The ransomware operators are paying attention to quality over quantity of attacks. So, it is high time that the CISOs monitor and think two steps ahead of them. Assume the malicious actors are already inside your network. How will you counter their next move? How will you secure the other segments and critical data feeds? In this article at DarkReading, Brendan O’Flaherty shares tips to bolster security defenses by reducing malware dwell time. It is the duration an intruder remains undetected in your network. They can spend months exploring crucial work backups and leveraging entry gates to push more ransomware viruses into your system.
The Fact Check
According to the Accenture Security and the Ponemon Institute report, malware attacks cost about $2.6 million on an average to the US organizations. One of the many reasons for this surge is the growth of network blind spots. The good news is that you decrease the dwell time and reduce the impact of the breach. Follow these steps for effective network monitoring and reduce malware dwell time:
Watch the Traffic
Monitoring network traffic is crucial to detect unusual behaviors that signify a security breach. Keeping a close tab over the IP addresses helps you evaluate and raise the alarm to investigate bizarre activities.
Analyze Stored Data
Ensure the movement of stored data flow, right from the beginning till the end of the breach. Uncover the depth of malicious activities or damage they have caused. Search ways to restrict the spread any further. Your cyber teams must seize and store packet data before, during, and after the security compromise.
Revive Remote Policies
Most working professionals are still reporting from distributed networks. Thus, using pre-pandemic security policies based on assumptions is risky. By revising the security restrictions, you can mitigate the existing gap and address potential threats.
Vigilance in the Cloud
Some organizations have relocated their web applications to the public cloud. However, such moves leave a bump in network visibility. Cloud service providers are offering features that allow you to replicate your network traffic. A virtual packet broker then shifts the web traffic to a secure cloud network. You can store the feed as a virtual packet data in a cloud storage for compliance proceedings.
Click on the following link to read the original article: https://www.darkreading.com/vulnerabilities—threats/assuring-business-continuity-by-reducing-malware-dwell-time/a/d-id/1339021