote_2013winter
https://www.nxtbook.com/nxtbooks/webcom/remote_2013m2m
https://www.nxtbook.com/nxtbooks/webcom/remote_2013fall
https://www.nxtbook.com/nxtbooks/webcom/remote_2013summer
https://www.nxtbook.com/nxtbooks/webcom/remote_2013spring
https://www.nxtbook.com/nxtbooks/webcom/remote_2012winter
https://www.nxtbook.com/nxtbooks/webcom/remote_2012m2m
https://www.nxtbook.com/nxtbooks/webcom/remote_2012fall
https://www.nxtbook.com/nxtbooks/webcom/remote_2012summer
https://www.nxtbook.com/nxtbooks/webcom/remote_2012scada
https://www.nxtbook.com/nxtbooks/webcom/remote_2012spring
https://www.nxtbook.com/nxtbooks/webcom/remote_201112
https://www.nxtbook.com/nxtbooks/webcom/remote_201110
https://www.nxtbook.com/nxtbooks/webcom/remote_201108
https://www.nxtbookmedia.com