Research Papers

Applied Network Security Analysis: Moving from Data to Information

By Mike Rothman

We have been saying for years that you can’t assume your defenses are sufficient to stop a focused and targeted attacker. That’s what React Faster and Better is all about. But say you actually buy into this philosophy: what now? How do you figure out the bad guys are in your house? And more importantly how they got there and what they are doing? The network is your friend because it never lies.

Attackers can do about a zillion different things to attack your network, and 99% of them depend on the network in some way. They can’t find another target without using the network to locate it. They can’t attack a target without connecting to it. Furthermore, even if they are able to compromise the ultimate target, the attackers must then exfiltrate the data. So they need the network to move the data. Attackers need the network, pure and simple. Which means they will leave tracks, but you will see them only if you are looking.

We’re happy to post this paper based on our Applied Network Security Analysis series. Check out the table of contents:

ANSA Table of Contents

We would like to thank Solera Networks for sponsoring the research. Without our sponsors we couldn’t provide content on the blog for free or post these papers.

Download Applied Network Security Analysis: Moving from Data to Information