The escalation in global network abuse means service provider security can be compromised if network abuse security reports are not processed within 24 hours. The longer abuse continues, the more a service provider’s network, and the wider Internet are affected. Global spending to combat cybercrime will top $80 billion this year. Many organizations are focused on detection and response because taking preventive approaches have not been successful in blocking attacks.
Increased focus on detection and response highlights the importance of service provider security analyzing and processing network abuse as quickly as possible.
How to process network abuse security reports in 24 hours
To process network abuse within 24 hours, efficiency and speed are a priority and the following processes should be in place.
- Accurate incident notification processes: When network abuse is analyzed and prioritized, the network abuse team needs to notify all involved individuals, organizations, and customers. Incident response processes should detail: who the report needs to be addressed to; what needs to be reported; how the incident should be reported; the time of the incident; and how often the relevant parties should receive updates.
- Authentication and communication processes: Service providers need to have clear policies and procedures in place detailing how the network abuse and security incident is shared. One of the biggest issues abuse staff face is communicating abuse while still protecting customer privacy issues. If a member of your network abuse team discloses sensitive information, you could find that your service provider is open to legal and liability issues.
To avoid this, train your employees to respect and adhere to all policies – particularly when they are dealing with high priority abuse, which includes highly illegal activities like child exploitation and terrorism.
- Efficient containment processes: Once abuse is detected, containment is essential before the abuse spreads and creates more damage. Most network abuse incidents require containment, so containment processes need to be established for each type of incident. Creating these containment/quarantine areas are all part of building an abuse desk and are an essential part of ensuring the abuse is handled efficiently and later on resolved with the customer.
For example, a spamming home computer can be contained immediately by blocking the outbound port 25. The service provider should, however, still inform the customer and the remediation process should be started immediately. Once everything is back to normal, port 25 can be opened up again. If a service provider discovers they are hosting a phishing website, they can immediately block ports 80 and 443. Once they have done this, they must inform the subscriber and work with them to remediate the problem before the ports are reopened.
Service providers need to also be aware that some forms of network abuse can cause even more damage when they are contained. For example, if a compromised host is pinging another host and this ping is disabled during containment, the second host may then start implementing an even greater malicious attack.
- Remediation processes: During these processes, it’s important that service providers work with their customers and offer them the necessary advice and processes needed for them to remediate the abuse. For example, end-users could try and clean up their hosting or home computers by reinstalling it or using removal sites. Managed web hosting like WordPress sites could update their WordPress and update or de-install their plugins.
In Invincea’s 2016 Cyberthreat Defense Report, over three-quarters of the IT leaders reported their networks had been breached in the last year and 62% expect to suffer a successful attack this year. A solution like AbuseHQ from Abusix will increase your service provider security with one easy-to-use platform that puts all your inbound network abuse, security reports, and actions in one place. Faster insights and improved data ensure your abuse team can process network abuse security reports in 24 hours for greater network security and customer safety.
For more information about how Abusix can help you resolve up to 99% of network abuse incidents, get in touch with a network abuse specialist today.