YOU ARE AT:OpinionReality Check: NetFlow technology solves 'who-dun-it!' cyber crimes

Reality Check: NetFlow technology solves ‘who-dun-it!’ cyber crimes

Editor’s Note: Welcome to our weekly Reality Check column where C-level executives and advisory firms from across the mobile industry share unique insights and experiences.

The number of devices signing onto enterprise networks is increasing rapidly and there doesn’t appear to be a decline in sight. In fact, the Cisco Visual Networking Index forecast, which was released in May, predicts that by 2016 there will be “nearly three networked devices per capita.” With nearly 70% of new servers being virtualized, where are these new hardware devices coming from and who is authenticating them onto the enterprise network?

BYOD Is driving network device counts

It is no surprise that BYOD is currently the largest growth driver. Just about everyone in our office has a VoIP phone, a smart phone and a laptop on the network – many even have a tablet. Some might think that since humans don’t multi-task well, the number of mobile devices per person isn’t a problem because only one device can be used at any given time. This assumption may not consider the impact of three active devices, per person, that are consuming the organization’s network bandwidth.

Imagine how smartphones and tablets are used to stream music, receive messages and browse the network when sitting on long conference calls that are being streamed over VoIP. How about “instant-chat” messages? They usually spring up on multiple devices – all of which access the same network. Imagine the bandwidth consumption now when thousands of devices are involved.

BYOD is often given a free pass

Even if we get beyond the potential network congestion concerns, think about the BYOD security risks. End users typically authenticate tablets and smartphones onto the network with the same login credentials used on the company laptop. Antivirus is almost never installed on these devices – not to mention that many firewalls which enforce antivirus on laptops have been configured to let smartphones and tablets cruise on by. While these mobile devices have access to the same corporate resources as the laptops, the same security measures are not enforced on them.

Protect sensitive data from BYOD

Although there are several measures that can be taken to block hackers from stealing intellectual property, safe networking begins with company-wide education. Regular education sessions can help end users to:

–Assume they are infected, so they can be aware of their normal computer behavior and easily detect viruses.

–Review the activities performed on their devices – for example how to ensure URLs are safe before they click the links.

–Use encrypted forms of communication such as “off-the-record” messaging when discussing particularly sensitive topics.

–Install applications such as McAfee SaaS Endpoint Protection to provide greater end system protection beyond anti-virus.

Outside of end users doing their part to secure the enterprise network, IT administrators can take specific steps to ensure that highly confidential resources receive additional protective measures from BYOD access. For example, admins should consider restricting access to critical servers and confidential information to connections from virtual desktops which are erased and recreated after each session. Handheld devices don’t typically access these types of resources. Some confidential resources (e.g. CRM, financials) require special applications which have to be installed on the end systems. In many cases, these apps can’t be installed on handheld devices.

Monitor resources isolated from BYOD

By using NetFlow or IPFIX, IT admins can monitor all traffic to and from servers hosting sensitive information. Alarms can be triggered to detect:

–Any traffic to hosts outside of an approved IP address list which could exclude the wireless network.

–Communication on any port other than what is required by the application.

–Excessive connections or flow volumes outside the normal baseline.

Contextual details should be gathered on all devices (i.e. not just BYOD) that are authenticated onto the network. By correlating the IP addresses found in flows to the user names logged in authentication systems (e.g. Microsoft Active Director, Cisco ISE, etc.), IT admins can improve situational awareness if and when a threat needs further investigation.

In a recent article, Keith Alexander, Director of the National Security Agency, and commander of U.S. Cyber Command put it best when he said: “We need a way of seeing what’s going on … situational awareness in cyberspace is one of the most difficult issues.”

Leverage username to identify BYOD

Marrying IP addresses to usernames allows administrators to find out who authenticated a mobile device onto the network – and more importantly other devices the user authenticated. Investigating a threat can be expedited when the actual end-user involved with a threat can be identified easily.

BYOD security cameras

Almost every large department store relies on security cameras when they need to investigate a potential theft. In the case of a cyber threat, network administrators almost always rely on NetFlow reporting. This allows every router and switch on the corporate network to act like a security camera by logging every BYOD action back to a central database or a NetFlow collector. If and when suspicious traffic on the network needs to be investigated, they can simply turn to the NetFlow repository and pinpoint the suspect and find out who-dun-it.

Gather more BYOD context

Assuming multiple machines in your company are already infected is a practical approach to threat management. For this reason, when suspicious behaviors need to be investigated, the more contextual detail network admins have, the more situational awareness they can gain on the anomaly. Determining who authenticated the misbehaving device onto the network allows network admins to quickly determine the other machines that may need cleaning up. Leveraging NetFlow is the fastest and most cost-effective way to setup your network security cameras.

Can you risk your intellectual property without securing it?

ABOUT AUTHOR

Martha DeGrasse
Martha DeGrassehttp://www.nbreports.com
Martha DeGrasse is the publisher of Network Builder Reports (nbreports.com). At RCR, Martha authored more than 20 in-depth feature reports and more than 2,400 news articles. She also created the Mobile Minute and the 5 Things to Know Today series. Prior to joining RCR Wireless News, Martha produced business and technology news for CNN and Dow Jones in New York and managed the online editorial group at Hoover’s Online before taking a number of years off to be at home when her children were young. Martha is the board president of Austin's Trinity Center and is a member of the Women's Wireless Leadership Forum.