Network Security Across the Full CyberAttack Continuum: What Defends During the Attack

by | Apr 17, 2019 | Cyber Incident and Response

A few days ago Charlie Osborne for Zero Day wrote about a card skimming malware that had been active and collecting the payment card data of AeroGrow customers for months before it was ever detected.

In other words, AeroGrow was in the middle of a malware cyberattack for months. They only recently figured it out.


DID YOU KNOW? sixty-one percent of breach victims in 2017 were businesses with under 1,000 employees.

There are two important things to accept about the ‘During’ phase of the CyberAttack Continuum:

  1. You are always under attack, and therefore, always in the ‘During’ phase.
  2. Unless your business is equipped with what defends during an attack, you may not have the first clue that you are under attack until copious amounts of damage is already done.

A Strong Network with Able Defenses During an Attack

A network’s defense during an attack will be strong only if the business has already put in place those security solutions that will give it the visibility it needs to be aware of what is going on. Please read Securing Your Network: Before the Attack for the elements of a visible and expandable network. If the business’ staff has also been properly trained, they will also be alert to threats and ready to respond. Data governance software will likewise be on the alert for unusual activity and ready to isolate anything suspicious that strays from acceptable behavior.

During an attack, these are the four actionable areas that are able to enforce continuous control over a network to detect and to block malware, or hacker behavior, when it strikes:

1. Trained staff that are able to report and respond.

Unusual network slowdowns, links that spontaneously redirect: these are two examples of little glitches in a workday that might make the casual employee register annoyance, but will register concern and action from the trained employee that recognizes these are common signs of network intrusion. If an employee is properly trained, they will be able to identify and isolate network areas that might be infected.


DID YOU KNOW? According to Cisco Security, thirty-one percent of organizations have experienced cyber attacks on operational technology infrastructure.


DID YOU KNOW? Ransomware attacks are growing more than 350 percent annually.

2. Network Intrusion Detection System (NIDS)

A Network Intrusion Detection System (NIDS) will be actively detecting suspicious anomalies and blocking them when the threat strikes. Because threats are evolving daily, and malware creators are forever innovating their code to evade detection, it is critical to have an intrusion detection solution that orchestrates with a threat intelligence provider that shares malware identification records with all networks. As Cisco Partners, our expertise is in:

Cisco Snort (an open source IPS)
Next-Generation Intrusion Prevention System (NGIPS) (a network-based IPS)

Both of these are connected to Talos Security Intelligence and Research Group. Talos provides a strong combination of artificial intelligence and threat intelligence researchers that are continuously surveying the internet. What they discover about malware and threat behaviors across the whole internet is shared with every system that is part of their intrusion detection network. At the moment of an attack, the NIDS will be identifying the malware markers with all the identifying markers known of similar malware. If your particular bug is a zero-day attack (and if yours is the lucky network to first be exposed to a new strain) the likelihood that it will be recognized is drastically increased because, while parts of the code may be unique, the parts of the malware that are known and cataloged will be recognized, quarantined, and evaluated.

3. Use visibility and monitoring software to surveil network behaviors.

The cloud security platform, which is an essential element to network security that would have been implemented before the attack, will provide the effective visibility and monitoring. It will see what is presently attacking the system, report, and respond. In the Before The Attack Happens, Part 1 edition of this series we share several solutions that might be used by a network to facilitate this.


DID YOU KNOW? only 27 percent of agencies report having the ability to both detect and investigate attempts to access large volumes of data. As such, large data breaches of many US agencies could easily go undetected for long periods of time.

4. Data Governance

What if a sophisticated hacker, or maybe an employee with legitimate credentials and a heart full of fraud, logs into an area of the network that contains trade secrets, and attempts to steal proprietary files? A data governance solution will protect you from this kind of scenario. Having the power to pinpoint irregular activity, like unusual network behavior by an employee, or having a system that can immediately detect a user accessing sensitive areas of the network in suspicious ways, is a system equipped with data governance. MS Office 365 possesses a data governance solution that is sufficient for most small businesses. Enterprise-level networks will need a solution that is more robust and scalable. All good data governance solutions will be able to:

  • Classify network data with respect to sensitivity and priority
  • Detect irregular activity
  • Immediately disable an account that behaves irregularly
  • Kill active sessions, and
  • Isolate the area of potential compromise and the suspicious activity

Call Secure Networkers at (281) 651.2254 with your questions. Our job is to help you select a network defense solution that will keep your business healthy and at the peak of performance.

Hybrid VDI - Total Economic Impact of VMWare End User Computing