Problem to Solve — How can you add additional cybersecurity analysis functionality to protect your environment and your company’s intellectual capital … with some of your existing APM/NPM tools?
Let’s face it …. CyberSecurity is an all-out war, and it will not be over any time soon. Just check the news to read about the daily breach, data loss, credit card or security number compromise, hack, malware, attack vector, etc, etc, etc. It is enough to make you want to pack it in, build a bunker and move to the wilderness.
The harsh reality in todays IT Security world is that you will never be “safe enough”. The best you can do is to minimize the various technology risks in your environment, put policies and controls in place and hope and pray your company’s “stuff” is protected.
Most larger company’s security teams have a charter to protect the company jewels. These teams work very diligently to design, implement and operate security solutions with the main goal of protecting their company’s intellectual property and customer data. A daunting task to say the least.
Security Tools and solutions are very effective, in doing their particular role in life. A common strategy is to include some combination of solution functionality Intrusion Detection, Intrusion Prevention, Malware, AntiVirus, Data Loss Prevention, Traffic Anomalies, APT / Threat Detection, SYSLOG, Honey Pots, Firewalls, DMZ’s, etc, etc, etc. You get the idea here….
More Areas of Visibility ??
While these security solution toolsets are effective, they usually are ‘not’ deployed across an entire organization’s infrastructure. More often than not, these toolsets are deployed on the security perimeter for the mainline defense. Meanwhile, the application, server and network teams will have their own respective solutions necessary for them to manage their needs. Their solution toolsets are typically deployed further into the infrastructure for managing the performance of server farms, virtualized servers, network core and distribution links, e-commerce applications, etc.
What I have seen in many environments is a very siloed IT approach where the security teams use their tools … and the network / server / application teams use their tools. Sometimes, this separated approach is necessary due to the “sensitive nature” of the security team’s charter and information that they collect. When it is not “necessary” to separate the toolsets, what you wind up with is a self-imposed limit on providing the best security platform for your organization.
Case in point, many vendors of NPM (Network Performance Management) and APM (Application Performance Management) solutions also provide functionality that security teams could easily leverage into their overall strategy. These types of functionality can ‘extend’ your security reach deeper into the organization infrastructure. This is a good thing !!
– Distributed DOS detection
– Internal DOS detection
– SYN Flood detection
– Bandwidth or QoS anomalies
– Visibility into traffic inside Virtual Servers and Blade Servers
– Identify the unidentified application traffic
– Sharing of NetFlow information
– Packet Capture for Forensics Evidence
– DNS, DHCP, LDAP related specific monitors
Points to Ponder
APM / NPM tools that are “not really intended” to be official security tools can add significant value and reach to your overall security strategy. Why not take advantage of the additional reach when you have it available?
You will likely provide better security coverage to your environment as well as leverage all that your toolsets can bring in fighting the Cyber War. Want to look like a ‘hero’ to your management?
Let them know that you increased the ROI of their existing tool investment, without costing any additional money, and simultaneously widened the security footprint to protect the company.
Until next time ….
Pingback: Time for a New Year's Toolsolution ?? - Problem Solver Blog
Pingback: Protect the Critical Applications (Hacktivism Part #3) - Problem Solver Blog
Pingback: SIEM Bat Time .. SIEM Bat Channel .. - Problem Solver Blog