Unfortunately, since October 16th are WiFi vulnerable for new KRACK vulnerability. An attacker is able to compromise the communication from client to access point and make the MitM attack for client. Patches are coming slowly and most of recommendations is to use encrypted VPN connection to enforce secure communication on wireless networks.
Accompanying effect for MitM attack are unexpected changes on the network, it can be simply new IP address which is not assigned from your DHCP server, unexpected DNS server or new MAC address from unexpected vendor.
Proactive Security To Reveal Threats Undetectable by Other Technologies
Most companies used to rely on WPA2 together with standard 802.1x as they were known as trustworthy. WiFi networks have stayed step behind the main focus of security teams as they focused on perimeter security and endpoint protection.
The answer to this challenge recommended by Gartner is a proactive detection and mitigation of network anomalies and undesirable behavior. This is provided by Flowmon ADS, network monitoring solutions equipped with powerful artificial intelligence called Network Behavior Anomaly Detection. NBAD solutions permanently observe network traffic, analysing communication to seek anomalies and reveal suspicious behavior. This enables a response to zero-day vulnerabilities undetectable by other technologies.
How Flowmon helps in order to deal with KRACK?
Flowmon ADS has several out of the box detection methods which detect related anomalies and we recommend to focus on detected events and their details more deeply nowadays.
As the most recommended procedure is using VPN, Flowmon can help with the policy enforcement when only specific VPN traffic should be allowed on WiFi. Flowmon provides monitoring and reporting on policy violations
In this case alerting and user-defined behavior patterns (BPATTERNS) detection method can be used for such communication description and also out of the box methods for unencrypted services detection will help you. Learn more about BPATTERNS in previous blog articles Using Behavior Patterns to Detect Rising Threats and Detect ExPetr/Petya wiper.
Apply Adaptive Security Model For Your Network
As computer networks have become a key infrastructure of every organisation and focusing the security on them really pays off. Modern network monitoring and security tools allow a way not only to detect threats bypassing firewalls and signature-based protection. They also significantly simplify response to new and persistent threats, accelerate recovery process and provide important information for forensics that empowers better prevention. Thus they play a key role in strengthening the entire security circle of an Organisation.
Be proactive, build robust security applying Adaptive Security Model. Learn more in Handbook Adaptive security model: A Network Approach