More than Just Lines on a Map: Best Practices for U.S Bike Routes
Don’t sit on a 2 leg stool
1. Secure your
Endpoints
Use a Firewall
Continuously
Monitor the
Network
Don’t Sit on a 2 leg Stool!
Because you will eventually fall and get hurt
Don’t Sit on a 2 leg
Stool!
Why You Need “Continuous Network Monitoring”
Netwatcher.com
2. Why Do Continuous Monitoring?
• Fortune 5000 companies have been doing advanced
cyber security for over 15 years and using all levels of
the cyber security maturity stool.
• Why? Because a layered approach is the only way to
cover your bases and reduce your risk of compromise
• Why? Industry compliance standards (HIPAA, GLBA,
FINRA, PCI-DSS etc.) compliance all require network
monitoring
• Why? Most companies are exploited because a user
lets a bad actor into the network & not a bad actor
breaking in on their own.
• Why? Because the median number of days that
attackers were present on a victim’s network before
being discovered is 146 days (more).
3. Secure Your Endpoints (laptop, phone etc.)
Endpoint protection consists of security solutions that address endpoint security issues, securing and protecting
endpoints against zero-day exploits, attacks, and inadvertent data leakage resulting from human error.
• Signature Based Anti Virus – Monitors memory, images & binaries for known malware
signatures.
• Endpoint Firewall – Monitors what TCP/IP ports the user of endpoint can use to
communicate.
• Virtual Private Network - Enables users to send and receive data across the Internet as if
their endpoint were directly connected to the private network.
• Web content filtering – Monitors what HTTP(S) sites user visits for malware and other
nefarious activity (pornography etc.)
• Host intrusion protection – Monitors important operating system activities to ensure
protection against malware intrusion.
• Behavior analysis – Monitors the behavior of all processes for potential harmful action.
Keep the bad actor from being able
To take control of your assets…
What happens if you don’t have endpoint security: Every time a user goes to a website, opens
an email or download a file your company is at risk of being owned!
4. Use a Firewall
A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined
security rules. A firewall typically establishes a barrier between a trusted, secure internal network and the Internet, that is
assumed not to be trusted (secure).
• If you are using an internet provider’s router it does Network Address Translation
(NAT) converting an external IP address range to an internal IP address range –
this provides a certain level of traffic filtering.
• Layer 3 Firewall - A packet filter which looks at network addresses, ports and
services of the packet and determines if the packet should be allowed or blocked.
(example: block all inbound traffic from Iran; block a list of known bad IP
addresses; block all inbound HTTPS/443 traffic but allow outbound HTTPS/443
traffic)
• Layer 7 Firewall (or application firewall, or Next Generation Firewall or Intrusion
Protection or Unified Threat Management or Web Application Firewall) – A
packet filter which looks at the content of an application and determines if the
packet should be allowed or blocked. (example: block all pornography)
Keep the bad actor from being able
To get into the network…
What happens if you don’t have a firewall: Then your endpoint(s) is/are exposed directly to the
internet. Any services running on the endpoint will be accessible for attempted compromise and
reconnaissance.
5. Continuously
Monitor the Network
• Log Monitoring (SEM) - Provide real-time analysis of security alerts generated
by network hardware and applications.
• Intrusion Detection (IDS) – Monitors network via Deep Packet Inspection for
malicious activity or policy violations.
• Net Flow Analysis – Monitor the analytics of a networks traffic
• Active Scanning – Assess computers, networks & applications for weaknesses.
• Advanced Correlation – 1. Monitor events from the SEM, IDS, Net Flow and
Scanning over time for poor security hygiene, security vulnerabilities and
exploits 2. Classify severity of the issue 3. Alert others via a workflow based on
the severity of the issue.
What happens if you don’t do continuous monitoring: You may miss attacks on other IOT devices (smart TVs on board room walls, printers,
smart phones). You may miss root-kits that have compromised assets. You may miss poor behavior by the staff using vulnerable/risky
software or going to nefarious websites or sending data over the internet in clear text all of which will lead to your company being breached.
Monitor the network in case someone lets a bad
actor through the firewall by un-intentionally
creating a security vulnerability … Monitor if an
Endpoint gets exploited…