Network visualization and vulnerability detection, in the context of cyber security, describe the methodologies used for observing network traffic with tools, tactics, and processes to understand what abnormal activities look like in order to detect the presence of attacks or breaches in process. Identifying assets, protecting them, detecting attacks, responding to these attacks, and recovering are all critical steps detailed in the National Institute of Standards and Technologies (NIST) Cyber Security Framework (CSF) Core, shown in Figure 1 (National Institute of Standards and Technology, 2018, p. 6). In addition, the International Organization for Standardization document series ISO/IEC also includes detection as a core component of this series' risk management framework.
However, there are numerous aspects of network visualization, hundreds of products, and vendors selling magical solutions with claims to solve an organizations visibility into their networks and detection of malicious activity. As a cyber security professional it's my professional and ethical responsibility to ensure that I understand what tools are available, what their limitations are in our risk management plan, and which ones will best meet my organizations specific needs.
It is also critical for cyber security professionals to understand how tools such as WireShark and Nmap are used by attackers to map out networks they've gained a foothold into and quickly identify the source of the breach and to know how to use these tools to perform proactive identification of weak points in networks and close vulnerabilities as quickly as possible. Many of these tools are powerful and can be used for nefarious purposes or used by professionals in a proactive network protection scenario; as is the case with all tools, the ethics of those wielding them are the director of their strength.
When cyber security professionals understand how they gain visibility into their organizations networks, and how to detect "bad" when it occurs it allows us to quickly respond and recover. Identifying products, services, and skillsets which allow us to do this ensures we're providing the maximum value to our organization and identifying attacks as soon as possible.
References
It is also critical for cyber security professionals to understand how tools such as WireShark and Nmap are used by attackers to map out networks they've gained a foothold into and quickly identify the source of the breach and to know how to use these tools to perform proactive identification of weak points in networks and close vulnerabilities as quickly as possible. Many of these tools are powerful and can be used for nefarious purposes or used by professionals in a proactive network protection scenario; as is the case with all tools, the ethics of those wielding them are the director of their strength.
When cyber security professionals understand how they gain visibility into their organizations networks, and how to detect "bad" when it occurs it allows us to quickly respond and recover. Identifying products, services, and skillsets which allow us to do this ensures we're providing the maximum value to our organization and identifying attacks as soon as possible.
References
- National Institute of Standards and Technology. (2018, April 16). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved August 9, 2019, from https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
- International Organization for Standardization. (2019, July 12). ISO/IEC 27001 Information security management. Retrieved August 9, 2019, from https://www.iso.org/isoiec-27001-information-security.html