Cybersec: 7 key weapons in your frontline defence against cyber threats.
By Andrew Morrison , Our Global SVP, Solutions and Services,?Noventiq
There is no silver bullet to make a business' IT infrastructure immune from attack. Security tools come in all shapes and sizes, and are designed for myriad purposes, each with their own advantages and blind spots. To build out anything resembling a 'complete' security system, first you need to put all the 'bricks' together.
Security is a process. You can’t just allocate some budget once, and then kick back and expect everything to go swimmingly for ever more. Cybercrime is constantly improving, so taking a progressive approach to protection systems is essential. In fact, there can be significant financial benefits to taking this approach. Case in point — we recently launched a pilot project with a data leakage protection solution for one of our customers. Within 3 months of deploying the solution, he was able to put a stop to corruption schemes costing him in excess of a million dollars.
Level of protection: Basic
Protecting endpoints
What kind of tools do I need?
Anti-viruses, licensed software
When do I need to think about deploying?
When at least one device appears in the company
What's the value?
Insurance against most widespread threats
Main disadvantage: Powerless against new and complex threats
The most basic level of protection for processes, business data, and sensitive information. In the field of security, these solutions are known for being fool-proof, since the antivirus system protects you against already known viruses, worms, trojans that have previously entered the database.
The security foundation also includes licensed software which gives you regular updates to combat the latest threats.
Protecting your perimeter
Tools: firewall (Firewall)
Who should think about deploying?
If a company uses the internet, they should be using a firewall.
What's the value?
Basic protection from external threats for your corporate network
Any downside?
The protection is basic, and likely to leave you vulnerable to more sophisticated attacks
The very first security system which an attacker comes up against is the firewall. This is a set of hardware and software tools that control and filter traffic passing through it at various points and according to specific rules. This wall serves as a boundary line between your organization and the internet, through which you can safely interact. A firewall's main job is to protect computer networks from intrusions, control user access to the internet, check traffic for threats, and filter network packets.
Firewalls are one of the bedrocks of security and should be absolutely mandatory. However, they don't solve all your problems. Firewalls come with different capabilities, and there is always a risk that they will remain bottlenecks that attackers can bypass with a well-thought-out targeted attack. Also, they won't offer you protection from any internal threats.
Advanced level protection
Protecting endpoints
Tools: EDR (Endpoint Detection & Response)
Why do I need this?
To prevent advanced attacks by detecting malicious activity as soon as it happens
What's the value?
Basic protection of endpoints inside the perimeter from advanced threats, and also the possibility to eliminate them.
While antiviruses prevent typical threats from getting in, EDR reveals unknown sophisticated threats and covert attacks. It also keeps an eye on the status of endpoints (mail, virtual machines, Internet gateways) and detects malicious activity by analysing behaviour. EDRs help security teams to track threats, including targeted attacks, and contain them before they do any damage.
Any downside?
EDRs only detect and investigate malicious activity. This means that internal threats can still penetrate your network. Although EDRs allow you to block attacks and isolate files, they don't offer maximum protection. You need a qualified team of security analysts to work with this system and integrate with other security tools.
领英推荐
Protecting yourself against unknown threats
Tools: sandbox
When do you need this?
For any interactions with external files.
What's the value?
The ability to block new threats and complex attacks on a budget, without complex settings and involving specialists.
Any downside?
Malware may not open in your sandbox if it doesn't simulate the real environment well enough.
The sandbox is a key element in the search for comprehensive protection against unknown and advanced threats (ATP). It means you have an isolated environment where all files downloaded by users from the Internet, letters, documents, etc. can be safely examined. Only once the files are found to be safe through behavioral analysis are they made available to users.
Sandboxes give us an opportunity to see how a file will behave if it gets to a real workstation. If it attempts to commit illegal actions, request access, encrypt files, spread a virus over the network, you can easily block it and prevent it from penetrating the real infrastructure. Sandboxes are immensely popular because they're highly efficient, and implementing and maintaining them is relatively cheap and easy.
However, sandboxes also have their weak points. For example, for targeted attacks, malware can be created that runs only if certain applications and utilities are present on the workstation, and if they are absent in your isolated emulation environment, the sandbox will not be able to detect the attack, and the malicious file will get through to the real infrastructure. Nevertheless, in combination with other tools, a sandbox serves as an indispensable link in your information security system.
Protecting your network
Tools: NTA (Network Traffic Analysis), network traffic analysis systems
When do I need this?
When the infrastructure is connected to the network and there's a possibility of targeted attacks
What's the value?
It gives you a detailed picture of all activity within your infrastructure and traffic storage
Any downside?
The need to integrate with other security tools to detect and eliminate threats
Network traffic analysis systems identify threats by examining events at the network level. They monitor traffic to detect the presence of intruders in the early stages of an attack, quickly localise threats, and even make sure that you're compliant with the latest regulations. NTAs are able to store a snapshot of all processed traffic, which is important when investigating incidents.
These solutions are designed to handle large volumes of traffic. This means that with their help, not just single operations, but whole chains of attack can be tracked. This is possible thanks to a combination of behavioral analysis, machine learning, retrospective analysis, and indicators of compromise. NTAs detect suspicious activity in traffic that firewalls allow, and help you to track the actions of attackers in blind spots.
Preventing leaks & Protecting data
Tools: DLP, VPN
When do I need this?
When there are employees working with sensitive data, or if you work with remote employees
What's the value?
Detecting and blocking leaks, encrypted data transfer, monitoring employees
Any downside?
Not easy to deploy, configure, and maintain
It's easy to get caught up in protecting yourself from external threats, and to forget the danger within. DLP helps to prevent confidential information from being leaked by tracking the transfer of documents by email, copying information to removable media, as well as handing transmissions through web services, social networks, cloud storage, and even photographing and printing documents. These technologies detect leaks from employees or malware, block the data from being transferred to the outside, and notify the information security officer.
DLPs can also perform a number of other useful tasks on the side. You can use them to track what employees do during their working day, what they type, what letters they forward, etc. This became especially popular during the period of mass remote work. Many managers were looking for these features to control and manage their teams. But with the help of DLPs, you can also undertake more significant tasks such as flagging corruption schemes, shadow interactions, contracts at inflated prices, etc.
As we've already mentioned here, one of our customers saved about a million dollars during the pilot stage of a DLP project. Piloting projects like this happens quite a lot given that the solutions are quite complex in execution, and require administration by highly qualified specialists.
VPN solutions are used by ordinary users to remain anonymous online and use blocked resources. Companies use VPNs to encrypt sensitive data while working remotely. Enterprises build secure communication channels between branches and contractors, and encrypt communication channels to protect transmitted information. A VPN ensures that encrypted information is delivered from point A and decrypted at point B. Cons: The security protocol can be difficult to set up, and misconfiguration can lead to vulnerabilities and leaks, so you need to involve experienced specialists to work with it.
To protect your organization from various types of threats, it is essential to have a comprehensive security strategy in place. This should include a combination of different security measures such as firewalls, antivirus software, intrusion detection and prevention systems, sandboxes, network traffic analysis systems, DLP, and VPNs. It is important to involve experienced security professionals in the deployment, configuration, and maintenance of these tools to ensure that they are configured correctly and working effectively. Organizations should also regularly review and update their security strategies to adapt to the ever-changing threat landscape, as no single solution can provide 100% protection against all potential threats.
If you need to get a clearer understanding of how secure your organization is, Noventiq experts can help you evaluate your existing digital architecture, and map out the steps you need to take to ensure that your operations are effective and secure.