This article is part of a larger piece that was published on the NETSCOUT blog. To read the original in its entirety, click HERE.
The last few years have seen several far-reaching cyberattacks against our nation’s critical infrastructure and essential supply chains that have illustrated the very real threats posed by increasingly sophisticated cybercriminals. These attacks have become increasingly commonplace and successful as malicious actors have grown more advanced and embraced new attack strategies and vectors. One of these new attack strategies is what experts refer to as “Triple Extortion Attacks,” which NETSCOUT’s ASERT Threat Research Lead, Richard Hummel, explained as a “1-2-3 punch” of ransomware, DDoS attack, and data exfiltration.
As Richard recently told the GovCybersecurityHub, “As if ransomware wasn’t bad enough, now you have this threat of your data being posted and then all of a sudden, you don’t have access to any of your systems, because you’re getting DDoS. You’re losing reputation, you’re losing access, your customers can’t get in, your remote workers can’t get in. It’s a very prescient, compounding threat. Unfortunately, that means that a lot of ransomware gets paid.”
In light of this increasing sophistication, there’s no question that ensuring IT network security is becoming difficult for IT and security teams. In the first half of 2021, cyberattackers launched 5.4 million distributed denial of service (DDoS) attacks—an 11 percent increase from the year before.
And cyberattacks equate to big paydays for attackers. In just the first half of 2021, one ransomware group collected $100 million in payments. The money gleaned from those attacks is then used to buy more expensive attack tools that can be used to further overwhelm IT and security teams.
Given the increase in attacks and the added stress they create, the solution often is to add new security tools to address the biggest pain points of the moment. But that strategy creates additional headaches. Indeed, the average IT and security team now uses between 10 and 30 security monitoring solutions for applications, network infrastructures, and cloud environments.
But these disparate tools are creating more problems than they solve. In fact, 66 percent of infosec professionals express concern over their inability to effectively monitor multiple security technologies. And 30 percent of CIOs say it’s difficult to get an accurate status of network security because networking and security teams maintain separate tools and reports.
For security and network operations teams to work collaboratively, it’s vital that they adopt a common network cybersecurity technology stack. To ensure the security and performance of networks, the common cybersecurity technology stack should provide the following:
- Stateless protection devices in front of stateful firewalls: Implementing stateless protection devices in front of stateful firewalls helps to block threats such as command-and-control (C2) traffic, state-exhaustion DDoS attacks, known bad DNS domains and other indicators of compromise (IoC). To be effective, these devices need be able to recognize abnormal traffic patterns and have timely and accurate threat intelligence that continually updates blocking lists in real time, enabling them to protect stateful network infrastructure, filter out known cyberattack traffic, and enable IT operations teams to maintain peak network performance for business requirements.
- Examination of all east/west traffic: Security experts have come to rely on next-generation firewalls for security at network perimeters. Although such firewalls cover network ingress/egress, they leave internal networks open to attacks. To close this gap, network security needs to look at all east/west traffic in their legacy networks and hybrid cloud environments, enabling security teams to quickly and easily identify and filter out threats moving laterally inside their environments.
- A common source of truth for network and cloud visibility: It’s not unusual for network and security teams to find that they’re using a multitude of disparate tools to collect the same network data. But what’s necessary to achieve holistic network and cloud visibility is a common source of network truth that’s derived from network packets and metadata. The right network instrumentation should have real-time packet analytics that create a robust set of locally stored, highly indexed metadata that can be quickly accessed and analyzed by both network and security teams for more efficient incident detection, investigation, and mitigation—all of which are crucial for maintaining strong performance and responding to security incidents.
- Network traffic analysis capabilities: To ensure network performance and security, teams need to understand network traffic patterns, as well as the disposition of every device connected to the network before an incident occurs. Doing so helps them identify and remediate rogue devices, misconfigurations, and vulnerable systems, while maintaining application performance for business operations. Network traffic analysis capabilities deliver end-to-end visibility that allows teams to monitor normal network behavior to identify anomalies that might impact network security or performance.
- Network detection and response systems: Modern-day cyberattackers increasingly deploy anti-detection and forensics techniques to avoid being detected by endpoint detection and response (EDR) solutions. In addition to traffic analysis, teams need a way to analyze network data and threat intelligence in order to detect and investigate anomalous, suspicious, and malicious network activities that are hidden from other cybersecurity tools. Network detection and response systems can detect threats that EDR and log-based systems miss—while also providing access to a comprehensive source of metadata and network packets. Such data is crucial for triage and investigations.
To learn more about creating a common cybersecurity technology stack that better aligns IT and security teams, click here.
To learn more about the latest threats facing IT in 2022, click here.