When it comes to Infosec, don’t forget about the old stuff
When it comes to INFOSEC you need to focus on the new and the old!
Last week, I worked with a client who needed some help with an INFOSEC issue associated with Ransomware. To summarize, they needed to put an early warning system in place should one or more clients start to rename large numbers of files on network shares. Ransomware continues to be a very hot topic with some recent reports highlighting that 63% of UK Universities have been hit with Ransomware and a retooled Locky Ransomware has started to pummel networks in the healthcare sector.
If you include other topical security issues like DDoS and advanced phishing attacks, it may indicate that people lose interest in older threats and vulnerabilities. If Network Managers just focus on recent security issues, there is more than enough work there to keep them busy. However, this is a dangerous approach, as you need to keep a watchful eye on the old security issues as well as being able to deal with the new.
Our LANGuardian product includes both an IDS and advanced traffic analysis capabilities and so, it is an excellent tool for forensic type use cases. A good example of this materialized a few days ago, while I was working on another clients network. I was reviewing their Network Events report and I noticed Conficker activity.
Conficker is old Malware which was first detected back in 2008; but there it was, trying to connect outbound to Chinese, Mexican and German IP addresses over port 80, as well as scanning the internal network trying to infect other hosts. From what I understand, the infected host was a piece of equipment with an embedded Windows OS which made it difficult to patch.
I also picked up on suspicious inbound traffic over port 22 to a client which in turn was sending SPAM type emails. These are issues that we all worked on years ago, but here they are once again and still causing problems in 2016. This can be easy to detect, but only if you are monitoring what is happening inside your network.
It really served as a reminder that while it is important to watch out for the new threats, neither should you forget about the old stuff. Indeed, you may well have an INFOSEC dinosaur lurking in the corner of your network trying to cause damage. So, ensure everything is patched and back this up with good monitoring tools to spot the bad stuff.
NetFort provides network traffic and security monitoring software for virtual and physical networks. NetFort’s flagship product, LANGuardian, is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes. Organizations worldwide depend on LANGuardian solutions from monitoring user activity to file activity monitoring, web activity monitoring, network security monitoring, bandwidth troubleshooting, wire data analytics, network forensics to packet capture.
To see LANGuardian in action – try our interactive demo today!