Page 106 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 106

addresses, you can use the other 154 unused IP addresses as virtual decoys that are vulnerable
                   to attacks. If a decoy is attacked, you will receive an alert and be able to investigate the incident
                   and possibly find out “who done it.” So, look for decoys that capture information on the methods
                   used to compromise the network so you can stay one move ahead in the cyber war.


               7.  Network Segmentation makes it more difficult for cybercriminals to freely navigate your network,
                   which is relatively easy for them to do in flat networks. If you carve the network into several
                   segments, you can protect each one with a firewall that enforces authentication. Think of a single-
                   road town vs. one that’s broken into many streets, and has a toll booth at the beginning of each
                   block. Besides making it more difficult for a cybercriminal to navigate the network, it’s easier for
                   you to isolate and quarantine an attack. Small segments also allow you to control the flow of traffic
                   and create zones where users are authorized and unauthorized. However, the goal is not just to
                   create as many segments as possible. In order to segment the network effectively, the method
                   should be based on a strategy that incorporates factors such as the criticality of the servers, the
                   type of servers, and who should have access. In addition to improving network security, network
                   segmentation can also improve network performance. For virtual environments, look for a solution
                   that offers software-defined network segmentation.



            Now that you’re familiar with the tools that can come together to fortify your cybersecurity infrastructure,
            you’ve probably recognized the common thread. To optimize the performance of the seven key tools, it’s
            important to make sure they can interoperate with one another so you can create a security ecosystem.
            The tools should all interconnect and report back to a centralized system for a single plane of glass view.
            The more information that is shared, the more intelligent each tool becomes, making it easier for them to
            protect your organization from attack.

            It’s also important to link your security ecosystem to external threat intelligence services offered by the
            leading security vendors. Sharing threat information with other businesses helps everyone learn about
            the latest threats and cyberattack techniques. By helping our industry peers build a better knowledge
            base, we are unified against the unseen entity that continues to evolve and strengthen as it grows.






























                                 106
   101   102   103   104   105   106   107   108   109   110   111