Monitoring & Securing Legacy Apps with the USC8032
Resources
While many legacy apps continue to provide value, maintaining and securing them presents a challenge to IT security teams, since patches and upgrades are no longer available. On the one hand the IT team must maintain accessibility to and usability of the legacy applications and equipment, while on the other hand securing them from those would take advantage of vulnerabilities to cause mischief.
This is not a one-time problem, but rather an ongoing task as today’s applications and equipment will become tomorrow’s newest legacy apps, each with their own unique parameters and behaviors. The only choice is to bring in external equipment, such as the IPCopper USC8032 Network Monitor to manage, monitor and secure them.
The peculiar challenge is to figure out the legacy apps’ normal vs. not-normal behavior and intervene or alert as necessary, without hindering legitimate communications or disrupting the production, business or healthcare environment. The USC8032 provides several tools for handling the day-to-day management of legacy apps and protect them from malicious actors, including tools to monitor their network activity; to filter which communications are allowed to reach (and leave) them; to collect and store full packets; and to search through their network communication activity, both current and historical. A typical enterprise employs a large number of disparate apps and equipment, designed by different developers for different purposes, however, the USC8032 is flexible enough so as not to interfere with the apps’ functions, but robust enough to handle all that gets thrown at it.
The first step is to determine and set parameters for normal behavior. In many business and production environments, certain legacy apps and equipment may typically communicate only during business hours and only with certain hosts or external IP addresses. In other environments, for example in a 24-hr healthcare setting, communications with legacy apps would be around-the-clock, however, with different levels of expected usage at different times. In order to adequately monitor legacy applications and equipment without generating hordes of pesky false-positive alerts, in either situation you would use the USC8032’s ability to create multiple scenarios to describe normal network activity at different times of the day and different days of the week.
Monitoring a typical legacy app may require three or more scenarios to cover idle/after-hours behavior and active/business-hours behavior plus, for example, the spikes in traffic that occur during scheduled backup/maintenance. While low bandwidth usage and packet rates during business hours would require attention, after hours the same low bandwidth and packet rate could be considered normal. Equally, monitoring is greatly facilitated by the USC8032’s XML / Javascript interface for graphical visualization of the data, making it possible to see at a glance if all is running smoothly within normal ranges and also dive deeper into the packet data at click if something looks suspicious.
In addition to the alerts enabled by the USC8032’s scenario-based network monitoring, the second element in securing legacy apps is blocking or filtering unwanted traffic in a precise and nimble fashion, combined with the USC8032’s ability to fashion sophisticated rule sets with automated triggers set to take automated actions. These triggered actions may include switching to a more restrictive rule set or sending out multiple alerts, should network conditions indicate that a DoS or other type of attack is in progress.
The third element is the ability to use the feedback from the USC8032’s monitoring system along with its full packet capture capabilities to research problems as they are discovered. When an industrial controls system behaves strangely or a data feed connection becomes choppy, operators need a way to find out why. The USC8032 aids these efforts by giving them the ability to easily dive deeper into the relevant network traffic and take a look at the packet headers and payloads.
Lastly, when it comes to researching an anomaly or diagnosing a problem, nothing beats the USC8032’s keyword and signature searches for finding and flagging packets. The system’s multi-gigabit speed at searching through the packets exponentially enhances its investigative abilities and shortens the time-to-resolution of any number of issues.
These four elements are key to effectively monitoring and securing legacy applications and equipment – rather than flying blind, operators would be able to see the digital terrain and react intelligently. The IPCopper USC8032 combines all of these four functions – monitoring, blocking/filtering, packet capture and keyword signature search – in one state-of-the-art appliance that not only delivers superior performance but also yields unique symbioses from the integration of these functions. High bandwidth rates plus high packet rates, even with thousands of rules enabled, ensure that the USC8032 can handle both the hordes of small packets that a malfunctioning legacy app may throw at it as well as peak multi-gigabit traffic on busy business networks.
Questions? Please feel free to contact us for more information about the USC8032.