If you don’t want to be caught off guard this Christmas and get a lump of coal, think twice about entrusting your network security with the watchful eyes of the mythical elves. Spending the holidays in the office with a PR nightmare and a badly compromised network, customer data leaked, and a serious career derailment; just not our idea of a jolly good time.
The bad guys (and Grinches) are out there. One way or another some are going to get in. The longer they are in your network, the better the chances they get their hands on the juicy goods. This is not wisdom, it is fact. Thousands of systems, from servers to cell phones to printers – there are vulnerabilities, phishing emails clicked, compromised apps are installed, and even the most trusted of employees may turn rogue. If you are not working under the assumption that the inner sanctum of your network is already in the hands of a hacker, you are making a costly mistake.
And we get it: you have no red flags today, no evidence of compromise. So why worry? But keep in mind that “no evidence of network compromise” is NOT the same as “evidence of no network compromise”. The fact that you don’t know (yet) doesn’t mean it didn’t happen! Never seen Santa fly around in his sleigh? Does that mean he’s not there? Or does it mean you didn’t look hard enough?
At FlowTraq we understand the difference between guessing and knowing. One day a machine comes under the control of a bad guy. No matter how good the tricks to hide the hack on the system, the communication remains visible on the network. Because “under control” means the hacker must communicate with the hacked machine. These are often small communications; ICMP sessions with more packets flowing back than coming in; TCP streams on high ports every 6 hours on the dot; UDP packets, one out, one back, each time. Using full fidelity flow data, even the smallest command & control channel is recorded, no matter how big the network.
Sometimes we catch a compromise because the hacker’s IP address is known. Sometimes we catch a new backdoor service sprouting up in your network. Sometimes it is the stream of valuables leaving your network on their way to the hacker. And sometimes a connection just “looked odd”. FlowTraq let’s you know, and it lets you investigate what happened before and after.
And when you catch the bad guy: use FlowTraq’s full fidelity forensic history to find out who else on your network has been naughty in just the same way. Sweep up, clean them out. And if you must, make a list and check it twice. That’s Santa’s way. Don’t just trust it. Know it.