Telesoft Technologies has published two new Network Defence and Response white papers for Communication Service Providers (CSPs) and organisations focused on protecting revenue, infrastructure, services and customers, and networks.
• FlowProbe: TBPS Threat Visibility white paper addresses the issue of threats in encrypted traffic and how encrypted flow fingerprinting can be utilised to identify botnet command and control activity in Tbps networks.
Data security and protection remain intrinsic to information security, and ensuring that the Confidentiality, Integrity and Availability (CIA) of the data remains uncompromised is vital. No matter the protocol used – Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) – some form of communications activity will inevitably take place amongst compromised systems within a network. For example, while encryption in the TLS protocol is an essential protection against the exposure of personal information, it also clouds the intent behind compromised IoT devices as they are corralled into botnets.
By providing a legitimate and accurate means of identifying specific values from within a communication, IP addresses can be associated into entity sets of known botnets activity.
• CERNE IDS: Backbone Threat Detection white paper explores the issue of the exponential rise in IoT devices is leading to more bots. The paper details how, when operating in multi-Tbps networks, Network Detection and Response (NDR) solutions can provide additional opportunities for organisations to detect threats. By using sophisticated and enhanced Intrusion Detection Systems with well-defined rulesets and comprehensive signature lists, NDR solutions can identify threats communicating with, or attempting to establish a connection with C&C servers.
As Industry 4.0 continues to gain momentum, an ever-growing ecosystem of Internet of Things (IoT) is created. Where typically non-standard computing devices are becoming embedded with sensors/software and a method of communication to the internet. One of the key challenges is security, or more specifically, ensuring each of the IoT devices are securely designed, as well as being sufficiently secure once they have been introduced to their new network. This is leading to more vulnerabilities being identified and exploited by malicious actors. This often happens without any indication, creating a challenging scenario of how to understand which devices have been compromised and, if they have been compromised, what are they being used for.
Whether it be IRC, HTTP or a P2P botnet, all must traverse the network highway in order for its value to be extracted. NDR solutions and enhanced Intrusion Detection Systems can provide seasoned SOC teams and threat analysts with a spotlight for engagement. Used in tandem with an arsenal of experience and acquired understanding of Tactics, Techniques, Procedures (TTP), it can enable the identification of APTs and threat actors.
Martin Rudd, CTO at Telesoft Technologies explained: “Across the globe commercial cyber and nation state attacks are increasing at a rapid pace. This is putting a mounting pressure on SOC teams and threat analysts to have an in-depth knowledge and understanding of all the traffic passing across their networks. Achieving this level of deep visibility is a huge challenge. But the implications of malicious threats for organisations and CSPs focused on protecting revenue, infrastructure, services and customers, and securing networks can be dire.
“These two new white papers have been written to inform, and provide guidance, on the NDR solutions that should now be an essential part of any network security arsenal for any SOC and threat analyst.”
Both white papers are available to download from http://www.telesoft-technologies.com