How do you improve your security posture with network security analytics?

This is a vast domain. It includes AI devices which sniff and learn the behaviour of your network, Identity and Access Management devices, probes, Event Manager and Orchestrators on top. It is expensive and time consuming and require skilled and trained people to be managed. That is why a lot of Service Providers are proposing all those element in "As a Service" form, still expensive, but more interesting for the top mangers of a company which do not have an internal and adeguate security team.

Define your network security goals and metrics. Assess your network security data sources and tools. Choose a network security analytics platform or solution. Deploy and configure the platform. Consistently monitor your networks and software for vulnerabilities. Perform regular penetration testing. Undergo regular cybersecurity audits and internal audits. Automate threat detection and remediation. Make regular updates as needed. Use automated cybersecurity solutions to monitor your network.

With the new breakthrough in Technology and Information Exchage for AI era, the Security threats are increasing which is leading to adapting new measures and approaches Dilemma is to achieve this target without enforcing any unnecessary thresholds which can limit Data Exchage

You need to have a significant amount of (meta) data sources (networks elements, policy enforcement points etc) - on-prem, mobile systens, and within the cloud since the attack surface has massively changed over the last few years. Ideally, these data sources are dispersed worldwide and allow for collaboration, i e the network security analytics systems can process a wide variety of which will help to detect anomalies earlier - and can help to mitigate further propagation and use of attack patterns. Consent of the owners of these (meta) data sources required.

No one can be 100% aware of what goes throught its network. The more complex and distributed the network is, the worst is the problem. Network Analytics can help in collecting, manage and correlate data from different sources. In addiction more and more companies today are subject to law obligations in Security issues. Therefore those tools and devices are becoming unavoidable.

In my opinion, consider doing the following; -Assess the Infrastructure of the organization -Collect logs of the generated report of the Assessment. -Go through the logs and observed situation till you are able to get the analyze network. -Implement the changes observed. -Observe the security score if its high or low. -If it's high, kind check what may be the issue and further Inform the organization. -If secure score is ok, kindly proceed with a good security position.

First of all you must identify critical information assets of the organization. Then integrate them to a SOC (Security Operations Center). Try to collect maximum possible and security related information (logs, flows, packets, etc) from those assets to forward rule engine of the SOC. After that you can configure rules for each identified security use cases. Tune the rule engine to optimize analytics and avoid false positives and use AI as much as possible to improve the analytics. Technology is only one aspect of the SOC. You must strictly consider on People and Process. Then improve knowledge, skills and attitude of the people and optimize the process using orchestration tools. There should be a balance in People, Process and Technology

One very useful technology is the user ID based security policy features that some of the modern NGFW provides. It helps improve network security analytics by providing insights into user activities by user user ID instead of traditional IP. This is gives capabilities to dig deeper into what is happening on the network

There are several tools, it depends on the complexity of your network and how critical are Security Issues for you company or your work. Sometimes NGFW are enough, in other situations you need AI based Traffic sniffers, PAM, IAM, NAC, SIEM, SOAR, a SOC Team and (most important) PROCEDURES which clearly defines roles and responsability in terms of Security incident. In addiction in Europe there are laws which impose obligations and require compliancies in security infrastructure to be in place for some kind of critical companies (highways, railways, telcos, Oil&Gas companies, etc)

Collaborative network security analytics will help to prevent attacks before they can cause harm in distributed IT enviroments - and make security rather an enabler for the use of IT rather than a limiting factor (in user perception).

1. Most important thing is you can see real time security posture of the organization. 2. You have data to predict, forecast and have an insight about future security threats and risks. 3. You can early prepare for any kind of security incident when you get security alerts properly. 4. Improve protection, detection, containment and eradication to optimize incident management 5. You can identify the risk levels of the information assets and take measures to mitigate those risks

Law Compliance More effective response to incident Efficiency in Event Detection and prevention Capacity to manage secituty issues in large and heterogeneous domains with less SOC people.

It is Expensive Requires PROCEDURES to be followed Requires awareness at all levels in your company. Requires a Security assesment to identify and rate risks and associated damage. Sw and/or Hw tools are powerful, but are useless if not in complement with an internal awareness in terms of security and procedures which must be strictly followed. The company must be aware of its potential risks and the correlated damage, then must define a security budget.

We're in 2023, so AI should be part of this consideration. As attacks are evolving, the instruments and methods for anomaly detection are evolving, too: from pattern recognition via machine learning to the massive use of AI-powered security engines.