Network-Based Threat Protection Failure: Where Does the Issue Lie?

By Craig Treubig ·

There have been a number of high-profile, successful attacks in the news, raising questions around the effectiveness of the network-based threat detection technologies companies have in place and the incident response teams that monitor them. But it’s difficult to point to one element or the other as the cause of a breakdown in a company’s defenses.

There are a number of elements that go into achieving security success. You’ve got to implement the right technology for your specific environment, but you’ve also got to create and enforce policies and processes to support your technology and your objectives, and involve the right people with the right skill sets. Each network-based security product has its strengths and weaknesses, but one might be better for your unique needs than another.

When determining the right network-based threat protection product for your environment, there are many questions to answer. Here are a few:

What is your organization’s level of expertise in-house to support the particular technology?

While many of the technologies can be automated, nothing is “set and ignore.” Every technology takes some type of care and feeding from staff, whether that is handled internally or through an external managed service provider.

What type of data is your organization protecting?

Taking inventory of the sensitive data that can be extracted by an attacker helps determine the best solution for your needs. Examples of sensitive data include:
•  Credit card numbers
•  CVV or card verification values
•  PINs
•  Names and addresses
•  Social Security numbers
•  Other information of value

What are the actual assets that need protection?

Once you have identified the type of data that needs to be protected, you can then determine the actual assets you need to focus on that contains this data. Examples of these assets include:
•  POS devices
•  Wireless infrastructure
•  Critical servers
•  Critical endpoints
•  Network devices

Who has access to these network elements?

It is important to identify users and limit access to only what is needed. This helps protect your network from both malicious and non-malicious users.

While it’s necessary to have the right technology for your environment, and have it appropriately integrated, the technology is only as good as the policies and processes you put in place to monitor and respond to findings. In other words – after selecting the right technology it’s equally important to focus on all three elements, and get the right people, policy and process in place. This could mean investing in the right level of technology and resources for an internal staff or leveraging third-party consultants and a managed service provider. Either way, as it is with most complex issues – it’s important to keep in mind that when it comes to circumventing an attack, there is no silver bullet.