In order to stay in front of existing and emerging threats, we need to actively monitor our information assets. These include networks, webshares, websites, student information, e-mail and many other pieces of information that are important to A&M and its partners.
A&M and its members have recently undertaken a project to broadly monitor a number of information assets using a behavioral analysis tool called Stealthwatch. Stealthwatch can, along with other tools, allow us to get in front of threats as they emerge, even when things such as virus signatures are not fully up-to-date. See the link here for more information on Stealthwatch.
But monitoring is only one facet of an information security program. We have to make sure that we’re staying on top of all threats, including those inside and to be ready if an incident occurs. The model we use in thinking through an information security model includes these parts:
Stealthwatch looks to protect the network at most members from the inside out: it collects information on IP-reachable parts of the network, gathering information on suspicious traffic and allowing the analysis part of Stealthwatch to put together a picture on potential and active threats to security. Stealthwatch detects insider threats, bot-net attacks, denial of service attacks of all kinds, advanced persistent threats (APT’s) and also tracks malware, even before it’s known to the cybersecurity community based on a malware’s behavior.
Aside from Stealthwatch, we also make use of a number of other tools and techniques to keep our membership safe: we use data leakage prevention (DLP) tools, we regularly scan for vulnerabilities on our networks and we filter incoming messages to ensure we blunt phishing attacks on the people who make up our membership.