Share, , Google Plus, Pinterest,


Posted in:

Network Security – A Process Perspective

Threat Analysis And Remedial Measures

Network Security

Network security is a big concern these days. Although one could classify the work behind network security as being an essential but non-value added effort, nevertheless it is mandatory. Network security can be classified, based on the area of origination, like liabilities, social engineering, proliferation and vulnerabilities. Liabilities constitute privacy concerns and identity theft. Social engineering constitutes phishing and secured area access by unauthorized entities. Proliferation and vulnerabilities constitute fraud email attachments, compromised websites, browser and software exploits.

The main challenge with network security is that the sophistication of threats increases over time and the fight between cyber-criminals and security vendors is almost a never ending one. Fraudsters either benefit by hacking into an individual or corporate monetary system or by gaining access to IPs and other documents of material or monetary importance. Different types of attacks include: attacks on corporate and personal data in the cloud, complex android malware, increased personal data danger from mobile apps and social networks, undermining hardware, infrastructure and software at the core, to name a few.

3 Levels

There are 3 levels at which network security is deployed in a company: Physical level, Policy level, and System level. Physical level security is about controlling  the entry-points where employees are checked for any data drives, unauthorized access to network areas, server rooms etc. System level security is about: providing timely updates on patches, having sufficient firewalls in place, having systems to detect threats, and having remote access security etc. The third level of security is the policy or procedural level intervention.

One of the concepts of process-streamlining could be found useful when one thinks of attacking the network security problem. The method calls for system wide approach to be coupled with a concept of runners, risers and strangers for different kinds of threats or frauds. Runners are those threats which are basic in nature and for which the system mostly has a fix already, especially those threats which have a history  in the system. Because of their feature of high volume and low complexity they can be attacked in a particular way. These kinds of threats are best for automatic elimination.

The second type of threats are repeaters. These could generally be classified as complex threats with a predictable frequency. Initially, these can be eliminated manually, but over time the analysts could come up with a generalized solution and try to automate the threat elimination process.

The third type of problem can be classified as strangers. These threats do not have a particular frequency of occurrence nor do they have a standard fix available. A lot of  manual effort needs to go into these fixes. Over the course of time, some of these also need to be automated and manual effort is only needed on complex and unpredictable threats.

A periodic exercise also needs to be conducted between network analysts and others responsible for network security to come up with a common understanding about the classification of the types of threats and the general approach to solutions. This can help in the standardization of approach for threat management and knowledge sharing. Rigor in analysis and deployment is very important for  successful threat management.

Machine Learning and Analytics

One other aspect of effective threat management is having an analytics solution like Simility. This type of solution combines a blend of manual learning and machine learning capabilities. The features include the ability to prevent unauthorized access, prevent stolen identity threat, protect websites and provide awareness on best practices etc. Fraud or threat alerts are analyzed using sophisticated data visualization features in order to visually identify patterns and relationships. Reputational indices are arrived at for IP’s and for names through the social network to gather more patterns and insights. Signals are deployed to fight the threat or fraud. Patterns developed over time are used for machine learning to evolve and scale. These features help customers match every move of the fraudsters and take action within minutes of an attack.

By the combination of analytics, machine learning and process interventions, a company could be positioned well to fight threats and frauds, respond quickly and learn over time to counter increasing levels of threats from the outside world.