Page 39 - index
P. 39
select group of servers, should be denied egress. The traffic that is allowed outbound should
be subject to strict monitoring and response policies. For the point-of-sale environment, the
Payments Card Industry Data Security Standard requires egress filtering from any server
present in the card holder environment. Egress filtering is a practice that goes beyond IT,
requiring administrative and policy support for successful implementation. However, egress
filtering can often be the final and most effective measure to prevent stolen data from being
exfiltrated.
Network anomaly detection. Network behavior anomaly detection is an ideal
complementary technology in the system of data protection, continuously monitoring the
network for unusual occurrences and unusual traffic patterns. Anomaly detection can include
traditional technologies such as network intrusion detection systems (NIDS), more modern
technologies like web application firewalls (WAFs) and cutting edge analytic solutions that
capture, monitor and normalize traffic patterns and alert you to abnormalities. At the heart of
all these technologies is how the information is collected, normalized and alerted on. The
key to successful anomaly detection is monitoring and response, which depends heavily on
prioritizing the events that analysts see. For example, an alarm related to the portscan of a
public system most likely does not have the same severity and time-sensitive response as
an alarm indicating an attempt to connect to an external FTP site from a sensitive internal
network. By prioritizing alerting and response policies to favor events that are traditionally
related to data exfiltration, analysts have a much better opportunity to catch such activity.
About The Author
Avery Buffington is the Information Security Architect for SecureNet,
an end-to-end omni-channel payments processor based in Austin.
Avery has 13 years of experience in the data security and financial
services industries, and graduated with a Bachelor of Science in
Engineering from Texas A&M University.
Avery can be reached online via the SecureNet website:
http://www.securenet.com.
! " $
! # ! "
