It wasn't just the number of alarms in Athens that forced the IT team to take a second look at alarm filtering, but where the alarms came from. The team--like many commercial enterprises--concluded that the real threat was within the network, not outside. The perceived attackers were mostly authorized users unplugging the Olympics workstations and replacing them with their own laptops--a blatant no-no, but not necessarily a black-hat attack. The team's main concern is filtering through these benign threats to focus on attackers attempting to sabotage competition results and other sensitive information. But, Noblot says, "[intruders] are not going to tell you they were trying to hack you, so it's difficult to know the true intent" of the trespass.
Millions of raw, uncorrelated security alarms went off in Athens, Noblot recalls, but only 22 correlated alarms were actually critical. "Of those 22, none had an impact on the Games," Noblot says. "We were seeing the alarms and knew people were not getting into the network."
Noblot and his team have since written more detailed scripts with their Computer Associates' eTrust Security Command Center event monitoring tool, which filters and manages network event information.
|
"We did a good job generating alarms, filtering false positives and aggregating them in Athens, but based on our experience there, we can go even further in correlating events," Noblot says. "We're pushing the logic one step further."
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.
