Detecting and Preventing Cyberattacks in Your Network: New IT Security Models Can Protect University Systems More Effectively

University Business, December 2015 | Go to article overview

Detecting and Preventing Cyberattacks in Your Network: New IT Security Models Can Protect University Systems More Effectively


A University Business Web Seminar Digest * Originally presented on October 13, 2015

Despite being vulnerable to cyberattacks, many colleges and universities still have insufficient threat management defenses.

Cyberattackers will evade the strongest perimeter security defenses and spy, spread and steal vital research data as well as personal and financial records from members of the campus community, and can access university systems for months or years before a breach is detected.

In this web seminar, presenters discussed these threats, as well as the new defense-in-depth models that can quickly pinpoint and mitigate threats in progress, and shared strategies for how to meet university security requirements while providing an open and collaborative learning environment that embraces BYOD and mobility.

Mike Banic: As we talk to customers across every vertical market, cybersecurity is now everyone's concern.

And as we talk to institutions of higher learning specifically, there are a lot of regulatory issues that universities face. There are health clinics on campus, so sometimes they are subject to HIPAA regulations. Colleges have different kinds of stores. They use credit cards to collect payment, which are subject to PCI compliance. And they are oftentimes the host for private research. They have to protect all of that data, and they may have to adhere to the same kind of compliance requirements that their partner institutions have to comply with.

One of the things that's become clear to us is that you're facing a gap in cybersecurity. You've all invested very wisely. You've invested in firewalls, intrusion prevention systems, proxies and malware sandboxes. You've got a lot of great tools that help to collect event information on your network that is useful in the analysis of what happens when something does go wrong. Being able to perform some forensics is a great asset if you have to call in a forensic IT consultant. But there is research saying the average threat is present in a network 225 days before it's detected.

This is exactly the gap that we try to address. The goal is to do it in an automated way that doesn't require additional personnel, because universities don't usually have a lot of extra staff. Often, there are candidates in the student body who are interested in computer science and cybersecurity who may be able to add a helping hand.

But this will most likely not be enough. The more that things can be automated, the better. Real-time detection means that you find out about an attack while it's happening, before data is exfiltrated or destroyed.

Here, when we think about those 225 days, behaviors that can occur fall into a simple blueprint that informs us of the kind of traffic we need to inspect, which helps us to close that cybersecurity gap.

The most common way for the attacker to gain access is through a phishing attack. The second most common is through social engineering. Once he has access to your network, his goal is to gain control. He does that by taking whatever malware package he's been able to drop into the infected host and spread that to others so he can get a more durable footprint.

Another way is to elevate access. The credentials the attacker may have gained to get initial access to the network may not give him access to the host with the data he wants to steal, or access to the services that get him into the data that he wants. So he needs to elevate access and then establish control so he can slowly move that data to a waypoint and then, ultimately, exfiltrate that data outside of your environment, or, in the case of the highly publicized recent Sony Pictures hack, destroy that data.

That's where we look to focus-deep inside a network to detect any of the attack phases that would happen after the attacker's initial intrusion into the network. This requires listening to traffic in your network, and it's agnostic as to what kind of devices or operating systems you have. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Detecting and Preventing Cyberattacks in Your Network: New IT Security Models Can Protect University Systems More Effectively
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.