Thursday, November 10, 2016

Netiquette IQ Blog Of 11/10/16 - Financial Institutions Network Security Is Being Blinded!

Tabula Rosa Systems, our sister company provides :best of breed" network, security and systems management products for all sizes of companies and their applications. One of our premiere products is PacketViper. The article below is by Frank Trama, one of the company' founders and its CTO.  For more information on this product or to see the Tabula Rosa product suite, please contact them as noted below.

Financial Institutions Network Security Is Being Blinded!
Nov 4, 2016
Today, Financial institutions (not limited to) are being over run with security logging and alerting. Each new monitoring and alerting device adds more things to consider when evaluating threats on a daily basis. You would think this would help, and is a good thing? It is and isn't at the same time. We bury our faces in reports, sift log after log for the magic bullet, set up countless alerts on top of alerts, to chase countless rabbits (false positive) down holes. This in itself burdens budgets, jades security teams, and masks legitimate threats that can ultimately lead to breach.
How many stacks of reports, graphs, and pie charts do you look at today? How many lines of logs do you look at? Do you stop when your eyes are bleeding? I personally I've chased enough rabbits down holes (false positives) to where I almost grew a tail

To understand the enormity of the problem let's rewind the clock a couple year and see what it was in 2014: Damballa's Report

The average North American enterprise fields around 10,000 alerts each day from its security systems, far more than their IT teams can possibly process, a Damballa analysis of Q1 2014 traffic has found.

You have to ask why? Why are we seeing this many alerts on a daily basis? The simple answer is we are not considering what we are allowing to and through the perimeter. We basically open up exposures into our firewalls and DMZ's, then top it off with a army of monitoring devices to watch and understand the traffic.

Hold on! Before you write me a nasty comment... Here is what I'm saying. Today we are allowing everything to the gateway forcing the security devices to inspect everything. This is how they are built and designed.

For instance: your firewall rule may look like this

permit any to tcp/udp x,

permit any to any tcp/udp port x, y, z

What you told your firewall is allow everyone on the planet access to those IP's and Services. What if that was a VPN, HR, WebMail, FTP, VM, PAYMENT PROCESSING, SSH, RDP, or TELNET Portal?

Have you ever asked why are we doing it this way or why are we inspecting everything?" Imagine if your security environment only had to inspect 30% of what you are seeing today. That would alleviate logging, alerting, shrink rules sets, provide faster threat detection, and unburden human resources. Right? Right!

You're probably wondering it can't be that simple? It is though. Lessen the traffic burden lessens the traffic load. Today in many situations the solution may look like:

We need more bandwidth
We need a bigger firewall
We need to consolidate logs and alerting
We need more staff
All of this may be true, and if budgets permit. Got for it! But think about it. If we we can remove the bulk of the garbage traffic (let's say 70%), without it interfering with production traffic and all the above is mute.

There is a light at the end of the tunnel, enter the Geo-IP Layer a seemingly simple layer but when done properly will remove the burden through the security environment by eliminating the waste before it enters. But don't think for one minute your current security devices can do this properly. That's a myth. The problem has always been that current security tools only provide a subset of what is needed to properly Geo-IP, that leaves a bad taste in the security teams mouth. Separating the Geo-IP layer from the application layer is vital to have this layer work to your benefit. Anything else, you are back to where you started.
The Geo-IP layer sole purpose is to effectively eliminate traffic before it is inspected. The end result is what you see in the image below.  A much cleaner more effcient security environment.


Another Special Announcement - Tune in to my radio interview,  on Rider University's station, I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.

I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me

No comments:

Post a Comment