The lack of silver-bullet solutions calls for an approach that delivers the protection you need, when it is needed
Friday, November 22, 2019
By Marcus Chung
It is important to stay abreast of the latest attack schemes - see The Year's Top Attack Vectors: Review and Prepare - and frequently re-evaluate your security posture in light of any new developments. It is impossible to protect against 100% of the threats 100% of the time. However, an adaptive and layered security approach can help create a feedback loop of threat visibility, detection and prevention that consistently becomes more effective.
In our digital world, security risks come in all shapes and sizes and wield varying levels of potential damage. If you weren't already convinced that cybersecurity threats are getting more frightening each year, here are some startling stats:
Americans are more worried about cybercrime than violent crimes - including terrorism, murder and sexual assault (Gallup)
The average cost of a data breach for organizations worldwide is $3.9 million and rising (Ponemon Institute)
Traditional security methods of the past included anti-virus software, intrusion detection systems (IDS), intrusion prevention systems (IPS) and firewalls. These approaches are no longer enough because mobility, cloud and IoT trends have dissolved the network perimeter, and environments are no longer static.
Adaptive security analyzes behaviors and events to protect against and adapt to threats before they happen. With an adaptive security architecture, an organization can continuously assess risk and automatically apply proportional enforcement that can be dialed up or down as needed.
Rather than just examining log files, monitoring checkpoints and responding to alerts, adaptive security software uses heuristics to study patterns. When done right, adaptive security helps you prevent an attack from occurring and respond to a breach within milliseconds.
The following list provides a high-level outline of the layered security best practices and adaptive technologies your organization should be adding on top of traditional network defenses.
It's vital to have the latest endpoint protection platform (EPP) deployed on user devices to prevent file-based malware attacks, detect malicious activity and provide the investigation and remediation capabilities necessary to respond to dynamic security incidents and alerts.
Anti-virus and anti-malware tools are a popular and well-recognized type of endpoint security, which protect enterprises against signature-based attacks and scan files for malicious threats by consulting against threat intelligence databases. But remember, anti-virus solutions often prove limited in defending against newer and more advanced cyber threats, so this solution definitely needs the layered support of other defenses.
A continuous adaptive risk and trust framework is needed to protect inboxes from exposure to increasingly sophisticated threats. Large-scale migration of email to the cloud requires a strategic shift in how organizations secure this channel. Email security software can provide the prediction, prevention, detection and response framework you need to provide access and attack protection for email.
Identify and secure unmanaged devices. To help protect against a myriad of threats, scan your network, then patch any unsecured machines, including potential blind spots like Internet of Things devices, and make sure everything has the latest endpoint protection.
Focus on patching known vulnerabilities. They are the low-hanging fruit for attackers, and failure to address them could lead to an explosion of malware across your network after a successful penetration.
Limit what staff has access to. The principle of “least privilege access” should apply to all IT systems. Provide staff only with the minimum access they need to do their roles.
Apply protection directly to sensitive data with encryption. Then, even if the perimeter is breached, you can be sure that your information remains secure, no matter where it resides.
Use Data Loss Prevention (DLP) to prevent confidential data from falling into the wrong hands by providing visibility into what data is leaving the organization and enforcing protection policies to prevent illegal access to data.
Monitoring and Response
Perform regular vulnerability assessments. Major changes to the enterprise IT environment, including cloud computing, big data, and the Internet of Things make threat hunting increasingly difficult, as security teams are chasing an ever-growing list of technologies, software, as well as an exploding amount of their customers' and employees' sensitive data. If you lack the manpower and resources necessary to carry out regular assessments, scans and remediation activities, consider hiring an expert threat and vulnerability management service provider.
Cyber Security monitoring is a critical element of cyber risk management that enables you to detect attacks at their early stages and escalate threats for remediation before they can cause damage to your business.
Create a series of well managed data backups. These will allow you to recover from user mistakes and encrypted files. Make sure you regularly test your backups.
Use failsafe mechanisms to avoid a disaster if and when things go wrong. Sandboxing, browser isolation and mirror shielding technology can help you isolate and quickly recover from any mistakes users make, whether it be a zero-day threat or accidently opening a malicious file.
Comply with data protection regulations. The best way to ensure compliance is by creating a data security policy that keeps data safe from risks both inside and outside of the company.
Make sure to have a comprehensive security awareness training program. If you can stop an employee from opening a malicious file or link in the first place, then malware will struggle to find a foothold on your network. Also, staff should be wary of unsolicited emails, particularly those that ask for a prompt response or sensitive information.
Deep learning can be a valuable tool in the fight against attacks. To combat a foe that's constantly evolving, you want your defenses to do the same.
Keep an eye out for innovative solutions. Cybercriminals keep gaining ground because they are willing to innovate. As a result, cybersecurity is not something that you can set once and forget. There are potentially game-changing solutions in development, like blockchain-based database protection, that deserve consideration as attack vectors evolve and these new technologies prove themselves enterprise-ready.
Effective adaptive security requires robust solutions that incorporate a variety of features and security measures for predicting threats and ensuring comprehensive network and endpoint protection. There is no single system or process in adaptive security. It is a multi-level, 24/7 monitoring system that is designed to evolve as cyber threats and attacks become more sophisticated and complex.
“Expert on Call”
Many businesses make the mistake of tapping into security technology when they don't have the right staff to manage it. If you don't have the budget to hire full-time security staff or your current staff is busy keeping day-to-day business operations running smoothly, seek advice from a trusted security adviser. Most companies agree that having an expert on call, who can lead them through tough security decisions in an ever-changing landscape, is key to their ongoing cybersecurity success.
Andy Pashby, CEO of Landmark Builders, explains, “As attackers get smarter, so must our defenses. We can't afford to take a wait-and-see approach.
“Using a trusted security partner allows us to just focus on revenue-generating activities instead of worrying about the latest cybersecurity threat. While there aren't any silver-bullet solutions that will completely eradicate any and all cyberthreats, I feel better knowing we have a multi-layered approach to security if things do go wrong.”
A proactive approach to security enables enterprises to more readily adapt to the changing threat landscape and initiate rapid incident response measures to halt breaches before they can expose sensitive data - or better, before they gain access at all.