Ah, the good old days, when perimeter defenses and endpoint security software was all you needed to keep your network secure. Was it ever really that simple? Probably not, but many business owners and IT professionals are still hoping that keeping the firewall and antivirus updated is enough.
Over 90% of exploits start as an email in somebody’s inbox. According to NSS Labs, 97% of all breaches are enabled by a few hundred exploit kits.
What this means is that most exploits begin inside the network, behind our perimeter defenses, and most of them work well, and are set up to avoid detection by the computer user or removal by anti-malware products. So what do we need to do to protect our networks and defeat these threats?
According to a recent article in TechRepublic, current defense strategies must include:
- Encrypt Everything – If your data has value to your company, then you should be encrypting it.
- Establish Access Controls – To keep your data out of the hands of unauthorized users
- Use Two Factor Authentication – To make it harder (or impossible) for an intruder to access information with simply a stolen password.
- Monitor Account Activity – Keep track of authorized accounts to make sure one hasn’t been compromised.
- Monitor Internal Activity – Use a SIEM (security information and event management) device to read and analyse your logs and network traffic to recognize threat patterns inside your network.
As custodians of data, we need to turn our focus inward and pay more attention to what is happening inside the perimeter, on the LAN, if we are going to maintain information security. There are some effective tools available to help with this task. AlienVault is one of the solutions that I am most familiar with, and would be a good place to start. If you want to roll your own using free and open source tools, Snort, Bro-IDS, and Suricata are worth a look. But do something, before you suffer the effects of a breach.
ShareAPR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com