Layered Security: Protecting the Big Three Attack Vectors
Combating today’s most prevalent online threats requires a layered security architecture—one that is equipped to counter potential attacks at all possible levels of vulnerability. Typically, that means implementing a security solution that provides advanced protection at each of these three areas of concern:
- Email: This is the No. 1 threat vector for malware, and phishing attacks (delivered via email) are the No. 1 attack vector for ransomware.
- Network: Attacks at the network level generally include DDoS (Distributed Denial of Service) attempts and other infiltrating malware designed to corrupt systems or render them inoperable.
- Endpoints: Would-be attackers love to exploit any potential endpoint vulnerability via malware, bots, viruses, spyware and more.
Below, we’ve outlined which features to look for in a security solution to ensure you’re protected at all of these levels.
Because it is such a common point of attack, with constantly changing threats, email must be secured comprehensively. Choose a solution that provides protection against known and emerging threats based on rules, definitions and heuristics. This includes identification of emails with viruses or malware, spam, bulk mail, phishing and spoofing.
Also, consider a product that focuses heavily on attachment defense. You want the ability to disposition messages depending on type, size and number of attachments—including the option to delete an attachment while keeping the email message.
Finally, look for a solution with detailed reporting capabilities, so you can easily display aggregate threats detected by domain, top senders and recipients.
As today’s threat landscape grows increasingly sophisticated, your network security solution should be able to keep pace with modern components like AI (artificial intelligence) and ML (machine learning). Technologies like these make it easier for administrators to quickly scour metadata traffic patterns for traces of known threats. Machine learning can also leverage raw network data to create user and device profiles, and then monitor those profiles for anomalous behavior.
At the same time, the proliferation of IoT and mobile computing have created challenges around the context and visibility of potentially rogue devices on a company’s infrastructure. Look to control these elements through a strong network security architecture featuring data loss prevention (DLP), network access control (NAC), and a threat-focused, next-generation firewall.
Many years ago, at the dawn of endpoint security, it wasn’t uncommon for an anti-virus solution to be the last and only line of defense against common threats like Trojans and spyware. However, given today’s advanced malware proliferation—along with the rise of bitcoin and ransomware, ransomware as a service and fileless malware—no endpoint security product can or should be relied on solely to protect a company’s most valuable infrastructure.
When considering an endpoint security product, look for features like content filtering, bad URL blocking, powerful heuristics and sandboxing technology. Take the time to explore “under the hood” of a potential solution to determine who developed its engine. Is the product made in-house? Or is it an OEM engine from a competitor? Typically, an endpoint engine developed in-house indicates a company willing to invest in development resources—in other words, not some fly-by-night vendor.
The most important function of an IT security professional is to protect the company’s assets and infrastructure from harm and malicious intent. Email, network and endpoint security is much like a three-legged stool: Remove one leg, and you will compromise the integrity of the entire stool. If you address all of these three common attack vectors, therefore, you’ll keep your security posture balanced, ensure better protection overall and achieve lasting peace of mind.
This guest blog is part of a Channel Futures sponsorship.