How NPMD Tools Can Help Investigate Data Breaches - Open Reality

+44 (0) 1235 556400   |  sales@openreality.co.uk


How NPMD Tools Can Help Investigate Data Breaches

March 27th, 2017 by Sam Cobley

A 24/7 Security Camera for Your Network

You have just discovered that your perimeter defences were breached and you think that sensitive customer data has been stolen. When GDPR comes into force in May 2018 you will need to report a breach to the relevant supervisory authority within 72 hours of becoming aware of it (unless “the personal data breach is unlikely to result in a risk for the rights and freedoms of natural persons,”). Failing to notify a breach when required to do so could result in a hefty fine up to €10 million or 2% of your global turnover.

Some of the important questions you will need to answer are:

Finding this information isn’t going to be easy – especially if you can’t examine all the packets. It’s like trying to recall a crime with crucial gaps in your memory. For an investigation to succeed you need the ability to capture and store all activity that traverses your IT infrastructure—just like a 24/7 security camera.

NPMD to the Rescue

Many enterprises will already have NPMD (Network Performance Monitoring and Diagnostics) solutions that are capable of storing vast amounts of packet-level traffic collected from a variety of network topologies; from the core, edge, and branch. Whilst network teams will be routinely using the packets for network troubleshooting, they might not be sharing them with the security teams to help in their investigations.


“IT operations teams must leverage network forensic evidence collected by NPMD solutions to help security operations teams solve difficult security problems”

Gartner Research


Once a security team is alerted to a breach or attack by a frontline security system they can use a packet-based analytical tool to isolate the event. Packet analysis can then recreate the relevant network sessions involved in the attack, identify the nature of the breach, track its lateral path through the network, and reveal what was compromised (and by inference, what data or assets were protected).

Packet-Based Security Forensics – A Next Generation Approach to Attack Remediation

This white paper explains the importance of packet capture and forensic analysis to security operations, examines the dynamics of this growing collaboration between security and network teams, and explores a leading platform in this market from Viavi Solutions.

Download Whitepaper

Vital NPMD Security Features

An effective solution must offer:

The data centre is at the core of today’s IT infrastructure. Given the volume and speed of traffic—and therefore increase in potential threats—your NPMD solution must be faster.

To find the specific illicit event among millions of legitimate packets you need analysis tools that offer deep-packet inspection to quickly assist in determining when and where a particular anomaly or unexpected incident has occurred.

The ability to filter packets against these known threat signatures and alert when detected is critical to resolving many malware events.

Rooting out emerging threats means being able to rewind a network to view past events, often down to individual network conversations.

Since it is often not until after intrusions occur that breaches are detected, it is critical that network traffic is maintained for a relevant period of time (we recommend a month if possible). This enables the NPMD solution to act like a surveillance camera that is always on.

Conclusion

Firewalls, anti-virus software, IDS and DLP systems are necessary but no longer sufficient to achieve the most robust protection or obtain detailed evidence necessary for complete resolution and documentation of cyberattacks and IT breaches. With the capabilities to act like a 24/7 security camera by storing network traffic for extended periods of time and perform deep packet inspection, NPMD solutions like Observer GigaStor enable administrators and security personnel to efficiently detect and root out intrusions, malware, and other unauthorised activities within the IT infrastructure. In a world of ever-increasing cyberattacks, malware, and internal espionage threats, the right NPMD solution can act as the final defence and provide the quickest path to recovery.



Want to find out more? CALL US: 01235 556400   or    EMAIL US

TESTIMONIAL

Open Reality was awarded BlueCoat Vendor of the Year for 2013 because it understands our products, what they do and how they can empower a business.
Rupert CollierChannel Account ManagerBlue Coat

CASE STUDIES

Leicestershire County Council: Observer GigaStor Finds the Needle in a Haystack

Leicestershire County Council: Observer GigaStor Finds the Needle in a Haystack

When a random disconnect of some of the Councils business-critical cloud applications began affecting productivity for dozens of users every day, they knew they would need to do some detective work to find the issue.

WHITE PAPERS

+44 (0) 1235 556400 | sales@openreality.co.uk