Now we know what we are up against in Part 1 of this short blog series, what can we do to protect ourselves and our business?
With so many products out there and so many ways to deploy, which is the right approach?
Let’s think about security defence like an airport. There are multiple layers of security and checks before you are let onto the plane – all to keep you and your fellow passengers safe.
1st line – Firewall
When you get to the airport, the first step in reaching your final destination is going to the airline desk to get your ticket (assuming you’ve not checked in online, in which case this step would happen digitally). Your identity is checked and there is confirmation that you have purchased a ticket for the flight in question.
This is a very similar process to what a firewall does. It has a list of what is allowed in or out of your network. If you are not on the list, you are not allowed to proceed. These are usually hardware devices that sit between your router/modem and your internal network.
2nd line – IDS/IPS and SPAM filtering
Once you get your ticket, you make your way across the airport to customs. Here are general stages you will go through…
If all is well, you head on into the concourse but if customs have doubts then the following can take place…
This is what an Intrusion Detection System/Intrusion Prevention System does. The IDS will check if the data passing through is legitimate and will notify you if the network traffic is malicious. The IPS will attempt to block the malicious network traffic.
For emails, we have spam filtering. These systems will check incoming and outgoing email ensuring that it is coming from a reputable server and there are no malicious content or links.
3rd line – AntiVirus/Anti-Malware software
You have finally passed customs, had a coffee or two and are now ready to board the plane. You need to clear the last checkpoint – the airline staff at the gate. They ensure you are boarding the right plane, sitting tin the right seat, and look after you while you’re on the plane.
Similar, anti-virus/anti-malware software on your computer continuously check and ensure that any programs or files you access and open are not malicious. It will attempt to block the malicious program run by checking the behaviour of the program, e.g.if the program is trying to access a restricted area of your PC or is running unusual commands.
To protect your business and yourself, you need to look at a multi-layered approach, just one single product will not protect you – even if it says that it will There will always be a security hole that the threat actors/actress will use but having strategic advice from some experts and then installing a more robust, holistic product can remove the security hole or at the very least make it difficult for them.
In the 3rd instalment of this short blog series, we will talk about the final line of defence: your employees.