Ah, the good old days, when perimeter defenses and endpoint security software was all you needed to keep your network secure. Was it ever really that simple? Probably not, but many business owners and IT professionals are still hoping that keeping the firewall and antivirus updated is enough.
Over 90% of exploits start as an email in somebody’s inbox. According to NSS Labs, 97% of all breaches are enabled by a few hundred exploit kits.
What this means is that most exploits begin inside the network, behind our perimeter defenses, and most of them work well, and are set up to avoid detection by the computer user or removal by anti-malware products. So what do we need to do to protect our networks and defeat these threats?
According to a recent article in TechRepublic, current defense strategies must include:
- Encrypt Everything – If your data has value to your company, then you should be encrypting it.
- Establish Access Controls – To keep your data out of the hands of unauthorized users
- Use Two Factor Authentication – To make it harder (or impossible) for an intruder to access information with simply a stolen password.
- Monitor Account Activity – Keep track of authorized accounts to make sure one hasn’t been compromised.
- Monitor Internal Activity – Use a SIEM (security information and event management) device to read and analyse your logs and network traffic to recognize threat patterns inside your network.
As custodians of data, we need to turn our focus inward and pay more attention to what is happening inside the perimeter, on the LAN, if we are going to maintain information security. There are some effective tools available to help with this task. AlienVault is one of the solutions that I am most familiar with, and would be a good place to start. If you want to roll your own using free and open source tools, Snort, Bro-IDS, and Suricata are worth a look. But do something, before you suffer the effects of a breach.Share