Proper Network Sensor Placement Helps Security Analysts Focus on Events That Matter
Whether you are fighting a real battle or a cyber battle, having line of sight over the battlefield can mean the difference between victory or defeat. Past readers of this column will already know the importance of gaining and maintaining terrain visibility, which is perhaps the single most decisive advantage an organization can hold. Despite that, visibility remains one of the most pressing challenges for organizations today.
So how can security organizations improve their visibility? One of the most impactful changes they could make is to re-evaluate their network sensor placement.
Cyber Key Terrain
In real world battlefield scenarios, the United States Army evaluates terrain based on:
• Observation and Fields of Fire
• Avenues of Approach
• Key and Decisive Terrain
• Obstacles
• Cover and Concealment
These factors (commonly abbreviated as OCOKA) are all considerations that are just as relevant to cyber terrain as real-world terrain, but the first concept we would like to focus on here is “key terrain.” Key terrain is essentially any terrain that would cede a major advantage to either combatant if it fell under their control.
Scouting the Battlefield
Network traffic analysis (NTA) sensors are essentially your scouts on the cyber battlefield. Just like scouts, each sensor has its own unique vantage point. While no single scout can see the entire battlefield from th ..
Support the originator by clicking the read the rest link below.
