TMCnews Featured Article
July 31, 2012
NetFlow Identifies and Guards Against Advanced Persistent Threats
By Susan J. Campbell, TMCnet Contributing Editor
The shining star in monitoring network activity and detecting threats is NetFlow, a network protocol that collects IP traffic and helps companies determine the bad operations taking place from the good ones. With the increasing skills and intelligence leveraged by those bent on malicious activity, the need for NetFlow is increasing.
An unfortunate development that came along with the Internet age, according to this Plixer blog post, is the Advanced Persistent Threat (APT (News - Alert)). While NetFlow has proven to be effective in guarding against APTs, companies that have neglected to use NetFlow are at risk and are falling victim to less than positive actions taking place within an infrastructure. An APT is a cyber threat that allows the data on computers to be accessed by unauthorized eyes.
Some of the more sophisticated hacking operations have been referred to as APTs because of the scope of the damage they can do to the security of an operation. APTs are often carried out against credit card companies and other entities such as Sony’s Playstation network, which was down for more than a month as its team worked to bring security breaches to a halt.
Detecting such APTs is difficult because the attacks are persistent, planned, and most likely well funded. The process can take months, but APTs are able to work their way into a network and wreak havoc. Finding an invalid TCP isn’t going to bring down a threat, nor will comparing the way a host communicates in a network thwart the attack.
While those methods can detect threats, they don’t often point the way to an APT. Some have looked to packet signature systems that will detect unusual bit patterns, but that too has proven ineffective in bringing down an APT.
What has been found to be more effective in battling APTs is NetFlow monitoring by setting up a Honey Pot. A Honey Pot is a system that brings in decoy servers to gather information about who is attacking a network. While the Honey Pot is an integral way of bringing better security to a network, it’s not meant as a replacement to Internet security processes, rather they’re an added safeguard or layer of security.
By looking at all the connections with all hosts, an IP host reputation platform can shed light on APTs. The hosts that are known for their bad reputations will set off the alert. NetFlow monitoring is a perfect solution in this regard as it points to whom the Honey Pot server is trying to talk to.
By comparing and contrasting the behaviors made visible by NetFlow and Honey Pot, the fishy communications between internal hosts can be identified and investigated. The hope in implementing this process is to minimize threats, mitigate damage, and make the entire environment more secure.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.
Stay in touch with everything happening at ITEXPO. Follow us on Twitter.
Edited by Jamie Epstein
Internet Telephony Magazine
Click here to read latest issue
CUSTOMER 
Cloud Computing Magazine
Click here to read latest issue
IoT EVOLUTION MAGAZINE
