The time machine for security pros is here – finally
"If I could turn back time."
The likes of us who work in cyber security know this is not just a pop fantasy by Cher. For security professionals it is a common wish that is usually triggered by a security breach.
The normal procedure to find out what happened is to dig into security logs. Many organisations rely on them and think that logs are the only way to track operations in data systems.
This isn’t the case anymore: now, there is an alternative. It’s called Network Recorder. Basically it means recording what happens in your organisation’s network.
There is a huge difference to old methods. Imagine that you missed a speech in a seminar. Logs are the notes taken by your colleague. Network recording is the video recording of the event.
Network Recorder goes far beyond logs. It is a true time machine that is a marvel in accuracy.
First of all, contrary to logs, there are no blank spots in the timeline. What you get is not just a glimpse of what happened but an exact recording. You could even retrace exact emails or Skype calls.
And accuracy is key when you get to the bottom of the attack and find out the culprit. To stand against the criminals in court with refund claims you need bulletproof evidence. You might also want to determine the latest good recovery point from the backups. That is just what network recordings provide.
Logs have another downside: unfortunately they are exposed to malicious operations. This means that if the malware stays under the radar and undetected for a long time – and unfortunately that happens a lot – it can rewrite the logs to clear the tracks.
This can't be done for network activity. Malware always needs the Internet connection to be operable, and that network usage is without a doubt traceable.
In our current security landscape it’s understandable that this kind of threat analytics is becoming more commonplace. We are happy to be able to provide the recording option as part of our Tieto Security Wall offering.
In the next blog I will tell what we and our partners can do to respond to detections.
Have you missed our latest white paper on ransomware?