The Definition of Network Abuse (Part 2 of 2) cover

·

The Definition of Network Abuse (Part 2 of 2)

Network abuse is a recurring topic of discussion at conferences and industry gatherings. In my first blog about this topic, I emphasized the importance of involving two key parties in this conversation:

Side One: The receiver of abuse, who determines what poses a threat to their network and decides what to report to the original network owner.

Side Two: The recipient of these abuse reports.

Let’s delve deeper into the second side of this equation.

Many advocate for network operators to investigate and take action on every abuse report they receive. While I support this idea, I acknowledge that it can be unrealistic for many abuse teams, especially when they lack the necessary tools to handle the workload. In truth, most abuse teams face significant challenges, often struggling to address even the most basic issues, including illegal abuse such as child exploitation material (CSAM).

the definition of network abuse part 2

Defining Network Abuse: A Closer Look

Just as the reporter has his subjective view, so should the receiver have his view. We often see this in the Acceptable Use Policy (AUP), where some Hosting Providers, for example, will not allow Online Casinos, Adult Websites, or Crypto Miners in their environment, while others specialize precisely in those areas. An AUP is so important because it sends a clear message about what’s allowed and what’s not in your network.

However, it’s crucial to remember that the law supersedes an AUP. Therefore, there is no debate when it comes to addressing reports of illegal activities within a network environment.

Prioritizing Based on Business Needs

The next priority needs to be based on your business. Because that business ultimately sponsors your abuse team and all the tools and resources you need, let’s say you are a prominent Service Provider. You are running a tiny email operation for a few thousand customers who still have an email address with you, but email is by far not your main topic and concern, so you might not want to focus on the spam exiting your mail platform. And I know many people will be virtually yelling at me right now for saying this. But at the end of the day, you have to show business value in what you are doing, and getting off a public list blaming you for having the highest rate of Command & Control Servers in your network might just be more important than solving your outbound spam problem. That doesn’t mean you should not strive to solve them both, and yes, you should absolutely build the case for your management.

Your first step is to be able to define what you consider abuse and what you want to exclude in your Acceptable Use Policy. This is often not as simple as you think, especially when you cannot see what’s happening in your network due to a massive amount of different data and no tooling to make sense of it.

Six Steps for Effective Network Abuse Management

In summary, here are six essential steps to ensure effective network abuse management:

1.) Take care of your network’s illegal abuse as well as possible.

2.) Make sure you understand what’s happening in your network.

3.) Define what to exclude in your AUP.

4.) Build your priorities and start implementing actions.

5.) Build your business case and extend your coverage.

6.) Handle every abuse report you receive.

Let us know if you have any questions or need help defining and organizing your existing abuse desk or planning a new one from scratch. We are happy to help and share some of our decades of experience with you.

Read More

·

As the emergence of new technologies continues to expand, so too does the threat of cyber abuse, an ever persistent...

·

Unfortunately, DDoS attacks are increasingly common these days. They are used...