When it comes to IT Security, IT professionals know one simple fact. There is no single solution available within the marketplace capable of securing their network and IT infrastructure against the plethora of cyber-attacks that are currently being aimed at their business.
Although single-focus solutions are useful in stopping specific attacks, the capabilities of advanced cyber-crime are so broad that such protections inevitably fail. A layered security approach is now more relevant than ever in providing better protection of your IT assets.
I have always considered the following five layers as essential to helping ensure an enterprises digital protection, detection and remediation. These layers are a mixture of physical, procedural and behavioural systems, and it can be argued that I should sub-divide these layers further but five is a good basis for all businesses.
Detection and Remediation
When (not if but when) a malicious object penetrates your networks defences, your security systems must be intelligent enough to “detect and fix???.
How it got in (i.e. the vulnerability in your systems), the damage it done and measures to ensure it doesn’t happen again must all be as automated as possible.
Antivirus and antimalware
This is typically a business’s single endpoint layer of protection against vulnerability exploitation, with it in place and alongside the assurances of the AV vendors marketing machine, they feel ‘safe and secure’.
It is of course an essential part of a business’s security plan but IT departments relaying on it to block all virus’s and malware have their heads stuck firmly in the sand as their employees flick through Facebook watching videos and clicking on links during their breaks.
When your prevention doesn’t prevent, then it’s always useful for IT teams to notice that an attack actually took place, and unlike you might think, this isn’t always obvious. Smart IT teams have systems in place to baseline normal behaviour, and report when non-conformities from the norm appear.
In its very simplest form, an admin users network traffic from their client PC to the firewall is easily baselined, along with the protocols used and the websites and systems accessed on a Monday morning. Increased traffic between those two devices through new ports to new websites is a non-conformity and should allow IT teams to analyse along with the other layers of security in place, to identify what is happening.
Are firewalls the first and only thing that spring to your mind? Think layered, therefore Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are also an important part of a layered network perimeter protection strategy.
In simple terms, firewalls have rules that are typically “allow packets through or drop???. IPS rules are driven to “block this known threat??? as IPS looks for a reason to drop the packet. IDS is very different to IPS. While IPS is a control tool, IDS is a visibility tool that sit off to the side of the network and provide a security posture of the network as a whole.
File reputation monitoring within endpoints and servers has proven an effective additional layer of detection over and above that provided by a single antivirus solution. Every file has a unique checksum which can be cross-referenced with online repositories to ensure its reputation is good, and its widely used.
It’s been difficult for cyber criminals to counter or bypass reputation scanning due to both white lists (the list of known good files), black lists and how common your executable is across the rest of the globe.
LoughTec are providing a suite of solutions that provide real world layered protection that fit with the IT strategy of organisations of all sizes located throughout EMEA, Asia and the US.
We know how to protect against the plethora of attacks orchestrated by cyber criminals on a daily basis.
Talk to us, get better educated and protected.