BreachBytes

I find myself asking the question: “How can a network ever really be secure?” and talking about it with customers and colleagues all the time. This article “How dangerous user behavior puts networks at risk” brings this issue to the forefront. Regardless of the number of defenses a company puts in place whether it’s firewalls, Intrusion Prevention Systems, Security Information Management Systems or the like one of the biggest vulnerabilities are the users on a network.

It is becoming necessary both from what you read in the press and today’s environment to be sure that your company has the necessary “evidence” in a stockpile in addition to alerting and correlation tools for those times when you are alerted by one of your users or a network device about potentially damaging user behavior. What I mean by evidence is to retain all of that network and NetFlow data for future forensic analysis. While that data isn’t going to be able to spot the employee who loads up a thumb drive with company data and takes it home, that data is what allows network security experts in a company to address the insider threat caused by simple violations of corporate policies when it comes to what the employee does online.

(more…)