Today we are going to discuss when real-time threat detection is essential:
When new device is added to organization, it is necessary to identify potential attacks through those new devices. As organizations implement IoT they should consider a network redesign that segments IoT devices from the rest of the internal network via strong access controls. They can deploy anomaly detection technology to baseline normal behavior between the IoT segment and the internal and external networks. This continuous monitoring will help to identify unusual network behaviors.
Working with new vendors or partners:
Whenever an organization grants network access to new vendors or partners, they should be on the lookout for unusual activity. For this, prioritize management and security of vendor/partner access to company resources, and be diligent about removing access once contracts are complete. In addition, limit vendor VPN access to a known set of IP addresses and publish this list internally. Lastly, deploy analytics to detect unusual behaviors from these IP addresses in near-real-time.
New Physical location:
Whenever an organization is relocated or adding a new location to business, the infrastructure that comes along with those new locations could bring new vulnerabilities along with it. In addition to adding standard controls, organizations in this situation should think about deploying analytics that can perform “population analysis” to determine if this new location exhibits behaviors in its network and application log data that are different from the behaviors seen from other locations.
Introducing new hardware:
This could include any hardware, from servers to new mobile devices. When you add new hardware to a network, there are a lot of things you don’t yet know about it. It’s a good practice to ensure that all software running on new servers is patched and updated. Check for any known vulnerabilities associated with the hardware or software.
Events like reductions in workforce, terminations, and resignations, especially when they’re involuntary, can be turbulent and increase the chances of malicious activity from people who know their way around a company’s data, network and applications. During these sensitive times, be diligent about removing access to all resources, both on-premises and cloud-based.
However, taking all the necessary steps in these situations can save your organization from many threats. Whereas, real time detection is the best way to start from granular level that has many positive impact on security practices.