Akamai’s 2016 State of the Internet Security Report shows that network abuse is escalating in number, severity, and duration. The report shows a 125% increase in DDoS attacks year-on-year and a 35% increase in attack duration – with the average attack lasting 16 hours. Hackers are no longer deterred when they see a service provider’s defenses; they just keep on attacking, determined to erode them.
In an environment where daily network abuse is the norm, one of the most effective ways for service providers to improve network security is by following these abuse handling processes:
Process 1: Start With Effective Data Handling
Data is king. The more you know about your problem, the better position you’ll be in to solve it. Big Data can be used to correlate multiple abuse reports in order to find a common cause and identify an attack that’s not quite underway or even recommend preventative measures to counter the attack. Using real-time analytics, you can collate reports from many different sources and data types to detect and handle your network abuse.
According to Computer World, 5 Gbits must be analyzed every second to detect cyber attacks. Today, many service providers collate this data in batches, but this is an inefficient, labor-intensive approach. The solution is to take the incoming flow of data and handle it immediately by parsing and analyzing it, prioritizing it, and then deciding whether to remediate or mitigate it.
See also: How Big Data Is Enhancing Network Security
Process 2: Parse and analyze abuse data
The next step involves organizing and parsing your data. To effectively handle network abuse and improve network security, you need to unify your data in order to organize it. To do this, it’s important to find a common format that all incoming reports can fit into without creating complicated rule sets. If you see a high or medium volume of reports coming from a reporter and they’re not in a machine parseable format, instantly let them know that they should switch to one that is machine parseable, like X-ARF.
Process 3: Effectively handle your abuse
Once your data is organized and you can identify your abuse challenges, it’s important to establish your priorities and decide what to handle first. Every service provider will have different priorities based on their customers’ priorities, but today M3AAWG prioritizes abuse according to:
- Life-threatening emergencies: This is the highest priority and can include all threats against life.
- Law enforcement requests: These can include reports of child pornography, solicitation of minors, and crimes involving adults.
- Legal department requests: These include customer records to fulfill a civil litigation court order or anything to do with copyright infringement.
- Malicious activity: These can include phishing sites, DDOS attacks, malware hosting and distribution, and email solicitations.
- Spam: After teams take care of the above priorities, which tend to be low volume, they tackle the spam reports.
- Port scans: Port scans are the lowest priority for most network abuse teams.
See also: Network Intrusion: The Importance Of Prioritizing Network Abuse Categories
Process 4: Remediate And Mitigate
Once you have established the type of abuse you are dealing with, your abuse team can contact your customers who are implicated in it, inform them, and help them to take steps to deal with it. There are two ways this can be handled – through remediation or mitigation. Remediation occurs when the abuse can be eliminated completely. Mitigation occurs when you cannot fully remediate a risk but can take actions to minimize its occurrence.
See also: How A Network Abuse Solution Protects Yourself And Your Customers
AbuseHQ: Consolidate All Your Processes In One Leading Solution
Fighting abuse and improving your network security is an ongoing task.
AbuseHQ from Abusix helps you gain control by offering you one easy-to-use platform that puts all your inbound network abuse, security reports, metrics, and actions in one place. Improved data yields insights that would otherwise stay buried deep within your network abuse reports, while intelligent notifications provide your abuse team with the information they need to make faster and smarter decisions.
To find out more about how AbuseHQ can help abuse desks perform at their best, get in touch with a network abuse specialist today.