Monitoring activity in a network is critical to maintain the availability of systems and reduce the likelihood of an attack affecting business operations. Where an organisation has multiple networks, monitoring becomes more difficult and less manageable. Monitoring each network separately is an option, but a single overall view of all networks is not achieved and the cost of monitoring can be higher.
Aggregating, correlating and collating audit and monitoring information into a single, central location provides an overall view of all networks and a single place in which to view and analyse the data. To achieve this single view, all monitored networks are connected via the monitoring system, which introduces the new risk that data may flow between the networks, creating malware and data loss vulnerabilities.
By using a data diode based application, it is possible to ensure that monitoring information is securely passed from the monitored network to the monitoring system, while ensuring that NO data can leak back from the monitoring system to the monitored network. Additionally a careful diode configuration can ensure there is no risk of malware cross infection between the monitored networks.
Interested in finding out more details about securely obtaining monitoring data from your networks? Contact me, or leave a comment below.