Setting up an abuse desk is essential if you are going to identify effectively and shut down network abuse at its source. In order to streamline the setup process, follow these ten guidelines, and get your abuse desk operating efficiently to lower costs, maximize time savings, and significantly reduce long-term attacks on your network.
1. Be pragmatic.
This is not a science project. At the end of the day, you need a practical answer with a pragmatic solution. Service Provider network abuse teams are faced with network abuse attacks that are escalating daily. Akamai’s 2016 State of the Internet Security Report shows there has been a 125% increase in Distributed Denial of Server (DDoS) attacks, a 26% increase in web application attacks, and 50% of bot traffic was identified as malicious. To deal with this and not be part of the problem, you need a solid, integrated solution that can deliver faster insights in order to shut down network abuse at its source.
2. Be clever.
Instead of tackling everything at once, take the correct informed steps, one after another. Instead of a constant flow of noisy incident messages streaming into your ticketing system, get a platform that will place a well-attributed case into your ticketing system triggered by a transition.
See also: Managing Network Security Ticket Volume
3. Data is king.
The more you know about your problem, the better position you’ll be in to solve it. Big data can be used to correlate hundreds of abuse reports in order to find a common cause and identify an attack that’s not quite underway or even recommend preventative measures to counter the attack.
4. Good tools make a difference.
Use good tooling to manage your data efficiently. Products, like AbuseHQ from Abusix, collect and analyze multiple sources of data related to network attacks and other abuse incidents. This enables your team to quickly identify the common cause of network abuse and take the necessary action to neutralize it.
5. Know your challenges.
If you use the right tools, you will discover your real challenges and know where to begin. In an abuse desk, you might receive more than 5,000 reports of the same issues from different reporters, and the aggregation of these is crucial. If you don’t aggregate, you might discover that only 100 compromised customers were responsible for 5,000 abuse reports, which could have saved a lot of time.
6. Take action.
You need to implement a process for each category of abuse and be aware of the costs associated with handling each abuse type. Until you can evaluate your volumes, associated costs, and risks posed by each category, you will not have the clarity to see what your biggest abuse problem is.
7. Automate for efficiency.
Automated processes allow you to take real-time decisive actions that improve your business services and customer safety. Process incoming abuse reports as soon as possible. This facilitates automation and creates more efficient processes within your ISP. Automated mitigation occurs when both handling and actions occur automatically.
8. Optimize as you learn.
Use your growing information and knowledge to make better, faster decisions. It is essential to continue iterating and optimizing problem sets based on priority. For example, once the process for dealing withs pam has been streamlined and automated, identify and focus on another problem set.
9. Leverage existing resources.
Other people in the industry have already thought and dealt with the problem you are facing. Use their knowledge and experience to help solve the issues you are facing and improve your network security.
10. Share data to improve security.
Don’t work in isolation. Instead, provide information and data to other abuse desks to help tackle the global abuse problem
AbuseHQ: One Platform For Faster Insights And Better Decisions
AbuseHQ from Abusix is a pragmatic, real-world solution that puts you back in control by helping to identify and shut down network abuse at its source. It does this by collecting and analyzing data related to network attacks and other abuse incidents. It then automatically extracts, compiles, and organizes event data into cases that can be accessed through Abusix’s Web Frontend and the Abusix Open API.
AbuseHQ gives you all the clarity you need to take action with:
- One easy-to-use platform which puts all your inbound network abuse, security reports, metrics, and actions in one place.
- Faster insight via intelligent notifications that provide you with the information you need to make faster and smarter decisions.
- Improved data that ensures you quickly discover insights that would normally be buried inside your noisy network abuse reports and security alerts – allowing you to take real-time decisive action that improves your business service and customer safety.
- Smart, flexible integration that allows you to map existing processes with full integration and flexible handling policies – allowing you to resolve up to 99% of network abuse incidents.
For more information about successfully setting up an abuse desk in your ISP, download the free ebook on “How to establish and manage an abuse desk” from Abusix below.