Op-Ed: Why network detection and response should be central to your cyber security strategy in 2021

While working from home is not new, last year’s pandemic made it the norm, overnight. Faced with lockdown restrictions that meant business as usual was an impossibility, Australian enterprises had two choices: shutter their operations entirely or send their teams home with laptops. Thousands chose the latter option – in May 2020, over 4.3 million working Australians were working from home, according to Roy Morgan research. Many organisations have since decided to allow employees to continue to do so, some or all of the time.

Organisations which had migrated their core applications to the cloud found the transition to remote working a significantly easier proposition than those with ICT infrastructure centred around in-house data centres.

That fact has not been lost on technology and business leaders. In the wake of the crisis, we’re seeing an extraordinary wave of digital transformation, as enterprises of all stripes dispense with deliberating and planning and start executing on cloud first strategies.

Rethinking security in the cloud and remote working era

But while the benefits of remote working and operating in the cloud – flexibility, scalability and reduced capital expenditure – are well documented, both can call for a significant cyber security rethink.

An ICT environment that comprises a geographically dispersed array of mobile endpoints connecting with a suite of applications running in the public cloud and an environment centred around a legacy, on-premises technology stack are two very different beasts.

Traditional perimeter-based security provisions designed to safeguard the latter are not fit for purpose when significantly more activity is taking place outside the perimeter than in. Endpoint detection and response technology are a part of the obvious solution. However, they are best deployed to maximum advantage with other solutions such as security information and event management (SIEM) and network detection and response (NDR) because relying upon it as primary defence presupposes that ICT and security personnel are aware of each and every endpoint with access to the network – and are confident they can lock them all down. If your organisation has a large number of employees working remotely and/or a Bring Your Own Device program, that’s a brave call.

Real and rising threats

VIEW ALL

Doubly so, given the threat landscape with which enterprises are having to contend in 2021. High tech attacks have become more prevalent since the onset of the COVID pandemic, which itself sparked an onslaught of opportunistic phishing and malware campaigns designed to capitalise on fear, uncertainty and doubt surrounding the virus.

The Australian Cyber Security Centre reportedly receives an average of 164 cyber crime reports each day and organisations which have experienced damaging attacks in the past year include beverage giant Lion and, more recently, community services agency UnitingCare.

Last year, the federal government committed to spending $1.67 billion on building new cyber security and law enforcement capabilities, raising community awareness about staying safe online and developing programs to help local industry protect itself.

Given the potential for disruption, and the high cost associated with a major incident, businesses are well advised to invest time and resources in ensuring their network and data aren’t easy targets.

Comprehensive monitoring of the entire enterprise

For many enterprises, a network detection and response (NDR) solution will provide greater visibility of network activity – normal and otherwise – and more all-encompassing and effective protection than their current cyber-security stack.

NDR solutions continuously monitor network traffic on business networks and flag suspicious behaviour which deviates from established baselines.

The technology provides security teams with complete visibility across the network and sophisticated analysis of the vast volume of traffic it carries each day – irrespective of whether it emanates from in-house or cloud-based systems, or from known or unknown endpoints.

Unlike many legacy cyber-solutions, it’s immediate, it provides instant insight and responsiveness, and it’s always ‘on’.

Investing in a stronger, safer future

The events of the past year have triggered a widespread rethink by organisations, about their ICT architecture and infrastructure and the way in which their workforces are organised.

If your business is among them, ensuring your cyber-security strategy reflects the new reality is critical, if you’re to minimise the possibility of compromise or attack.

Glen Maloney is the ANZ regional sales manager at ExtraHop.