You can lock every window and bolt every door to keep out intruders, but it won’t be of much use if the attacker is already inside; if the attacker is an insider. Most security reports and headlines highlight stories of organizations that are attacked by an external party, but incident statistics highlight a growing number of attacks from insiders and partners. These incidents are real, and threaten your most sensitive information. How do you know when an insider is exfiltrating data from your organization? Cisco Managed Threat Defense (MTD) monitors for advanced network security intrusions using expert staff and OpenSOC, which Pablo Salazar introduced last month. Our staff has a decade of experience investigating security attacks and resolving benign anomalies. In my twelve years as an InfoSec professional, I’ve seen cases where employees conceal their activity for a variety of reasons. In one particularly interesting incident, it was discovered an employee was encrypting and obfuscating outbound traffic from his laptop over a period of several weeks, using for-purchase VPN software called Private Internet Access.
Data Centers are going through a rapid evolution due to industry trends of virtualization, cloud computing and bring your own device (BYOD) initiatives, putting an even greater strain on IT resources to secure the data, applications and access critical to the success of the business. Today’s data center must be secure and resilient to keep the enterprise running at maximum productivity; protecting its profitability and reputation.
The modern enterprise runs a wide array of commercial and customized applications, and the data within those applications is exactly what attackers are targeting. Those critical applications and servers within the data center continue to be the subject of targeted attacks and sophisticated malware. The 2012 Verizon Data Breach Report highlights that attacks against servers accounted for 94% of all data compromised last year. Strong security controls and visibility measures must be implemented to protect the integrity of the enterprise data center.