Story image

The first hour of a security intrusion prudent, says experts

07 Apr 2016

How a business acts in the first sixty minutes following a cyber security intrusion are prudent, according to Ixia. 

The company says the actions taken within the first hour of a security intrusion can make the difference between minimal impact and major fallout. 

According to Stephen Urquhart, general manager ANZ at Ixia, the first sixty minutes is known as the ‘Golden Hour’. he says there are a number of things organisations can do to detect and respond to an intrusion within this this timeframe. 

“An unauthorised digital intruder will often do the largest amount of damage, such as network sabotage or intellectual property theft, within the first hour of a successful attack,” Urquhart says 

“The implementation of inline security tools can help to minimise the damage done in the first 60 minutes,” he says.

There are three key types of security technology to consider: 

1. Inline security tools 

Inline security tools can monitor and respond to unusual network activity, such as unauthorised intrusions, in real-time, letting businesses reduce the likelihood of an information breach following an attack. 

Inline security tools include intrusion prevention systems (IPSs), firewalls, security information and event management (SIEM) systems, threat analysis tools, and data loss prevention tools. 

2. Bypass switch 

A bypass switch lets organisations put inline security tools in service or take them out of service without disrupting the network. This provides more flexibility when a security tool needs updating, moving, or replacing. 

Bypass switches also provide a fail-over capability. Although some security tools have bypass capabilities built into them, this sometimes doesn’t work in certain situations where software malfunctions. The additional bypass switch prevents this from being an issue. 

3. Network packet broker 

A network packet broker can be used as an additional measure that is inserted after the bypass switch and before the network security tool. This provides another level of analysis to pick up suspicious data. 

A network packet broker can provide more flexibility with high availability solutions, tool chaining for better analysis, and data filtering, reducing the likelihood of tools being unnecessarily loaded. 

“If organisations have these three elements in place, they will have a better chance at identifying and responding to an intrusion incident before it becomes a problem, and be in a better position to minimise recovery times if things do go awry,” Urquhart says. 

Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Microsoft appoints new commercial and partner business director
Bowden already has almost a decade of Microsoft relationship management experience under her belt, having joined the business in 2010.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."
Kinetica launches a new active analytics platform
"With the platform now powered by NVIDIA DGX-2, customers can build smart analytical applications that combine historical data analytics and ML-powered analytics."