Blog , 30 Jan 2017

Network Intrusion: The Importance Of Prioritizing Your Network Abuse Categories

Tobias Knecht,

Founder and CEO, Abusix

Service provider abuse teams are faced with a daily increase of reports about network abuse originating from their own network. The Global State of Information Security Survey 2016 reported that in 2015, there were 38% more network intrusion incidents than 2014.

As a result, network abuse teams fight daily to make sure their network is not part of the problem, but are often so inundated they only get a chance to look through 30% of their daily reports. To help manage this and deal with abuse effectively, it’s important to prioritize your abuse reports in meaningful categories.

See also: 14 Best Practices for Adequately Protecting Your Network

The Importance Of Consistent Feedback

In order to prioritize abuse issues, consistent feedback is essential in order for you to examine the costs associated with handling each type of network issue, the new types of abuse you as a  Service Provider are facing, and the best way of handling each category type. Unless you apply per report costs to aggregate abuse reports, in their respective categories, and evaluate the volumes, associated costs, and risks posed by the different categories, you won’t be in a position to clarify what your biggest abuse problem is.

Prioritizing Your Abuse Categories

Your Service Provider’s priority abuse can be very different to a different service provider’s priority. For example, If you are reselling Paid TV Channels, such as HBO or Sky to your subscribers then copyright issues might be significant for you. If you discover copyright infringements taking place within your network, you need to determine the associated risk and costs relating to this for your Service Provider.

To help deal with the volume, consider prioritizing your cases in the order that most m3aawg members prioritize them:

  • Life-threatening emergencies: This is the highest priority and can include threats against customers or employees. Bomb threats against call centers or any online activity relating to child abductions or runaways.
  • Law enforcement requests: The next priority is requests made by law enforcement officials, these can include reports of child pornography, solicitation of minors, and crimes involving adults.
  • Legal department requests: Third in line request from legal departments that can include customer records to fulfill a civil litigation court order or anything to do with copyright infringement.
  • Malicious activity: This can include phishing sites, DDOS attacks, malware hosting, and distribution and email solicitations. It includes any activity that puts the safety of the network or customers in danger.
  • Spam: Spam is responsible for the majority of the reports that service provider abuse teams face. After teams take care of the above priorities that tend to be low volume, they tackle the spam reports.
  • Port scans: Port scans are the last priority for most network abuse teams. Although they can be forerunners of abusive activity, these should only be dealt with when the other reports have been handled.

See also: Developing Your Abuse Handling Solution: Build Or Buy?

AbuseHQ: Helping Prioritize Network Abuse Efficiently And Cost-Effectively

AbuseHQ from Abusix puts you back in control by collecting and displaying data in real-time so your team has an integrated overview of all the reports they’re dealing with. AbuseHQ does this in a number of ways:

  • Abusix’s automatic event type classification helps your abuse team better understand the nature of every type of abuse event. The Abusix engine performs continuous, integrated abuse and threat processing, both in real-time and retrospectively, allowing you to gain insights buried deep inside your noisy network’s abuse data.
  • Abusix processes over 60 billion individual events annually and makes this data available to Service Providers so they can detect spam, fraud, and abuse in real-time as it occurs on their networks. AbuseHQ centralizes all abuse data in one easy-to-use data service, giving you visibility and faster insights into abuse events taking place within your network.
  • AbuseHQ automatically classifies over 30 events to help your team understand and prioritize the nature of the abuse event. This IP Abuse Report overview allows your team to immediately deal with the items you have identified as high-priority first, before getting down to spam reports, which take up most of the time.

For more information about effectively prioritizing abuse categories in your service provider, download this free ebook from Abusix, How To Establish And Manage An Abuse Desk.

Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
How to establish and manage an abuse desk - the ultimate guide to abuse desk setup

Download your guide

This guide will explain how to establish and manage an abuse desk and how you’ll be able to more effectively mitigate and remediate network abuse.

Go to download page
Get in touch

Talk to us

Do you want to remove your IP/domain from one of our blocklists?
Please use our lookup-service and follow the instructions there in order to get that resolved.