Cloud 101CircleEventsBlog

Social Media Traffic Monitoring – From Thought Police to Security Priority

Published 02/06/2023

Social Media Traffic Monitoring – From Thought Police to Security Priority

Originally published by Netography.

Written by Mal Fitzgerald, Sales Engineer, Netography.

It seems as though every week we hear about another government agency that has banned a specific social media platform from their government-issued devices. There are a multitude of reasons for banning social media off of devices that touch your network, such as phishing and malware concerns and the overreach of privacy needs stated in the terms of service, just to name a couple. No matter how restrictive employer policies are on the matter, Social Media Traffic Monitoring is an important endeavor.

“Social Media Traffic Monitoring:” Those four words bring me back to high school, pimple-faced, much thinner, and reading a ragged, handed-down copy of George Orwell’s 1984. They make me feel like I am part of the “thought police.”

If you’re old enough (and I certainly am), you remember “Samy” the MySpace worm, or the “Koobface” virus, found on Facebook, among other sites. The fact is, we have been doing some level of social media monitoring for quite some time on corporate networks. The difference, though, is back then all we thought we needed to worry about was catching a localized worm before it spread to other client machines, and reimaging anything we believed had been impacted.

Today, however, social media is so much more than sharing your pet photos online for your friends and family. Social media has become a part of our everyday lives. It’s where we get our news, find our next job, or even crowdsource how to fix a non-booting indoor exercise bike (me yesterday, thanks Reddit!). The ways we use and interact with social media continue to expand rapidly. As with many things, as the use expands, so does the risk.

Networks Have Changed and Social Traffic Matters

We continue to hear about the atomization of corporate networks, and how many security teams have gone blind to the traffic coming into or out of these networks today. These networks have become dispersed, ephemeral, encrypted and diverse in this new COVID world, and threats have utilized this complexity and lack of visibility to hide in the shadows. That makes it even more paramount that security teams have visibility into social media traffic – whether or not that traffic is allowed or disallowed on their corporate networks.

Why?

Operational Governance

In every network we begin by setting our policies and evaluating our risks. What do we allow, where do we allow it to, when do we allow it, and who do we allow to access it? Social media is no different. Although stopping employees from checking their Twitter feeds could lead to chaos and pitchforks in office hallways, most likely this type of traffic should never be leaving from your application networks.

Identifying Potential Threats

Social media is a treasure trove of information for threat actors and a breeding ground for those threats. Phishing scams, malware, and ransomware have all been delivered through some level of social media interaction.

Trust but Verify

We set social media policies in ways that we believe close the gaps in our risk registers, but without full network visibility, we can neither confirm nor deny that type of traffic is being generated from a vulnerable area of the network, such as our short-lasting, ephemeral workloads.

Detecting Breaches of Business Accounts

Social media is not just about your end users’ Facebook profile. Every business now has some level of social media presence and, in many cases, those accounts have exclusive rights inside the organization. These accounts could lead to serious theft of sensitive data, or the posting of misinformation about the business itself.

Why Monitoring Network Traffic Can Help In This Fight For Visibility

Once our policies and risks have been properly identified, we must now go through the arduous process of determining how and where we will monitor for violations. The ability to visualize the traffic coming and going from every area of your dispersed, ephemeral, and increasingly encrypted and diverse network is an effective place to start. A SaaS, network-centric approach helps glean the visibility you need to truly understand if your social media traffic policies are being met in your on-premise, hybrid cloud, or multi cloud environments.

This rings especially true in networks on which you typically cannot install agents or devices that may only have a short-lived lifespan. For example, the operational technology (OT) controller we witness being used to check an administrator’s Facebook page, or the EC2 instance that connects to TikTok so a developer could bypass the policies in place on their local endpoint. Like any strong security posture, there will be attempts to get around them. Having visibility across the entirety of your Atomized Network will be key in trusting the policies and procedures you have put in place are being followed appropriately.

Share this content on your favorite social network today!