Thursday, August 4, 2016

Layered security: High-speed internet changed everything

Back in my day a good AV product was all you needed to protect a network. Patches were mostly bug fixes, and the internet was relatively safe.

High Speed Internet changed everything. Back in the days of dial up, the bandwidth did not exist to provide a cyber-criminal with decent access to your network. The connection wasn’t 24/7 either. Users connected to the internet, did what was needed, and logged off so someone could use the phone line to make a call.

By David Ianetta

Ah, the good old days…

Fast forward 20 years or so.

Like Bob Seger sang, “Twenty years… where’d they go… twenty years… I don’t know…”

Sigh, where did they go?

Anyway, the point is, today almost every computer connects to high speed internet, 24/7. This change alone paved the way for cyber-criminals to have access to unprotected machines, all over the world.

Antivirus (AV) simply is not enough anymore, and it is a reactive defense rather than a proactive one. AV protects you only after you’ve been infected.

Cyber-criminals tend to target operating system and third-party software vulnerabilities. This means that Patch Management has gone from an “optional” method of keeping up with the latest fixes, to a necessary (and more often legally required) proactive security measure.

Simply put, if you have a network, you have to patch. This has become a full-time job.

The next issue is that not all the sites out there are friendly. Cyber-criminals know that users will be drawn to anything that is free. Many of these sites are designed to lure unsuspecting users into a place where their machines can be compromised for data or even taken over as in the case of a Botnet. While the user feels they are lucking out, watching “Game of Thrones” for free, behind the scenes there very well could be compromising software installed, waiting to be fired up and used at the right time.

Today, a layered security approach is essential. What does that look like?

First layer: Web Filtering

This will help prevent users from going to compromised or fraud sites. Now you may have an appliance that does this, and that is great. However keep in mind that one infected remote user can unknowingly “smuggle in” something than can infect your whole network. You must be able to apply the same filtering to everyone.

Second layer: Patch Management

All the security software in the world won’t help you if an attacker is able to take control of your OS or Browser based on a vulnerability. Patching is absolutely essential. However don't do this blindly. Follow the simple pattern of Scan, Test and Deploy. Pushing out patches to your entire network without testing is risky business at best.

Third layer: Antivirus

What was once the first and only layer, has now become the reactive security layer. This defense kicks in if a criminal has managed to get past the first two.

Cyber-criminals today have the world at their doorstep. They are looking for quick and easy access. Covering the three layers mentioned here makes you far less attractive to them. There are too many networks out there that are not taking this approach.

Don’t be the low hanging fruit, keep your users and your business protected.