Service provider abuse teams are faced with a daily increase of reports about network abuse originating from their own network. The Global State of Information Security Survey 2016 reported that in 2015, there were 38% more network intrusion incidents than 2014.
As a result, network abuse teams fight daily to make sure their network is not part of the problem, but are often so inundated they only get a chance to look through 30% of their daily reports. To help manage this and deal with abuse effectively, it’s important to prioritize your abuse reports in meaningful categories.
See also: 14 Best Practices for Adequately Protecting Your Network
The Importance Of Consistent Feedback
In order to prioritize abuse issues, consistent feedback is essential in order for you to examine the costs associated with handling each type of network issue, the new types of abuse you as a Service Provider are facing, and the best way of handling each category type. Unless you apply per report costs to aggregate abuse reports, in their respective categories, and evaluate the volumes, associated costs, and risks posed by the different categories, you won’t be in a position to clarify what your biggest abuse problem is.
Prioritizing Your Abuse Categories
Your Service Provider’s priority abuse can be very different to a different service provider’s priority. For example, If you are reselling Paid TV Channels, such as HBO or Sky to your subscribers then copyright issues might be significant for you. If you discover copyright infringements taking place within your network, you need to determine the associated risk and costs relating to this for your Service Provider.
To help deal with the volume, consider prioritizing your cases in the order that most m3aawg members prioritize them:
- Life-threatening emergencies: This is the highest priority and can include threats against customers or employees. Bomb threats against call centers or any online activity relating to child abductions or runaways.
- Law enforcement requests: The next priority is requests made by law enforcement officials, these can include reports of child pornography, solicitation of minors, and crimes involving adults.
- Legal department requests: Third in line request from legal departments that can include customer records to fulfill a civil litigation court order or anything to do with copyright infringement.
- Malicious activity: This can include phishing sites, DDOS attacks, malware hosting, and distribution and email solicitations. It includes any activity that puts the safety of the network or customers in danger.
- Spam: Spam is responsible for the majority of the reports that service provider abuse teams face. After teams take care of the above priorities that tend to be low volume, they tackle the spam reports.
- Port scans: Port scans are the last priority for most network abuse teams. Although they can be forerunners of abusive activity, these should only be dealt with when the other reports have been handled.
See also: Developing Your Abuse Handling Solution: Build Or Buy?
AbuseHQ: Helping Prioritize Network Abuse Efficiently And Cost-Effectively
AbuseHQ from Abusix puts you back in control by collecting and displaying data in real-time so your team has an integrated overview of all the reports they’re dealing with. AbuseHQ does this in a number of ways:
- Abusix’s automatic event type classification helps your abuse team better understand the nature of every type of abuse event. The Abusix engine performs continuous, integrated abuse and threat processing, both in real-time and retrospectively, allowing you to gain insights buried deep inside your noisy network’s abuse data.
- Abusix processes over 60 billion individual events annually and makes this data available to Service Providers so they can detect spam, fraud, and abuse in real-time as it occurs on their networks. AbuseHQ centralizes all abuse data in one easy-to-use data service, giving you visibility and faster insights into abuse events taking place within your network.
- AbuseHQ automatically classifies over 30 events to help your team understand and prioritize the nature of the abuse event. This IP Abuse Report overview allows your team to immediately deal with the items you have identified as high-priority first, before getting down to spam reports, which take up most of the time.
For more information about effectively prioritizing abuse categories in your service provider, download this free ebook from Abusix, How To Establish And Manage An Abuse Desk.