Finding Suspicious Activity on Your Network
A critical, but often-overlooked, aspect of securing a network is network security monitoring (NSM). NSM allows the information technology team to understand what is happening on the network. If preventing an attacker from maliciously entering a network is the first goal, then understanding when a network has been compromised is a close second. According to the MITRE ATT&CKTM web site, https://attack.mitre.org/, hackers often snoop around or attempt to install malicious software once they’ve gained access to a network; these activities can often be detected, which can save a network from being compromised with ransomware. One of the most powerful tools that can help provide visibility within a computer network is a Network Intrusion Detection System (NIDS). A NIDS is designed to monitor internal network traffic and highlight suspicious activity so that system administrators or security professionals can ensure only legitimate activities are taking place on the network.
One notable NIDS is the open-source solution known as Security Onion. Security Onion is an Ubuntu (Linux) based system that combines several free-to-use tools to review network traffic and automatically flag it for a System Administrator to review in more detail. Since Security Onion is an open-source product and uses open-source tools, it is currently free-to-use for the average business. Security Onion also includes a wealth of resources in a community forum where its users can post questions/answers as well as view tutorials about how to use Security Onion in various business environments.
One of Security Onion’s most powerful features lies in the fact that it doesn’t just flag potentially suspicious network events for a System Administrator. Security Onion also saves the network event’s data, or packet capture, so that the person investigating can “drill down” into what happened to see if the flagged event is truly malicious or not. Security Onion also provides helpful tools that allow it to evolve with the ever-changing landscape of the cyber security universe. Utility applications such as SALT (which allows a person to manage multiple sensors and servers), which is baked into the product, can easily be updated to automatically collect new detection rules. Skilled security professionals can also create custom rules to fit the circumstances of their environment.
Protecting your network doesn’t have to be expensive. Our experience with Security Onion shows that there is a lot of capability in open-source, free cybersecurity tools for organizations wanting to improve their cybersecurity protections.