Data and network security
How to detect unauthorized network traffic?
A telecommunications services company lost access to important data. It turned out that a few months earlier a file with an almost identical name to an existing file had been embedded in the company’s cloud resources. It was just waiting for the moment designated by the cybercriminal to begin its operation.
The file was spread throughout the company’s network, after which it encrypted disk data, effectively blocking the smooth operation of the entire company. This resulted in huge losses both financially and in terms of image.
What was the reason for the successful attack?
- Lack of tools to analyze the network infrastructure
- Lack of automation tools to detect the attack
Detecting unauthorized network traffic in today’s world full of cyber threats is an extremely time-consuming task. Well-equipped SOC (Security Operation Center) teams should have access to tools that keep the need for their involvement to a minimum. A tool that would prevent problems for the aforementioned telecommunications services company is an NDR-class solution – Network Detection & Response.
NDR-class solutions provide a complete view of an organization’s network infrastructure in real time. Through packet analysis and behavioral analysis, they detect unusual network traffic and unusual user behavior. Thus, they prevent an attack at the very first stage, i.e. the creation of the threat. An alert sent to the SOC operator gives a high priority to the event, so that it is able to respond immediately to a security incident. This type of NDR solution that can effectively detect unauthorized network traffic is NetWitness Network.