Threats to information technology infrastructures are becoming increasingly sophisticated, with malicious applications, weaponized email attachments, and socially engineered malware all growing in both number and capability. Organizations must take a multi-layered approach to detecting and defending against attacks and intrusions in this changing threat landscape, and there are key security measures every company should employ to develop and maintain strong security.
This is a blueprint of the minimum recommended technologies that, when properly implemented, reduce overall risk, regardless of which manufacturer you choose for each technology.
Traditional firewalls can perform the most basic gatekeeping tasks including opening and blocking ports, translating network addresses, and governing outbound traffic.
Many of today’s threats, however, can evade these safety measures, creating the need for more advanced firewall functionality. A next-generation firewall enhances primary protection capabilities and provides more thorough security with a number of sophisticated features including:
- Intrusion prevention systems that continuously monitor networks for interference with normal traffic, security breaches, and other undesirable activities.
- SSL and SSH inspection that identifies and blocks connections established by malware for the purpose of uploading sensitive data or downloading harmful material. Additionally, more and more sites are defaulting to HTTPS reducing the amount of traffic a traditional firewall can see without being able to inspect SSL traffic.
- Anti-malware protection that’s connected to a constantly updated global threat center.
- Application awareness that analyzes the traffic generated by each application to identify abnormalities.
Although a username and password are two of the most common forms of authentication, the rise of security breaches in recent years has proven that they simply are not enough. In part, this is because of weak password practices and using only one class of credentials, in this case, knowledge.
Authentication factors are distinct categories of credentials that can, alone or together, verify the identity of a user. The two basic classifications include knowledge factors, or something the user knows such as security questions, usernames, and passwords, as well as possession factors, or something the user has, such as a key card. The third category of authentication is inherence factors, which are things that are unique to the user including biometrics such as fingerprints. The most advanced systems monitor and analyze the times a user interacts with the system and the locations from which he does so as additional factors.
Two-factor authentication is most useful when the factors come from two different categories. Using this approach offers greater protection from theft of credentials and reduces the risk of a breach from phishing and social engineering schemes.
Secure Mobile and Remote Access
Businesses are also tasked with protecting resources on virtual networks when users need to access them from outside of the organization. While the firewall often handles this duty, it may not be sufficient beyond about 50 concurrent VPN users.
In these cases, organizations should look into a VPN concentrator. This virtual or physical device is a dedicated VPN gateway outside of the router or firewall that focuses specifically on mobile and remote access and traffic.
It’s equally important to ensure proper authentication of the mobile devices used to access a network so two-factor authentication is highly recommended. Biometric methods work especially well on mobile devices, with many being capable of fingerprint, facial and voice recognition as well as iris scanning. GPS can also be used to verify the user’s location, creating a simple but effective two-factor authentication protocol.
With email phishing and attachment-based ransomware on the rise, filtering malicious emails before they even appear in the inbox is the first step in email security. Incoming emails can be scanned for indicators of social-engineering designed to trick the receiver into revealing sensitive information.
Once threats are detected, they can be quarantined or otherwise rendered harmless. Links within emails can be monitored as well with applications that examine the URLs and the sites they point to. If malicious sites are discovered, the system prevents users from even opening the links.
Advanced Persistent Threat Detection
Advanced Persistent Threats utilize stealth to evade security barriers including anti-malware programs and firewalls. APTs can cause considerable damage as they are engineered to work quietly in the background over long periods of time, gathering and sending information as well as destabilizing the IT infrastructure to allow more malware through.
Sandboxes and emulators can help fight against these silent attackers by creating a virtual environment that seems just like the real thing and placing suspicious applications into them before they can reach the actual IT structure.
These tools then monitor the activity of the applications for signs of rogue behavior and quarantine any malicious items.
Data Protection and Encryption
Implementing proper file, folder, and hard drive encryption policies not only reduces the risk of data being accessed and extracted by unauthorized parties but renders the information unreadable even if it is exfiltrated. Depending on the type and scope of data that needs to be protected, encryption can be applied via hardware and operating system services, dedicated applications, or drivers.
Users will not be able to read the data without the proper credentials, which should include at least two authentication factors.
Identity Management and Governance
Monitoring and protecting superuser and admin accounts for servers, databases, VMware/Hyper-V consoles, SaaS applications, and other parts of an organization’s IT environment requires effective privileged identity management. PCI DSS 3.2 can add multi-factor authentication as a requirement for any personnel with non-console administrative access to the systems handling card data so that a password alone is not enough to verify the user’s identity and grant access to sensitive information.
Developing a reliable identity governance policy to centralize orchestration of user identity management and access control is also key. With proper active directory practices, businesses will ensure that only current employees are active and that those employees only have permissions specific to their job role.
This can also verify that the activity is originating from expected regions or IP locations.
Implementing this blueprint will help provide a good foundation and structure, but are by no means the final result. Proper configuration, monitoring, and patching are still critical practices to ensure your tools are properly working. Additionally, the education of your associate is a great next step.
However, with these suggestions properly in place, you will have greater visibility into your environment, stronger access control, and the ability to then make strategic additions as necessary for your specific environment.
Ready to up your security game?
Our security experts are here to help you every step of the way. Connect with us to start developing the right blueprint for your organization.