Gone are the days when the simple Anti-Virus program (AV) that came with your PC was enough to protect the hosts on your corporate network. Applications use a vast array of services, users are more powerful than ever, and malware designers have gotten smarter. So, how can you protect your company from being the next Sony or Target?
Defense-in-Depth.
This is the key element that gets overlooked when IT teams and managers roll out systems. An AV and a firewall have been proven that alone, they are not enough. No AV is perfect, and no firewall can always intercept the numerous ways users can get malware on their machines or servers have processes exploited. Now security teams need to have a more comprehensive set of defenses to keep your environment safe.
This starts with protecting the ingress sources of malware, namely the internet and email. Have a strong whitelist firewall rule set that monitors connections, and employ an advanced anti-spam solution that can prevent phishing attacks carrying malware attachments. Don’t forget to block foreign devices, like unapproved USBs, on your network with hardware blocks. Protect your servers with a Web Application Firewall and always make sure every application and database sanitizes inputs.
Next step is to protect and monitor the network. Implement an Intrusion Detection System (IDS) and/or a Security Incidents and Events Manager (SIEM). These devices can monitor any malware that slips in and begins actively sending messages, and they can also show the network health and how to reduce the traffic load. Besides these, be sure to implement the best networking practices and DMZ configurations.
After that, it is time to protect the host. As always a robust AV can help a system, especially ones that can monitor file integrity. System and Server backups can help to significantly reduce recovery times, but be sure to make it secure, as some malware has been known to look for and corrupt backups. Training users and employees is always an important practice to protect the systems.
While this is not a comprehensive list, it is a good start for those looking to fully secure their network. If you have any questions on how you can protect your company, feel free to contact us here at LIFARS.
