If you happen to be someone who is actually on Network Infrastructure Job-role, but expected to look after the IT security needs of the organisation… If you constantly feel the lack of right budgetary allocations by the management to the IT security needs, then this post is for you.
Being a networking engineer or admin, you already have all the right knowledge to maintain your network, only thing that is left, is to extend to the security monitoring skills. Trust me it is not a huge ask or huge task. You can achieve this goal with a little patience and working with some technologies.
Let us first be clear about the technologies you are dealing here.
The spectrum of solutions that you may have to sell to management, easiest to hardest, will look like this:
-
Applications for delivery. You never face problem with this set of technologies, as the management is always willing to spend money on applications which make them money. All kind of applications which are essentials for business operations are always bought first.
-
Preventative Tools. This set of technologies, e.g., a great Firewall, or UTM device, are also not resisted much by the management of the organisations. Because they understand that these tools are must for KEEPING the bad guys off.
-
Monitoring Tools. This set of technologies are most often resisted by the management, because they don't understand the importance of monitoring tools, as much as they should. I am sure that you know that we need monitoring tools because these tell us what gets past the preventative tools.
Don't loose your heart…
So for monitoring tools you still can achieve a lot with some Open Source applications.
You may want to ask me:
"Listen, Meena, that I’ve inherited security duties alongside my regular routine of network operations monitoring and maintenance. How will I work it into my daily routine along with everything else? Is it possible to incorporate security monitoring alongside all the other responsibilities I already have?"
My answer is ‘Yes’.
In a very basic sense, the ultimate goal of a network operations administrator is to keep the company from losing money as a result of poor infrastructure performance or downtime.
The goal of a security practitioner is to protect the company against financial loss through data corruption or theft and service outages as a result of malicious activity.
So it’s “prevention of downtime” and “protection of data”. These two goals do seem to converge. See, these are twin and complementary goals.
-
What are Network Security Monitoring tools?
Network Security Monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions on computer networks. Network security monitoring tools typically have features such as:
-
Network-based threat detection
-
Proactive network queries for security data and/or “hunting” for suspicious behavior
-
Integration with one or more threat feeds
-
Create and automate security alerts
While the tooling isn’t identical, there is a LOT of overlap, especially when it comes to network security monitoring.
Network security monitoring tools include technologies like :-
NMAP to discover systems and the services running on them.
-
OpenVAS to discover vulnerabilities associated with the systems on your network.
-
Next, you'll need intrusion detection system software like Snort (NIDS/IPS and host-based IDS), log analysis and event correlation tools like SIEM to trigger alarms that require more investigation. OSSIM is a great Tools for this purpose.
-
Finally, you'll use netflow analysis and packet capture tools, e.g., Wireshark, etc for in-depth analysis of the relevant traffic once an incident investigation starts. You'll also need access to the raw log data for specific incidents.
All these are open-sourced and can offer you a great head start, anyway!
-
What do you think of this approach that you can adopted even if you are denied of availability of right monitoring tools?
Please leave me your valuable thoughts or views in the comment section.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM