Archives

Author Archive for Rafi Sabel

0

The Internet of Things (IoT) – pushing network monitoring to its limits

February 10, 2021 Rafi Sabel / / / / / / / / / /

In the age of the Internet of Things (IoT), billions of connected devices – estimated at 20 billion by the year 2020 – are set to permeate virtually every aspect of daily life and industry. Sensors that track human movement in times of natural disasters, kitchen appliances reminding us to top up on food supplies and even military implementations such as situational awareness in wartime are just a few examples of IoT in action.

Exciting as these times may be, they also highlight a new set of risk factors for Security Specialists who need to answer the call for more vigorous, robust and proactive security solutions. Considerations around security monitoring and management are set to expand far beyond today’s norms as entry points, data volumes and connected hardware multiply at increasing rates in the age of hyper-interconnectedness.

Security monitoring will need to take a more preemptive stance in the age of IoT

With next-generation smart products being used in industries such as utilities, manufacturing, transportation, insurance, and logistics, networks will become exposed to new security vulnerabilities as IoT and enterprises intersect. Smart devices connected to the enterprise can easily act as a bridge to the network, potentially exposing organizations’ information assets. Apply this scenario to a world where virtually every device can communicate with the network from practically anywhere, and the need for more forward-thinking security monitoring becomes apparent. Device-to-device communications will need stronger encryption and ways for network teams to monitor and understand communications, behavior and data patterns. With more “unmanned” computers, appliances and devices coming on-line, understanding new network anomalies will be a challenge.

Networks will become far more heterogeneous

Embedded firmware, operating systems, shorter life-cycles, expanding capabilities and security considerations unique to IoT devices, will make networks far more complex and expansive than what they are today. IoT will hasten more heterogeneous environments, which security teams must be prepared for. The device influx will also drive IPv6 adoption and introduce new protocols. According to Technology.org, “Enterprises will have to look for solutions capable of guarding data gateways in IoT devices using tailored protocol filters and policy capabilities. Besides, regular security updates and patches will become integral to product lifecycle to eliminate every possibility of a compromise.”  This will increase reliance on technologies such as granular Netflow collection that provides forensics and anomaly detection, which offers enterprises, trusted security solutions that are both easily deployed and capable of evolving organically alongside new technologies as they are introduced to environments.

IoT will introduce new types of data into the enterprise

Traffic signal systems, power stations, water sanitation plants and other services vital to society are all incorporating IoT to some degree. Device security in a physical and non-physical context will be important as enterprises need to look at ways of preventing unauthorized entry into the network. Gartner asserts that, “IoT objects possess the ability to change the state of the environment around them, or even their own state (for example, by raising the temperature of a room automatically once a sensor has determined it is too cold, or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient’s medical records)”.

Considering the risk to human life inherent in hacks into systems of this nature, the level of monitoring and surveillance for compliance is becoming more pertinent each day as these kinds of threats are starting to occur. This will place a high demand on end-point security solutions to be both timely and accurate in its correlation of network data to give Security Teams the needed granularity to provide context around current and evolving risks.

The now infamous Chrysler hack is a primary example of the potentialities of IoT-based breaches and the threats they pose to human safety.

The role of Netflow in forearming the enterprise in the age of IoT

Monitoring systems will be required to identify, categorize and alert Network Operations Centers (NOCs) on a plethora of new datasets, demanding big data capabilities from their network monitoring solutions. NetFlow, if used correctly, can offer an opportunity to provide enterprises with substantial intelligence and an early warning mechanism to assist them in managing the steady move toward IoT and take a forearmed stance in security operations. Netflow’s ability to match to the scale at which the enterprise will grow means NOCs will neutralize the threat of being overwhelmed in a deluge of devices that will generate volumes of data that require around the clock monitoring.

They can achieve deep visibility – central to security in an IoT world – with a NetFlow monitoring, reporting and analysis tool that provides the ability to perform deep security forensics and intelligent baselining, anomaly detection, diagnostics and endpoint threat detection. NetFlow end-point solutions speak to the changing needs of the large environments by reducing Mean Time to Know (MTTK), which in turn shrinks Mean Time to Repair and Resolve (MTTR).

For more information on how CySight is helping organizations build comprehensive network security, performance and management solutions, contact us, or download a free copy of our guide on 8 Keys to Understanding NetFlow for Network Security, Performance & Overall IT Health.

 8 Keys to Understanding NetFlow for Network Security, Performance & Overall IT Health

0

CySight @ CyberTech 2016

February 4, 2021 Rafi Sabel / / /
Last week we presented CySight at CyberTech 2016 in Tel Aviv, Israel. Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States.
Israel is building a name for itself as the global center of cybersecurity and we have a unique network intelligence solution that fits the Israeli cybersecurity vision. CySight’s unique approach to delivering granular Network Security Forensics, Intelligent Behavior Anomaly Detection and Diagnostics and End-Point Threat Detection was appreciated by the “who’s who” of the Israeli Cyber community that intimately understand the need for granular network intelligence and threat mitigation.
The candidness, openness and warmth of the Israeli community has to be experienced and I cannot begin to express my gratitude for all the intelligencia and warm wishes from those who visited our stand. CySight already enhances Check Point firewalls with CySight providing a joint solution with Check Point providing ultimate network anomaly analytics and forensics (https://www.checkpoint.com/downloads/sb-checkpoint-netflow.pdf). We look forward to CySight becoming a valuable part of the Israeli Cybersecurity space and contributing to its defense.
 

CySight has been building innovative network analytics solutions for the Enterprise and ISP/Telco marketplace since 1995. At the World Congress of IT in 2002 we won multiple awards for Security and Business Intelligence for our DigiToll software and we continue to deliver and extend our superior network forensics and detection technology. Our objectives are to keep creating tools that build a safer Internet with unique methods to identify and mitigate undesirable traffic.

CySight’s CySight is a premier flow-analytics solution providing extreme visibility eliminating network blindspots. Anomaly detection and end-point threat intelligence coupled with unique granularity for high-compliance meta-data retention and security forensics help organizations reduce risks associated with inappropriate and malicious traffic and poor performance. Trusted globally by the largest companies for its scalability and flexible analytics. Perpetual diagnostics enable fast mitigation from DDoS, insider threats, botnets, illicit transfers and other bad actors.
Useful links:
8 Keys to Understanding NetFlow for Network Security, Performance & Overall IT Health
0

How to Achieve Security and Data Retention Compliance Obligations with Predictive AI Cyber Flow Analytics

January 12, 2021 Rafi Sabel / / / / / / /

Information retention, protection and data compliance demands are an important concern for modern organizations. And with data being generated at staggering rates and new entry points to networks (mobile devices, wireless network, etc.) adding their own levels of complexity, adherence to compliance obligations can prove challenging. In addition, when considering high profile network hacks such as the Sony, Dropbox and Target intrusions, it quickly becomes clear that no organization is immune to the possibility of having their systems compromised. This backdrop demonstrates the importance of finding a suitable network monitoring solution that is able to navigate the tightrope between meeting regulatory requirements without placing too much strain on hardware resources.

In this blog we’ll touch on two of these regulatory standards: the Health Insurance Portability and Accountability Act (HIPAA) and Supervisory Control and Data Acquisition (SCADA), and look at how Network Specialists can leverage NetFlow’s ability to provide insightful metrics that aid in the building of a water-tight security apparatus.

NetFlow and HIPAA

Few have greater concerns around information privacy than the health care industry. If compromised, medical records containing patients’ sensitive information can lead to disaster for both health care organizations and individuals. The Privacy Rule, as stipulated by HIPAA, addresses the data retention compliance and protection measures expected of health care organizations to ensure critical patient records remain safe, uncompromised and reliable.

One of these protection measures is the continuous monitoring of information systems to prevent security breaches or unintended exposure of information to the wrong people. NetFlow is ideal for monitoring and enforcing security by giving detailed insight into both local, inbound and outbound traffic. It also allows you to easily identify the nature of the traffic and see how traffic flows between devices as it traverses your environment.

NetFlow’s ability to detect and report on anomalies through analysis by a NetFlow analyzer can give health care organizations unmatched network visibility and data granularity. Its availability on most networking devices makes it ideal for deployment in and monitoring of large-scale environments such as hospitals and other health care facilities. Also, flow exports to NetFlow analyzers are comparatively lightweight, which makes it possible for organizations to collect and store network audit data for extended periods of time.

NetFlow and SCADA

SCADA is a standard that facilitates communication channels between remote equipment as a means to control their functions. Examples of SCADA at work are remote management of Heating Ventilation and Air Conditioning (HVAC) systems, industrial equipment and Closed Circuit Television systems. SCADA is a type of industrial control system (ICS). Security around SCADA-enabled systems are paramount to human safety, as typical utilization of SCADA include sewerage systems, power plant and water treatment facilities. Also, these management systems typically communicate via the Internet, making them vulnerable to hackers who may seek to use them as entry points into corporate networks.

NetFlow provides built-in support for SCADA and facilitates real-time monitoring and management of communication between remote devices, making it possible to take corrective action on-the-fly if needs be. It also enables users to make operational decisions based on both real-time and historic data that gives context to anomalies and events as they occur. Users are also able to perform functions remotely without visiting sites to perform updates and other maintenance tasks. By providing detailed and up-to-date information on business-critical systems, NetFlow is enabling businesses to be more proactive in the monitoring, management and maintenance of remote devices and systems.

Employing the right NetFlow reporting tool is key to manage compliance obligations

The missing link in leveraging the power of NetFlow in data retention and protection efforts is a powerful, comprehensive and robust NetFlow reporting tool. When considering your regulatory obligations, ensure that your choice of NetFlow reporting tool gives you the detailed, granular and contextual information you need to make insightful, data-driven decisions around the security, integrity and stability of your information assets.

8 Keys to Understanding NetFlow for Network Security, Performance & Overall IT Health