I really don’t know how attackers broke into Director’s Desk which is the core issue around the recent NASDAQ attack. I wish I had more details like how the attackers broke into something and what that means…so otherwise But I do know three things.
First, Director’s Desk is a web-based service. In modern parlance that’s, “cloud,” for people who don’t get cloud. In my parlance, it’s called a “Web Site.”
Second, yes, real-time forensics, aka network traffic inspection (or monitoring or whatever you want to call it) would certainly help. This isn’t new, it’s been around quite some time as NSM or even IDS/IPS technology.
Third, real-time monitoring isn’t quite as easy as a 4-paragraph article would lead laymen, managers, or even IT staff to believe. You need your network built in a way to make it convenient to capture and act on network traffic. Throughput to keep up. Software that knows how to inspect traffic and pick out the bad things and alert/act. Storage enough to review findings. And staff to blue all of that together, keep it operating smoothly, and work on the inevitable gaps and weaknesses that any such tool will offer.
I hate being a wet blanket on security where someone says XYZ will solve that problem, but leaves with the undertone that XYZ is easy to do and/or costs nothing to a company other than a license. It’s the same expectation when someone bandies about “open source” software and how it is free and saves the company money…with no regard to how much internal support and homegrown glue will cost in the long run. That’s great that it’s free in your home network of just you, but what about across 1,000 persons?
I agree with intiatives like NSM and “real-time forensics.” But I just dislike propping them up to fail by virtue of unrealistic expectations.