Part of any solid understanding of what is happening on your network is knowing when something has changed, and being able to react to these changes when error messages pop up or users start calling with connection problems.
A good place to learn more about this is a site called NetPerformance.com, and in particular this posting on change management. The site also has materials on using the analysis tools and offers training classes as well in their use.
Another great source of tools for network analysis is SolarWinds. The site sells a product called Engineers Toolset that is available in a very affordable version for less than $150.
The final dimension is to examine your Web presence, including looking for unauthorized but viable Web sites that IT doesn’t know about, or potentially harmful, hostile or adversarial sites such as those that may be run by ex-employees or those of competitors that provide links to questionable external sites, or blogs that mention privileged corporate information.
“This could lead to a whole series of services, such as vulnerability assessments, patch management, and data forensics,” says Dietz.
What tools are available? A good place to start is to use the free scanning tools available from either SPIdynamics.com or Qualys.com. Both companies offer 30-day free licenses to try out their products, along with more extensive training classes for using the paid versions.
Another place is the self-training materials that can be found at the Open Web Application Security Project. It has samples for how to discover and harden Web servers, and very detailed examples of typical Web exploits too. It is a great place to learn more about overall Web security, as well as what you need to do to track down other kinds of Web problems. And sometimes just doing Google searches can be an effective means of finding a particular site of a disgruntled ex-employee.
One tactic is to educate your C-level executives, such as workshops sponsored by the Secure Software Forum. (The full schedule can be found here. These workshops provide a good overview of some of the problems around software security issues, part of which is discovering which applications are running over your enterprise network. The forum is jointly sponsored by Microsoft and SPIdynamics.
Brian Cohen, SPIdynamics’ CEO, suggests hiring established security firms that are doing traditional vulnerability assessments of operating systems and networks and looking to expand their offerings into the Web presence area. The key is having a solid grounding in Internet security, and being able to do regular scans to ensure that changes to a Web site haven’t opened up new vulnerabilities.
“Business managers have lots of problems they need to investigate – compliance, security, and just general network operations. They need to be able to analyze what’s happening on their network and collect the evidence for taking action, regardless of which application (email, IM, Web mail, etc.) is involved,” says John Bennett, VP of Marketing for WildPackets Inc.
As you can see, doing network discovery has many different dimensions, tools, and cuts across a variety of skills. But as Bennett says, “IT forensics itself is simply a new category of must-have technology that is appropriate for any business manager today.”