The digital world is a dangerous but unavoidable place for a modern business, and it's nearly impossible to completely protect your company network from infectious malware and targeted hacking.
As the recent catastrophic waves of ransomware prove, even hospitals with their incredibly strict online security measures intended to protect patient medical information don't stand a chance against viruses handmade to sneak in and cause problems.
However, not every malware infection flashily shuts down your computer and announces itself and, in fact, most of them are perfectly content to hide in your servers, accessing files and using up processing power for their own nefarious purposes. Computer users since the 90s have been struggling with the problem of even knowing when you have been infected, but modern IT technology has brought us the answer: Network and Server Performance Monitoring which is capable of detecting even the slightest change in how your system is running no matter how good a hacker is at covering their tracks.
What is Performance Monitoring?
Everything your personal computers, servers, and company network does can be measured. The software you run, programs you use, and background support features all leave a distinct footprint in a combination of processing, memory, bandwidth, and the number of times you contact a central server for data. A live sales dashboard, for instance, is constantly pinging the transaction database to ensure it has up-to-date information. Data and power usage troughs are created at night when everyone turns off their systems to go home, and a corresponding spike occurs at the beginning of each shift as employees log in and check their various messages and dashboards.
The natural flow of data and resource use for your company creates a distinctive, almost bio-rhythmic, pattern that performance monitoring can identify as a whole and in great detail. Monitoring can include everything from the power usage and temperature of individual devices to the overall bandwidth use between employees and customers accessing your online services.
What Skilled Hackers Do
While the press may be buzzing about the flashy and damaging ransomware attacks, most hackers have a completely different agenda. In many cases, their goal is to collect information on your company or use your computers as a staging point for sending out a multitiude of spam emails that will infect more victims and build their secret network. Unlike ransomware, these hackers don't want you to know that their programs are on your servers and PCs and will do everything in their power to cover their tracks.
If, for instance, the infection came through an unauthorized download, the malicious program will hide its installation files deep in parts of your file system users never look at. It then can delete the original file along with almost all records that the download ever occurred in the first place. While you may hope to rely on modern virus scanning software, you can't forget that hackers are clever, determined, and constantly working on new ways to escape detection.
The key to constant vigilance is to never underestimate a hacker's motivation to ruin your day and take advantage of your computer systems. No matter how old a tactic is, chances are there's a hacker somewhere refitting it for a new malicious purpose. While some attacks like adware or ransomware are obvious, most are very good at hiding and either stealing your data, misusing your resources, or lying in wait until ready to completely wreck your system. The types of secret malware include:
This type of malware is silent and tends to target PCs and mobile devices. Spyware is mostly geared to track things like activity, accessed files, and internet use and usually acts as a preliminary targeting tool for further attacks like adware or to steal banking login information. When applied to a company it becomes much more dangerous because confidential business files, contact lists, and client personal information can be easily stolen and misused. However, because it doesn't do anything to the host computer directly, it's nearly impossible for a user to detect.
A rootkit will allow hackers to control your computer remotely as if it were their own. While this attack can be used to catastrophically destroy your files or lock you out, usually it remains mostly inactive except when it's bringing down your firewalls and virus scanning programs to allow in more malicious software.
When a hacker's goal isn't to ruin your day, it's to get something for themselves. With secret use of your computer, there are a number of programs a hacker can run on your resources and from your IP address that benefits them but not you. Sending their spam emails, DDoS attacking online services, and mining BitCoins are only a few examples of what hackers will do when your system joins their bot-network and all of them run without showing a single flicker on your desktop.
Identifying Well-Hidden Infection
The normal patterns of usage for your company servers, network, and an array of personal devices is distinctive, but so are the activities of secret programs. When a skilled IT team is monitoring your network performance, a spike in bandwidth, CPU, or RAM usage is a distinct sign that something has changed and each change can be investigated. If the change is an employee ruining a seldom used program or a sudden burst of legitimate activity, this can be easily verified. However, unusual resource use that can't be explained or that occur in the middle of the night on idle systems is a sure sign of secret malicious infection. Network performance monitoring not only reveals that malware exists, it can also help track down exactly which system is infected and what measures will be needed to wipe it out of the company network.