The holidays are upon us, and while it’s prime time for shopping… it’s also prime time for cyber adversaries. The target-rich environment of email offers, social selling and digital payments provides perfect cover for bad guys. 93% of attacks continue to originate through email… even with all the tools and training available. And it only takes one click to create a ransomware situation.
It’s easy to think of this as an individual issue; yet with companies more distributed than ever, and personal devices connecting to corporate networks–it’s a big deal for organizations as well. While hackers get more creative, tools continue to adapt–it is a leapfrog game where one is constantly trying to get out in front of the other.
Your users should never be the first line of defense. In the not-so-distant past, everyone was in a building. Employees could run over to an IT person and ask, “Is it safe to click on this?” We don’t have that dynamic anymore and the end user is fending for themselves more often. In this new normal, organizations need to develop a different framework that layers tools and systems + training to protect their environment– and users–from attacks. Every layer works independently yet cooperatively to draw down the threat potential.
The first layer of defense is ITA, Inbox Threat Analysis. This entails crawling every inbox to look for things that are malicious in nature, and then identify and block those anomalies from getting to the user to begin with. With this, you reduce the attack probability from 93% to 20%-40%. Layer two is DNS defense, which protects organizations from malicious websites, so any known bad site that might get through layer one is now caught and blocked at this layer.
However, no DNS solution is foolproof, because hackers now do direct-to-IP, which is where the third layer comes in: Endpoint Protection. This is a critical layer, yet a tricky one to maintain. Attacks must be stopped at the endpoint so it does not encrypt and spread. A lot of organizations today still use well-known antivirus solutions, which is like a puppy dog that wants to play with the intruder that breaks into your home. Antivirus solutions don’t offer adequate protection, but they look good and they check a box that says “I’ve got endpoint security.” We say definitively, antivirus is not enough. And even advanced endpoint solutions differ greatly. With attackers constantly finding new attack vectors, what is deemed a strong endpoint solution today might be quickly displaced. DataEndure is constantly evaluating competing technologies and changing out endpoint solutions on behalf of our customers when it is necessary.
The next layer of defense is missing in 99% of organizations: Network. By network, we mean Microsegmentation and Network Threat Detection. Organizations must be able to detect, contain and thwart an attack where it lands, and not give it the room to spread. A combination of segmentation, threat analysis, honey-potting, and deception technology is imperative. What has traditionally been a very complex undertaking, with the technology DataEndure has deployed, we can help get organizations up and running within 90 days, with up to 10 applications.
The fifth layer of defense is People. Some organizations have deployed a SIEM to help manage the alerts and noise created by all their security tools. Yet having a SIEM without a SOC is like having a guard tower without a guard. In a lot of cases, companies struggle with efficiently staffing the SIEM. But like the guard tower scenario–if the guard isn’t a constant presence and trained to know friend or foe, the castle is at risk. Similarly, organizations need a 24×7 presence from skilled analysts to bring all this intelligence together and know when and how to act.
At DataEndure, we frequently say “it’s all about time…” REDUCING the dwell time of bad actors, RESTRICTING the opportunity to do damage and ACCELERATING your time to security maturity.
If it’s time for you to evaluate where you are from a security perspective, we can help! And our complimentary security health check is a great place to start.