Enterprise IT has evolved significantly over the last decade. Today, IT teams are not only responsible for the availability and performance of their network but also the security of it. Key drivers of IT complexity have been the adoption of cloud based applications and the emergence of BYOD to work.
As we look forward, the IoT movement is going transform the way IT teams manage their networks. Cisco predicts that the global IoT market will reach $14.4 trillion by 2022 and cloud applications will account for 90% of worldwide mobile data traffic by 2019.
While this technology transformation has brought greater efficiency to businesses, it has created more responsibility for the IT teams to make sure that their IT environments is continuously available, provides optimal performance to the users and stays secure. For this to happen, IT teams need to be aware of every single action that occurs in their environments.
Whether it’s an internal employee using a non-sanctioned device or service, or an external act of cybercrime, proactive visibility that is also actionable is the key to combat network security and performance threats.
Below are three best practices for effective network monitoring in complex enterprise IT environments:
1. Automate flow record monitoring and network traffic analysis
Flow collection and traffic analysis capabilities can alert IT teams of any major deviations from the traffic baseline. In such cases, a more in-depth analysis can help determine whether there is any non-business use of the network and any activity causing performance degradation.
The actionable results of this analysis can to be to limit or even shut down such activity and ensure that the business use of the network gets top priority.
2. Monitor logs of all critical IT systems on the network
Comprehensive log management can also alert IT teams of any signs of breach, such as brute force password attempts or unauthorized configuration changes. Further, automatic collection and storage of logs can help with audit and compliance needs.
By identifying potential threats through continuous monitoring, log management can streamline troubleshooting for IT departments and make security red flags easier to spot.
3. Use IP reputation and geolocation to spot unusual activity on the network
Monitoring IP addresses based on their origin and reputation can provide visibility into any unusual activity in the network. Using the geolocation of an IP address can help determine whether the network is receiving traffic from geographies that are not business related and help pinpoint any sources of security risks.
As an example, if an IT administrator determines that the majority of traffic is coming from one specific geographical region during a DDoS attack, the IT team can temporarily implement a network access control list to block all traffic from that region. Similarly, blocking traffic from known malicious IP addresses can further reduce the risk of security breaches such as firewall port scans, botnet communications, and malware.
4. Educate users on how their personal IT behavior affects the company
Finally, IT security shouldn’t rest solely on the shoulders of the IT team. Rather, everyone in the company should be held accountable. To enable this, IT teams need to take the time to educate employees on how their personal IT behavior affects the company’s entire business and IT infrastructure.
For example, do employees know how to modify large high-resolution images so that those files consume less bandwidth? Are they password-protecting their laptops and mobile phones and modifying those logins as needed? Include information about the consumption of network bandwidth and the importance of security whenever employees receive new hardware or software to ensure your network isn’t compromised by a well-intentioned but misinformed employee.
Juniper Research recently predicted that the cost of cybercrime will hit $2.1 trillion globally by 2019. Now more than ever, IT teams need to be creative and vigilant in protecting their company infrastructure. Leverage log management, network monitoring, and traffic analysis to keep tabs on all infrastructure activity, and use IP reputation and geolocation to spot any unusual network activity.
Lastly, recognize that the burden of IT security can’t fall entirely on IT teams. Educate everyone in your company on how individual IT behavior can drastically impact a business and its IT infrastructure.