Before assuming my role as CIO of eTag Technologies, I worked for many years as a network consultant with small to mid-sized businesses. One commonality I observed is that many of them lacked a team or an individual whose main job was to analyze and monitor network traffic. It is easy to understand why these companies would have a challenge investing in a position such as this, but when confidential client information or their intellectual property is stolen, no amount of money will be able to repair the damage.
Business related cyber-crimes are on the rise so, small to mid-sized businesses should strongly consider investing in protecting their infrastructure. If no one in your organization is responsible for handling network intrusions, there’s a good chance you’ll suffer a breach in the near future (assuming you haven’t already).
But can we truly prevent intrusions? The short answer: No. If someone wants to get in, they will. Most break-ins are not through a direct assault on your firewall. Most breaches occur easily. All someone in your organization needs to do is accidentally open a “phishing” e-mail. Once the unsuspecting user clicks on the link in the email, undetectable malware launches that compromises the computer and steals the username and password without even the user knowing it. The intruder will now dig and search for valuable information. If the computer is connected to a domain, most likely the intruder will try to use those same credentials to compromise files and servers.
You are probably asking yourself: “Why am I spending all this money on hardware and software if the intruder can still gain access?” Don’t forget that by having preventive assets in place, you make it harder for the intruder to comprise your systems. Instead of seconds, it may take the intruder days, weeks or even months to gain access to internal resources. So, where does a network security analyst comes into play? Consider them the last line of defense. Prevention eventually fails. Breaches are inevitable. You need someone to constantly Plan-Resist-Detect-Respond.
Timing is the key factor for your security team or analysis, as intruders rarely execute their entire mission within minutes. There usually is a window of opportunity from the initial unauthorized access to detect, respond to, and contain intruders before they can finish the job. They might gain access, but you can eliminate them before they get the data they want. Intruders can and will compromise your systems but, your business can win if you have the network security assets in place that can detect and respond to intrusions.
Now more than ever small to mid-sized businesses need to plan on protecting their confidential client information and intellectual property. Hackers have declared an all-out war on every machine connected to the web; don’t make it easy for them. Software and hardware prevention mechanisms can help, but a network security analyst can frustrate, resist and even fend-off intruders before they wreak havoc on your business.
I would like to thank Kevin Mandia, CEO of Mandiant, for inspiring and helping me understand the value of network security monitoring in all types of business.
By: Alex Martinez, CIO & Co-Founder eTag Technologies