‘Four Pillars of Network Security’ series: Part 2 – Behaviour Monitoring

Julie Blog

All you have to do is read the headlines to know that the conventional approach to IT security is failing. The rising number of security incidents globally reached 1,792 with nearly 1.4bn data records being compromised and billions of dollars lost along with reputations irreparable damaged. That is a year on year rise of 86 per cent and a clear indication that that the criminals are winning the cyber security war and organization’s need to change their approach.



Pointing the finger inwards, just at the hackers

So what’s to blame for this asymmetrical battle. It’s a perfect concoction of an increasingly complex network with a significantly growing number and diversity of devices connecting to that network. Combine that with a lack of visibility and understanding of the behaviour of the devices and data across the network, makes it easy pickings for the cyber-criminal. To add further challenge into the mix is that traditional perimeter and signature based security technologies are virtually useless in detecting the rapidly changing security threat landscape.

A new approach to the mitigation of risk

In order to protect, detect and respond to this new agile adversary and the dynamic nature of the network it is crucial that security organisations move towards an approach where the detection capability can fluidly understand the network and every device connected to it but more importantly be able to build a behavioral fingerprint of each device and data flow and monitor it for good behavior.

This shift to behavioural monitoring and behavioural threat detection removes the reliance on signatures and significantly increases the breadth of the detection to include zero day unknown attacks. The ability to fingerprint and behaviourally monitor any device connected to the network not only allows you to improve the breadth of coverage to any IOT device but also broadens the detection capability to include zero day unknown attacks.

Unfortunately boarderless networks and ubiquitous connectivity diminishes the power of traditional perimeter-focused security and significantly increases the chance of a malicious adversary gaining access to the network. Once inside there is often limited behavioural monitoring and threat detection which allows adversary’s to roam the network freely in order to perform nefarious activity. Gartner recently stated that “all organizations should now assume that they are in a state of continuous compromise’ and that threats are already within your network highlights his new paradigm. This highlights the importance of focusing the detection capabilities on the behavior of the network. This focus allows you to cover not only the endpoint behavior but the whole network which has become the weapon itself.

Taking back control of your network

Being able to monitor the network, every device within the network, all endpoints and the data flows across the network for anomalous behavior puts the organization back in control of their critical assets, data and devices. It not only broadens detection capability but gives organizations the information to speed up remediation

Rebasoft’s belief is that the network is the weapon and the control of that weapon can either be used by the criminal, to compromise the organisation, or used by the organisation to thwart the attack. Realising the importance of the network and its crucial role that it plays in all attacks is why Rebasoft’s approach in harnessing, blueprinting and controlling the network, all devices and their behavior enables organizations to achieve the paradigm shift that can cope with the growing complexity of the network and the attacks criminals launch.

This focus on the network enables Rebasoft to broaden and enhance traditional standalone perimeter defence but also stretch right across the network and every device within it. We do this by building a unique ‘fingerprinting’ for each and every device that is connected to the network. This fingerprint is not only a deep understanding of each device but a clear understanding of its location, user and ALL data flows in and out of the device. This comprehensive understanding is then monitored and fingerprinted for “good compliant behavior” and continuously monitored for anomalous behavior. This ongoing behavioural monitoring enables organisations to get an early view of potential risks in real-time which improves detection capability and response time significantly.

Rebasoft’s innovative approach gives organizations the visibility and control that is required for today’s complex network environment and sophisticated attacks.

In the meantime, if you have any questions or requirements regarding your network security, please call us on 08000 328274 or contact via