Traditional cyber-attacks were signature-based, meaning they where predefined and deployed across the world. Signature-based cybersecurity would consistently scan its network for these attacks. Unfortunately, cyber-attacks have evolved significantly and now signature-based cybersecurity often can't pinpoint cyber-attacks due to their complexity and recency of creation. These next-generation cyber-attacks dictate a next-generation cybersecurity response. One of the best approaches to the new world of cyber-attacks is a layered security approach.
Layered security is the process of securing your organization's assets from attacks that can come from multiple avenues within your organization. In this article, I will share the three most important elements of a layered security approach.
A firewall is a physical piece of equipment that sits between the public internet and the internal network/office. All internet bound traffic passes through the firewall. More importantly, all traffic coming from the public internet into the network/office passes through the firewall. The firewall checks each packet of data to make sure it is coming from a legitimate source, the date and time stamps match up, the packet doesn’t contain malicious or harmful data and so on.
You can think of the firewall like you would the TSA checkpoint at any airport. The larger the airport the larger the checkpoint, but they all function basically the same. Agents are checking that names on boarding passes match IDs, that the photo on the ID looks like the person standing there, that baggage doesn’t contain weapons or explosives, and so on. Both the TSA and firewalls make mistakes and sometimes bad actors or weapons make it through, but in general, it forces the bad actors to take a different route to your network or to skip your network all together and find an easier target.
Endpoint security is a program installed on computers and servers. Most everyone is familiar w/anti-virus software installed on computers for the past decade or two. This software protected computers from virus programs that would infect the computer, make it run slow, turn it into a zombie machine, etc. Usually the software was updated monthly or quarterly and a scan was run on some schedule. The user would only know if they were infected after the fact. Clean up tools would be used to remove the virus, but very little could be done to prevent the problem from occurring in the first place. Modern endpoint security does everything that anti-virus programs did in the past but more. They protect against real-time threats that may happen as a user is browsing various websites, it monitors services that are running on the computer in the background, and actively scanning for ransomware and malware attacks.
Anti-virus is analogous to a burglar alarm. You only receive the alarm after the criminal has broken into the building and that is IF you remembered to arm the system when you left for the day. Endpoint security is like an intrusion prevention system that sends alerts when a window is left open after hours, when a door is propped open for more than three minutes, if motion is detected in areas and so forth. An intrusion system actively monitors multiple components of the building, sends alerts as they occur, and makes changes to the building’s physical security in real-time.
Firewalls and endpoint security don’t monitor or scan the email that is coming into or sent out by your users, any more than a TSA checkpoint or burglar alarm knows what mail you bring in your office from the post office. A separate service, often called email filtering or email gateway, intercepts each sent and received message and scans it for malicious content, junk or bulk mail, phishing attack and other bad behavior. Once each message is scanned it is either delivered, quarantined for further review, or dropped/deleted. A front office receptionist often does this type of filtering with physical mail; checking for junk mail, opening letters that look legitimate and if so, delivering to the appropriate co-worker, but if illegitimate tossing them in the recycle bin.
These types of services are commonly referred to as a “Layered Security Approach” Each component can be implemented “ala carte” style by a multitude of vendors. We, at Pine Cove, like to use each of these products from a single vendor, Sophos, for ease of management and configuration. This also translates to a consolidation of vendors, bills, due dates, renewals, etc... into a single transaction that occurs on a pre-defined term (monthly, annually, bi-annually).
Schedule a demo to learn more about layered security by clicking the button below.