What would you do if you found out your network had been compromised by a vulnerability that allowed a hacker to gain access to your users’ most sensitive information – passwords, stored files, bank details, even Social Security numbers – and worse yet, the security certificates you rely on to encrypt all of this data when it’s transmitted across the Internet? And what if these hackers were able to do so entirely unnoticed?
That is exactly the result of the Heartbleed bug – a security vulnerability in OpenSSL that gives hackers access to the memory on data servers – recently discovered by Finnish security researchers working for Codenomicon and security researchers at Google. Now websites and companies both large and small are working to update their software to patch the vulnerability, but its impact on the general public is still being assessed and the extent of the damage won’t be known for some time.
The chaos surrounding the vulnerability’s discovery continues to prove that despite the very best efforts of companies, computer networks will continue to be vulnerable to hackers because the potential financial gain for hackers is enormous. In addition, organizations are starting to recognize that security and privacy are no longer restricted to the IT department – they now affect everyone.
While the best technique to combat evolving security threats is vigilance, there are also tools available to help you gain additional visibility into your network. Network forensics works as a contingency plan in case a security breach does occur. It can help you clean up your network to make sure that there are no lingering infections or other suspicious traffic, and it can also help to determine where the hacker breached your network, allowing you to fix any security holes.
While most enterprises have solutions in place to store and subsequently mine log data over relatively long periods of time, it usually only provides reports of relatively high-level events and cannot tell you how something happened, only that it did. In the case of the Heartbleed bug, there may not even be any log information from security systems since the vulnerability can be exploited without triggering any alarms at all. However, a network forensics solution can provide a recording of many days or even weeks of network activity, making the task of determining the fingerprint of the attack, the depth of the penetration, and the data that was compromised much easier to assess.
Unfortunately, we now live in a world where events like the Heartbleed incident are becoming more and more common. As a result, we must be aware of the trends affecting the security industry (both big and small) and implement solutions such as network forensics to ensure security threats don’t compromise your users.
To read about more real-world examples of how network forensics can aid your organization in determining the effects of security threats, read our white paper, “Real-World Security Investigations with Network Forensics.”