Each year there are more than 50 million cyber attacks in the UK alone and this number is rising. It’s fast becoming evident that old security technologies are diminishing in effectiveness and holes are opening up in corporate security networks. In the paragraphs below I explore the good, the bad and the ugly to dispel some of the common myths around the enterprise security armoury.
1. Web/Content Filtering
As more and more business is done over the web, IT managers are finding websites to be a growing concern. Simply restricting sites by domain is no longer effective, as it cannot provide the flexibility that modern businesses require:
- Content can be filtered while in transit, helping to prevent unwanted content entering the network. This may be malicious sites or those categorised as illegal or questionable.
- Setting appropriate filters can help keep employees focused on getting things done instead of watching the latest “dancing cat” video. Saving both time and bandwidth.
- Scanning within web pages plays a crucial role in spotting and protecting against malware and viruses embedded within the page.
- Content is inadvertently restricted or websites are mis-categorised. The network may also be slowed down while filtering is applied. Both lead to frustration and will result in employees looking for short cuts and ways to get around the system.
- What most security vendors won’t tell you is that scanning is often limited to web ports such as 80 and 443. Today, traffic is traversing more ports than ever leaving networks open to attack. Restricting these ports altogether is not a solution as this can stop business applications using those ports from functioning. For true security that addresses the modern, social and mobile age of business, it’s critical that the security can address all TCP and UDP ports.
One of the most widely used security tools in the industry, allow-lists and block-lists span firewalls, secure web gateways, web filters, application firewalls and more. The popularity might stem from the natural instinct that if you want to block something out of the network, you should simply create a list of what you want blocked. Alternatively, you can take the inverse approach and make use of allow-lists. In this case, organisations make a list of what is allowed to access the network and nothing else:
- This is an easy way for IT administrators to add sites, IP addresses, and applications to a list, just by outlining what is allowed and what is blocked.
- As a security function, almost every type of network security product implements block-lists and allow-lists. Whether it’s your firewalls ACL or your web filters “blocked sites” list, you’re sure to find a section that will let you enter sites and IP Addresses to your heart’s content.
- The size of the list is typically limited. Given the size of the IP Address space in IPv4 and astronomical size of the IPv6 space, the block-list technique is almost futile. Using web lists for blocking will easily consume the maximum list capacity if it were to be effective.
- As the list grows, there can be detrimental effects on network performance too. This may vary from vendor or model, but there’s no doubt that extremely large lists consume memory and affect lookup performance.
- Deciding what should be entered into the list is at the very least a daunting or impossible feat. Threats evolve and spring up each day with the landscape continuously changing. It’s inevitable that some will be missed, creating security holes within your network.
- Managing a massive list will tie up most of your day distracting you from performing other measures that would be far more effective.
Email is an essential part of daily business and in 2013, it was estimated that over 100 billion business emails were sent and received per day. With volume and sophistication on the rise it’s worth weighing up your options:
- A fundamental component of any organisation. Unless of course you want to have heap loads of junk email to sift through every day in your inbox. A solid anti-spam solution not only saves valuable employee time but also goes a long way to keep out mails that may contain malicious code.
- Occasionally a clean email gets locked in the quarantine. This can cause frustration for employees, and in some cases result in added calls to the IT help desk as employees struggle to release needed mails.
- Although on-premise spam solutions may be blocking spam from entering your inbox at an effective rate, it doesn’t prevent spammers from sending spam to the network before being caught. In this case, spam can chew up valuable bandwidth. Switching to a cloud spam solution can solve this problem as the cloud bandwidth is used vs. the pipe to your network.
- Users may over rely on the fact that the email made it to their inbox with the assumption that it’s clean only to find out it’s the “I Love You” virus after opening the email attachment.
A straight forward email security solution is no longer enough to guard against the tide of malicious mail that floods corporate mailboxes daily. Email borne viruses, worms, malware and Trojans all have the potential to damage corporate networks and bring business critical applications to their knees. Don’t be one of them!
- Anti-virus solutions can an scan files directly on a PC. For example, it doesn’t matter if the file was transferred over an encrypted connection, came from a USB, or a CD; anti-virus can still perform its necessary scan and quarantine malicious files.
- It can serve to augment network gateway security within secure web gateways by scanning files while in transit, blocking them before they reach critical network resources.
- Too many legacy solutions rely on scanning signatures. Hackers are one step ahead and so they make modifications malware to avoid detection. The rise of social media has resulted in many more ways to deliver viruses and malware, so hackers can easily adapt viruses to quickly bypass signature scanning.
- As is the case with block-lists, ensuring that antivirus signatures are up to date on all systems can be a daunting task even with centralised dashboards. With shrinking IT teams, many simply just don’t have the time or resource to dedicate to this.
- It’s become commonplace for employees to access corporate email via a mobile device. Often this is not a standard work-issue device and IT managers are challenged with managing multiple devices all with different operation systems. For antivirus solutions to be effective, mobile device manufactures must allow antivirus hooks. Without this access, the devices require root permissions that may void warranty or be impossible to enforce in BYOD environments.
I’ve explored some of the most important IT security tools and highlighted areas where legacy log-based solutions simply don’t offer the protection required by a modern business. Legacy systems, while strong in some areas with many good points, fall short on the crucial aspect of protecting the emerging channels of mobile and social, offering a reactive approach to threat detection. The need for a new, proactive behavioural approach to enterprise security is clear if organisations are to turn the tide on cyber attacks. Can you afford not to?