Story image

The first hour of a security intrusion prudent, says experts

07 Apr 16

How a business acts in the first sixty minutes following a cyber security intrusion are prudent, according to Ixia. 

The company says the actions taken within the first hour of a security intrusion can make the difference between minimal impact and major fallout. 

According to Stephen Urquhart, general manager ANZ at Ixia, the first sixty minutes is known as the ‘Golden Hour’. he says there are a number of things organisations can do to detect and respond to an intrusion within this this timeframe. 

“An unauthorised digital intruder will often do the largest amount of damage, such as network sabotage or intellectual property theft, within the first hour of a successful attack,” Urquhart says 

“The implementation of inline security tools can help to minimise the damage done in the first 60 minutes,” he says.

There are three key types of security technology to consider: 

1. Inline security tools 

Inline security tools can monitor and respond to unusual network activity, such as unauthorised intrusions, in real-time, letting businesses reduce the likelihood of an information breach following an attack. 

Inline security tools include intrusion prevention systems (IPSs), firewalls, security information and event management (SIEM) systems, threat analysis tools, and data loss prevention tools. 

2. Bypass switch 

A bypass switch lets organisations put inline security tools in service or take them out of service without disrupting the network. This provides more flexibility when a security tool needs updating, moving, or replacing. 

Bypass switches also provide a fail-over capability. Although some security tools have bypass capabilities built into them, this sometimes doesn’t work in certain situations where software malfunctions. The additional bypass switch prevents this from being an issue. 

3. Network packet broker 

A network packet broker can be used as an additional measure that is inserted after the bypass switch and before the network security tool. This provides another level of analysis to pick up suspicious data. 

A network packet broker can provide more flexibility with high availability solutions, tool chaining for better analysis, and data filtering, reducing the likelihood of tools being unnecessarily loaded. 

“If organisations have these three elements in place, they will have a better chance at identifying and responding to an intrusion incident before it becomes a problem, and be in a better position to minimise recovery times if things do go awry,” Urquhart says. 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.