In the previous two steps of the NIST Cybersecurity Framework, identify and protect, we told you how to identify cybersecurity risks, map your environment, reveal vulnerabilities and take protective measures. So, what else should you do for optimal protection? Monitor these security measures and spot cybersecurity incidents in a timely manner. Within the NIST Cybersecurity Framework, we call this phase ‘detect’.
We gave an introduction to the NIST Cybersecurity Framework in an earlier article. You can read it here.
SIGNALLING CYBERSECURITY INCIDENTS
Every year, many companies are hacked or suffer a data breach. On average, hackers have about 297 days until these hacks and data breaches are discovered, if they are discovered at all. Even companies that spend thousands of euros on digital security have no idea whether a hacker is currently present on their network. ‘Detect’ is all about implementing and developing measures to spot a cybersecurity incident (and therefore hackers) in time.’
'When a new house is built, items that alert you to threats are often installed right away. Think smoke detectors, alarm systems and carbon monoxide detectors. You can think of the analogy of building a house as the detect function.’
HOW DO YOU SPOT A CYBERSECURITY INCIDENT?
There are some interesting things you can monitor to spot a cybersecurity incident in time:
1. Identify and interpret: of suspicious traffic within as well as to your Cloud and the behaviour of your Cloud's users.
2. Monitoring: of your Cloud based on network traffic, service provider users and activity.
3. Establish processes and procedures: to respond, in case a suspicious activity occurs in your Cloud.
HONEYPOT
Fundaments has a honeypot solution for this. Our honeypot is a VM in your network that pretends to be a legitimate part of your Cloud environment. Think for example of an AD server, database or network component. The honeypot can be set up to fit seamlessly into the setup of your Cloud environment. After setting up the honeypot, all you have to do is wait for the honeypot to detect an attacker or malware. There is no room for doubt. When the honeypot detects malicious network traffic, it is always traffic that has nothing to do with the honeypot. Upon detection, you are notified immediately.
Here's what this looks like:
Want to know more about our honeypot solution? Then contact us by calling 088 4 227 227 or email to info@fundaments.nl.
