July 10, 2013

Network Traffic Monitoring: BYOD, Cloud Services and Internet Threats

Due to constant BYOD mobility in and out of the corporate environment, Chief Security Officers have been forced to take a closer look at managing this technological movement and how network traffic monitoring can play a role.   Here’s why: even when BYOD isn’t allowed on the businesses wireless network, they are often plugged into the laptop first thing in the morning and once they sync up with the computer, this pretty much puts them on the corporate network.  Also, they are still able to upload and download just about anything using a 3G or 4G connection and this of course can introduce Internet threats.  Smart security professionals realize that efforts to keep BYOD off the corporate are almost futile because employees can read and reply to emails all day long regardless of how they connect to the corporate network.  Everything from confidential conversations to top secret attachments are available on hand held devices and the malware detection is nearly nonexistent in many BYOD environments.

Monitoring Cloud Services

With the Android operating system (OS) being open source to the general public, developers of Malware can gain a better understanding of the OS and build more sophisticated threats.  The BYOD environment is already the “wild west” of the Internet and to add fuel to the fire, along comes cloud services.  If for some poor excuse of a reason, the security folks still think they have a good handle on BYOD security, just think about cloud services such as Apple’s iCloud.  Any notes taken on an iPhone, any photos, contacts, documents, even some emails are all backed up to iCloud all without even thinking about security.  When these accounts are hacked, all this information becomes the property of someone it wasn’t intended for.  The Microsoft OS might still be the #1 targeted OS by hackers, but more sophisticated attacks on BYOD devices are certainly on the horizon. Network traffic monitoring and threat detection best practices need to do a better job with BYOD.

Forcing Network Authentication

Since BYOD has become a way of life that most companies have had to embrace, here’s a tip to improve security around BYOD devices and their traffic.  Allow users to connect to the corporate network with their handhelds but, force them to authenticate to a system which interrogates their handheld device.  By forcing a rigorous authentication we can more easily track users and their traffic.  For example, the Enterasys Mobile IAM strategy scans devices authenticating onto the network and discovers details such as IP address, MAC address, operating system (iPhone, Android, Blackberry, Microsoft, etc.) which can be correlated with NetFlow data.  Archiving this data provides a powerful history into the past traffic of each BYOD device.

Internet Threat Detection

By investing in the right NetFlow/IPFIX analyzer, the behaviors of BYOD can be monitored for suspicious traffic patterns.  Handhelds reaching out to known compromised Internet hosts can raise flags, increase indexes and ultimately lead to further investigation.  Next generation NetFlow solutions can automate these routines.

In part two of this post, I’ll outline how proxy servers and NetFlow can be utilized to monitor for threats and just as importantly, how they can be leveraged to investigate Internet threats that could already be underway on your network.

About The Contributor:
Mike PattersonCEO, Plixer

As one of the founders of the company, Michael has been involved in the development of Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics at Plixer. He enjoys writing and blogging about all things NetFlow, IPFIX and sFlow related.

See My Other Posts