Computer security is an issue that is not going to go away anytime soon, and any business that ignores cybersecurity does so at their peril. Whether it’s a data breach or the insertion of a piece of ransomware, you want to do everything you can to keep your computer networks safe.
Part of that involves being aware of what’s happening on your network and knowing how to recognize suspicious activity when it happens. By spotting trouble as soon as it appears, you stand a much better chance at saving yourself any number of headaches and costs.
Here are some things to consider when it comes to identifying suspicious network activity.
识别可疑活动 (Identifying Suspicious Activity)
Any number of behaviors including database activities, unusual access patterns, and changes to files for logs can point toward a cyberattack or data breach. Recognizing these activities for what they are is vital if you want to locate the source and type of attack. Doing so will let you act quickly in stopping the security threat and minimizing any damage.
包括数据库活动，异常访问模式以及日志文件更改在内的许多行为都可能指向网络攻击或数据泄露。 如果您想找到攻击的来源和类型，则必须认识到这些活动的重要性。 这样做可以使您Swift采取行动，阻止安全威胁并最大程度地减少损害。
Here are some common examples of suspicious activity:
Account abuse: The sudden overuse of privileged accounts to grant access to new or inactive accounts is a sure sign of an attack from the inside. Either an employee has initiated a run of unusual activity or a hacker has gained access to a top-tier account on your system. Other signs could include the sharing of information without cause, modifications applied to audit records, or mysterious deletion of login files.
帐户滥用：特权帐户突然被滥用以授予对新帐户或非活动帐户的访问权限，这无疑是内部攻击的迹象。 员工发起了一系列异常活动，或者黑客获得了对您系统上顶级帐户的访问权限。 其他迹象可能包括无故共享信息，对审计记录进行修改或神秘删除登录文件。
User access: Unexpected changes in user access are often a reliable sign that an outside hacker has acquired a user’s credentials and is poking around your system. Behaviors you may notice include user access at odd hours, remote access, and multiple failed attempts to log in.
Database activity: Unusual database activity can come from both inside and outside your business. Important signs to watch for include unexpected changes in users, changes in permissions, changes in data content growth, and access during non-business hours.
Unexpected network behavior: Network activities that fall outside of usual expectations is a reliable signal that something amiss is happening. Look for traffic originating from outside your network, protocol violations, and unauthorized scans. A sudden change in network performance should also be checked out.
意外的网络行为：超出正常预期的网络活动是发生错误的可靠信号。 查找来自网络外部的流量，协议违规和未经授权的扫描。 还应检查网络性能的突然变化。
Unexpected virus notifications and system slowdowns: Simple warnings to be on the lookout for would be a sudden increase in virus warnings or pop-up windows. If computers or networks slow to a crawl, there is a problem. A hacker may have gotten in and installed malicious software, or a website or email may have downloaded and installed bad software on the sly.
意外的病毒通知和系统速度降低：要监视的简单警告可能是病毒警告或弹出窗口的突然增加。 如果计算机或网络的爬网速度变慢，则存在问题。 黑客可能进入并安装了恶意软件，或者网站或电子邮件可能已经狡猾地下载并安装了恶意软件。
Unauthorized port access: Most ports have specific assignments. If unsanctioned port access occurs, it could be a sign that files are being accessed without authorization or that a malware attack is underway.
可疑活动如何变化 (How Suspicious Activity Can Vary)
Depending on the sort of business you’re in, suspicious activity may present itself in different ways. For instance, smaller businesses might notice user abuse or abnormal database activities early on as a bad actor attempts to access personal or cardholder information. A larger business or financial institution may more likely experience dodgy account behavior, unauthorized port access, and malware or spyware designed to steal financial data and personal identity information.
根据您所从事的业务类型，可疑活动可能以不同的方式出现。 例如，较小的企业可能会在不良行为者尝试访问个人或持卡人信息时及早发现用户滥用或数据库活动异常。 规模较大的企业或金融机构可能更容易遇到狡猾的帐户行为，未经授权的端口访问以及旨在窃取金融数据和个人身份信息的恶意软件或间谍软件。
Some organizations find themselves the target of advanced persistent threats (APTs). These multi-phase attacks usually go after an organization’s network and vary in their subtlety as they poke and probe for weaknesses or backdoor access. APTs often choose to attack government organizations or large corporations but have been known to occasionally cause trouble for small and medium-sized businesses as well.
一些组织发现自己是高级持续威胁(APT)的目标。 这些多阶段攻击通常会跟踪组织的网络，并且在戳破和探查漏洞或后门访问时，其细微程度会有所不同。 APT通常选择攻击政府组织或大型公司，但众所周知，它们有时也会给中小型企业造成麻烦。
处理可疑的网络活动 (Dealing With Suspicious Network Activity)
As with most security issues, the key to approaching suspicious network activity is prevention. This requires having set protocols and procedures for both you and your employees. An effective data security policy should include:
与大多数安全问题一样，进行可疑网络活动的关键是预防。 这需要为您和您的员工设置协议和程序。 有效的数据安全策略应包括：
- Solid password policies 可靠的密码政策
- Periodic review of traffic, error reports, network alerts, and performance 定期检查流量，错误报告，网络警报和性能
- Malware and virus protection 恶意软件和病毒防护
- Robust firewalls 强大的防火墙
- Regular risk assessments 定期风险评估
- Employee education 员工教育
- Incident and failure response strategies 事件和故障响应策略
- File integrity monitoring 文件完整性监控
使用文件完整性监视(FIM)保护数据 (Using File Integrity Monitoring (FIM) To Protect Your Data)
A big trend in cybersecurity as it related to data protection is something called file integrity Monitoring (FIM) as it allows you to automatically monitor networks, systems, and important files. With optimal FIM software, you can continuously scan and identify suspicious activity as it happens. This is an incredible boon if you’re the one responsible for a system’s security as you no longer have to look for a needle in a haystack. In this case, the needle is found for you and put you in a position before any lasting damage is done.
与数据保护相关的网络安全大趋势是文件完整性监控(FIM)，它使您可以自动监视网络，系统和重要文件。 具有最佳FIM软件 ，可以连续扫描和识别可疑的活动，因为它发生 。 如果您是负责系统安全性的人，那么这将是一个不可思议的福音，因为您不必再为大海捞针了。 在这种情况下，将为您找到针头并将您置于适当的位置，然后再进行任何持久的损坏。
Another plus with file integrity monitoring is that in addition to upping your data security strategy, it also helps you with the security standards needed for businesses and organizations that have regulatory compliance requirements such as HIPAA and PCI DSS.
Data security is a serious business. Your customers expect you to keep their information safe and your business’s reputation is on the line. As often as hackers and other bad actors keep finding new ways to target and exploit networks, so too do the strategies and tools for combating these threats evolve. Whether it’s adopting file integrity monitoring, conducting system activity audits, or running simple virus checkers, you can stay ahead. It just takes a bit of vigilance and commitment to your network’s security.
数据安全是一项严肃的业务。 您的客户希望您保持其信息的安全，并且您的企业声誉就高高在上。 随着黑客和其他不良行为者不断寻找针对和利用网络的新方法，应对这些威胁的策略和工具也在不断发展。 无论是采用文件完整性监视，进行系统活动审核或运行简单的病毒检查程序，您都可以保持领先地位。 它只需要对网络的安全性保持警惕并做出一些承诺。
Your business will be stronger for it.
Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time!
感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门话题的链接。 您可以随时取消订阅！