Whether your organization is a business or involved in government, one of the highest cost scenarios is when there is a security event that originates with an inside source like an employee or contractor. That’s because these people often have unfettered access to the most sensitive information while not being able to be properly tracked.
IBM has found that 55% of cyber-attacks originated with an insider at an organization. This is a dangerous precedent that is being set. Insider attacks can easily cost the most money and cause the most damage because of how much can occur without being detected. How are these individuals performing malicious acts without alerting anyone?
Visibility of Malicious and Suspicious Network Traffic
Many insider threats go undetected because they can easily circumvent the existing security infrastructure. Insiders who are tech-savvy can learn easily how to avoid alerting any security concerns and use this knowledge to collect sensitive data and even sell it to outside parties, including competitors. Tech-savvy insiders or compromised individuals (including devices) generate abnormal network traffic to hack your networks and endpoint devices.
A good example would be exploited Address Resolution Protocol (ARP). ARP is not really suitable for the IoT era, but it is still a popular protocol used to discover devices on a network. Also, ARP spoofing and any kind of ARP-based attacks can secretly listen to all network traffic, including data, voice, web, and email communications. Most of all, a typical firewall system cannot detect ARP-based attacks.
To detect and control this kind of abnormal network traffic, a Network Behavior Anomaly Detection (NBAD) solution can be considered. NBAD is useful for identifying internal threats. However, NBAD is only one facet of your network security solution and its success will depend on being part of a larger software suite. In order to be fully effective, NBAD should be used along with firewalls, intrusion detection/prevention systems, and endpoint security software for viruses and spyware. To leverage all of that is too expensive and difficult to deploy. The idea is good, but it’s not easy to execute.
Because you need a complete solution for the IoT era, it’s best to use a software that can be easily deployed into your network infrastructure and integrated with existing security solutions seamlessly. Most of all, you need a solution that is budget issue free.
What Genian NAC Can Do
First off, Genian NAC picks up the slack when your existing firewalls and endpoint security solutions can’t effectively detect and control ARP-based attacks or abnormal traffic. Here are some examples being controlled by Genian NAC:
- ARP Bomb
- ARP Spoofing
- Ad-hoc Network connected
- Cloning MAC/IP address
- Blocking SNMP Trap
- Invalid Gateway IP Address
- Port Scan
- Unknown Service Request
With Genian NAC, you can even create your own threat definitions easily to prevent more sophisticated and localized Insider Threats. Seeing is believing. Try Genian NAC anytime to monitor your network a whole new holistic way.