I had an interesting meeting this past week with some nice folks who run a fairly important network. During the meeting, we spent a fair bit of time discussing some of their concerns relating to the security of the network. I was surprised to find out that one of their biggest concerns is the network being attacked and brought down. Not because it can't happen (it certainly could), but rather because it's a big hypothetical. Compare that to what's probably already happening. I asked those on the other side of the conference room table how they were monitoring their network. Their response? "We aren't." Yikes. I'm not a betting man, but if I were, I'd probably bet that there are already nefarious elements on their network operating as they please (be it for profit or other means). Perhaps these nefarious elements are slowly taking bits and pieces of the network for themselves as it pleases them. Just slowly enough so as not to raise any eyebrows. How can my new friends find out for sure what's on their network? Take a look at it. Let the data tell you what's on the network and what the biggest threats to the network are.
I often hear people mention the whole "bring the network down" fear. Personally, I'm much more concerned with what's already on the network and is a real, tangible threat. Worried about some hypothetical future attack? Call your upstream providers. Make sure you have a good rapport with them, and that they know how to drop packets when packets need to be dropped. Preparations complete. Next threat please.