What is Internet security? It is the systems and procedures an organization puts in place to detect and mitigate threats. Beyond this broad definition, it also depends on who you ask within IT. Members of the network intrusion detection team might tell you that the firewall or intrusion detection system is responsible for stopping Internet threats and therefore, Internet security involves protecting the company from the Internet. But it means even more than this.
Enterprise Network Security
If you pose the question “what is Internet security” to the IT team responsible for the desktops, they might tell you password rotation and antivirus software protect the company from the Internet and if you brought the question to the enterprise network security team you would probably hear an answer that encompasses all of the security efforts by the individual IT groups.
What is Internet Security then?
The definition of “what is Internet security” also needs to consider forensic investigations as even the best threat detection methods will not stop every phishing and click jacking attempt. We have to take the approach that malware does and will continue to make it onto the corporate network. Eventually it is detected and then forensic investigation needs to take place. Who introduced the infection, how does it behave and what other devices are behaving the same way? To answer these questions, the definition to what is Internet security needs to be updated to include a method for performing forensic investigations on suspected threats.
The best network internet monitor protocol for taking a forensic approach to cleaning up and mitigating malware is NetFlow and IPFIX. NetFlow is a technology developed by Cisco which has been adopted by all other major, switch, router and firewall companies. Server companies such as Citrix and VMware have since followed suit with support for IPFIX which is the IETF standard for NetFlow. The communities supporting these protocols are growing and for good reason. Flow technologies offer the only cost effective way to compile a distributed end to end view on a hop by hop basis of all traffic as it traverses the network infrastructure. Because nearly all routing hardware purchased over the past 10 years from Cisco supports it, most companies simply need to invest in a NetFlow collector and then direct all the flows to it.
One NetFlow community that is gaining popularity is the NetFlow Knights who are backed by Plixer. The NetFlow Knights were the first supporters of NetFlow to wield a NetFlow sword at network threats. The sword represents flow technologies and the Knight is the knowledgeable engineer who understands how to leverage flow data to detect and mitigate network infections.
A NetFlow Knight would answer the question of what is Internet security by stating that flow technologies offer another layer of threat detection. He or she would also explain that NetFlow and IPFIX are one of the ideal solutions for filtering down to the culprits carrying a virus, key logger, bot or other form of malware.
If you would like to learn more about NetFlow and IPFIX, sign up for one of the Plixer Advanced NetFlow Training classes offered in a city near you. Find out who develops one of the best NetFlow Analyzer solutions available today.