Towards the end of last year, The British Library, one of the world’s largest libraries holding over 170 million items, was hacked. The ransomware attack, orchestrated by a group called Rhysida, managed to steal 490,191 personal files and offered them for sale on the group’s website.
But why hack a library? Well, contrary to popular belief, any organization can be the target of a cyber attack for a variety of reasons. In fact, the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement warning about Rhysida: “Threat actors leveraging Rhysida ransomware are known to impact ‘targets of opportunity’, including education, healthcare, manufacturing, information technology and government sectors.”. The statement rings true in light of a number of recent data breaches including project management software Trello, which saw the data of 15 million of its users leaked to the dark web. Last year, Norton Healthcare was also hacked, impacting 2.5 million patients and employee records.
These breaches cost companies millions of dollars, not to mention the damage to their reputation and compromised trust of their customers. Unfortunately, data theft and ransomware attacks are showing no signs of slowing down, thanks in part to the fast-paced development of Artificial Intelligence (AI). However, just as criminals are becoming more sophisticated in their approach, so are network managers and cyber security professionals, as they adopt new technologies and techniques.
Stop Threats Before They Become Breaches
The timeline of network attacks includes the introduction of an attack into a network, the identification of an attack and the containment of the attack. According to a Ponemon Institute Survey, the Mean Time to Identification (MTI) is about 200 days. The Mean Time to Containment (MTC) is about 70 days. Therefore, an attack can reside in a network for 270 days before containment. What damage can be done in that time? According to the same survey, $4 million is the average cost of a data breach. Compressing this attack timeframe is the critical mission to prevent an actual breach.
This is where network security tools can play a critical role in your cyber security strategy. Traffic aggregators consolidate network traffic from multiple sources to allow security teams to analyze network traffic within a centralized platform. Packet brokers act as an intermediary between monitoring tools and network infrastructure to intelligently distribute traffic to monitoring and security tools in an efficient way.
Having the correct network security solution in place can mean the difference between a threat and a breach. Being able to capture and analyze network traffic in real time can aid early threat detection, while having complete visibility of your network allows security teams to respond to incidents rapidly by containing threats early on and quickly deploying remedies to minimize impact on the business. After a breach, traffic aggregators and packet brokers can yield historical network traffic data to allow for detailed forensic investigations and compliance with regulatory requirements.
Improve Recovery Time with Actionable Insights
Network visibility solutions can effectively reduce recovery times following a data breach by providing actionable insights and optimizing resource allocation. By providing granular visibility into network traffic, network security teams can identify vulnerabilities and compromised assets, streamlining recovery and reducing MTC. Doing so can also allow stretched teams to focus their resources where they will see the most impact. Using packet brokers and traffic aggregators to identify bottlenecks and optimize traffic flow can also contribute to the efficient operation of security and monitoring tools. Through continuous network monitoring, organizations can also adapt their defence strategies in real-time based on evolving attack patterns and emerging threats.
Pair Security Tools with Network Critical Solutions for Powerful Protection Against Data Breaches
Network Critical’s range of network security and monitoring tools, such as our intelligent SmartNA TAP, can also connect to security tools to pass a mirror copy of traffic to analyse, report and action. When determining how to deploy these network security tools, it’s important to ask a few important questions:
Will the connection add delay to the network? When connecting tools with Network Critical TAPs and Packet Brokers, there is no additional delay added to the live traffic.
What happens if power is lost to the TAP? Network Critical TAPs have dual power supplies. If one power supply fails the other automatically takes over. If, for some reason, all power is lost to the unit, fail-safe technology will allow the continuation of live traffic on the network.
How can tools block malicious attacks if they only see mirror traffic? In the case where tools are actively analyzing and taking action when attacks are detected, an in-line TAP is used. In-Line (By-Pass) TAPs pass live traffic through to the tools. Therefore, tools can take immediate action to block, delete or alter malicious traffic directly on live links. There is no mirror traffic when using In-Line TAP connections.
If there are multiple tools that need to be attached to links, how are they managed? Network Critical offers a complete portfolio of TAPs, Packet Brokers and Hybrids that allow safe, secure connectivity to a wide variety of security, performance and monitoring tools. With advanced features such as port mapping, filtering, aggregation and packet manipulation, Network Critical visibility solutions are the safe bet for getting the right traffic to the right tools at the right time.
As hackers improve their penetration technology it is critical for networks to audit their security profile. Network Critical is offering a FREE network visibility audit to help network managers understand their potential breach liability and offer suggestions to strengthen defences. Go to www.networkcritical.com/contact-us to sign up.
