Network Monitoring

Proactive Security Monitoring

Hurricane Labs has been conducting pen tests of company networks for several years. Occasionally, we are “warned” that a managed security monitoring company is watching the network, so we might not be able to fully test the network without getting blocked by such a service. When asked whether the MSSP needed to be advised ahead of time of our activity, the typical answer is: “Don’t bother, they won’t notice anything anyway.”

The primary reason is that most monitoring services only react to known bad things - typically they react to IDS alerts. Key word being react. What is generally missing is monitoring the network to ensure that things are good, or at least understood. Network Awareness is far more important than what your IDS may or may not have seen. Practical and Proactive Security Monitoring is based on the principle that in order to defend your network, you have to understand your network. Then, you can implement devices you probably already own in a more effective way - a much more practical way to defend your network.

Hurricane Defense is a security oversight and monitoring service from Hurricane Labs intended to help you be more proactive about defending your network. The starting point is working with you to develop an Enterprise Defense Policy. A strong EDP is based on two principles: 1) Lock down services, ports, and resources to those who need them and 2) Accept that everything is vulnerable and prone to failure. How do we prevent the worst case scenario from happening as a result of that vulnerability or failure? That’s where the real magic happens. Having a good understanding of network traffic and user requirements will go a long way toward building a good EDP. Having an understanding of where your systems may be exploited or fail will help in building a great EDP.

Firewall and IDS rules, server configurations, ACL’s, and web application protections all flow from the EDP. And, monitoring the network and devices, based on variances against your EDP is a far better and more proactive approach to defending your network than reacting every time an IDS alert is tripped. In a nutshell, that is what Hurricane Defense is all about: A service to help you be more proactive and practical about defending your network. And get a little more sleep.


Hurricane Defense Diagram