Larger ISP’s are forced to process hundreds of thousands of abuse alerts daily as they strive to keep their networks safe. Spam, malware, phishing, and botnets are attacking your customers through countless hacks, scams, and unseen vulnerabilities. This leaves you with the almost impossible task of filtering through all the data and finding the most imminent threats. But where do you even start? How can you possibly prioritize where to act first?
See also: 7 Signs You Need An Abuse Platform
Tobias Knecht, the CEO of Abusix, provided a great walkthrough on prioritizing your abuse desk at a recent Lacnic conference. Here are some of the top points that he shared-
Priority #1- Focus on Building Speed
Like Rocky Balboa was told by his trainer Mickey in the popular movie franchise, having a great defense comes down to developing pure speed –– speed to identify, react and counter. Tobias offered the exact same advice for protecting your local network- identifying and fixing potential vulnerabilities as quickly as possible is essential for two reasons.
- Faster response time lowers the chance of a small threat becoming a large threat.
- Attackers lose interest when threats are dealt with quickly.
From a cost/reward perspective, it makes little sense for a hacker to invest significant time taking over customer computers or other infrastructure pieces if your Abuse Desk will take it away again quickly. Not when there are networks out there that go months or years before spotting the same type of potential problem. Quick actions by your team can become your number one deterrent for network abuse because abusers will go elsewhere to find easier targets.
Priority #2- Offer Sustainable Solutions
However, building speed should not be confused with just clearing out an inbox. You should ask yourself in each instance what the most sustainable solution would be for your network and the customer- the goal is to only handle each problem once. If you don’t completely solve the issue the first time, then that’s going to cause more potential problems for your customers down the road.
Failing to get to the root of the problem the first time also creates additional support tickets, wastes time/money, and ultimately makes your network less secure. This problem is compounded as your company grows larger, so it’s absolutely essential to focus on sustainability as early as possible.
Priority #3- Aim for Completeness
In a perfect scenario, your network would be 100% clean. While that may be an impossible goal to achieve, it’s a goal worth setting to establish a standard for your organization. There are a number of ways that you can work towards completeness, such as-
- Be sensible in your expectations of handling abuse
- Data is king in abuse. Collect as much as possible
- Great tooling creates actionable knowledge
- Make abuse a top priority within your organization
- Automate as much as you can for 24/7/365 protection
- Be vigilant in making your processes better and better over time
- Pay attention to the rest of the industry and use/share their/your data
To summarize these abuse tips, your team should try to quickly identify problems, find the right solution the first time, and be as complete as possible. You should also share your data with abuse desks of other companies to gain as much information as possible, and use that visibility to make smarter decisions. It doesn’t matter if they are a competitor, we are all in the same boat. Get over it.
In reality, the three priorities we’ve discussed here are a complimentary cycle- speed in the right direction makes you sustainable. Better solutions make your network cleaner. With lesser burdens, you can apply what you’ve learned and gained even more speed. That’s the entire key to growing your company with a happy customer base.
For more tips and tricks to managing an abuse desk, talk to our team to arrange a trial for AbuseHQ.