Story image

Advanced threat protection: Now more than ever

03 Oct 14

Joshua Alcock, Fortinet senior systems engineer, outlines the five critical components to advanced threat protection.

Every day your clients read about hackers breaking into supposedly secure networks, snoopers lurking around web sites looking for windows of vulnerability and phishers tricking unsuspecting staff into revealing log-in IDs and passwords.

The spotlight is burning brightly on internet and network security. Your clients, now more than ever, need good, solid advice on what they should be doing to harden their defences against intruders of all shapes, sizes and origins.

No other IT market moves as fast as network security. There is literally no way to stay ahead of the game. Even the US National Security Agency - the people who put PRISM on fibre optic cables to monitor threat levels - got hacked. The best you can do for your clients is help them set up an advanced threat protection framework, develop a set of procedures and ensure that they keep their systems up-to-date.

There are five critical components to advanced threat protection:

• Access control
• Threat prevention
• Threat detection
• Incident response
• Continuous monitoring

These components, working in concert and kept current, can go a long way in protecting your clients networks, data and reputations.

In practice

Access control reduces the attack surface by forcing all users and traffic through established inspection points running appropriate threat prevention and detection technologies.

Solutions include layer 2/3 firewalls, patch management and two-factor authentication. Keep in mind that these technologies are less effective when deployed in silos. A security-centric infrastructure with a hardened OS provides pervasive security.

Threat prevention stops malware before it enters the network. Most attacks utilise modified versions of known malware to bypass content-oriented inspection. Threat prevention technologies - such as intrusion prevention, application control, web/email filtering and antivirus/spam - keep the windows and doors shut. Proactive solutions, typically subscription-based services, can identify and stop
most malware.

If your clients do detect a threat - or even suspect their perimeters have been breached - they need to take immediate action. For instance, IT managers can ‘sandbox’ or run objects in a contained environment, to isolate threats. Similarly, botnet detection uncovers communication patterns indicating botnet activity.

If a security event occurs, incident response actions kick in to validate and contain the threat. All components, including those deployed for detection and prevention, need to work in
concert for fast response and corrective action.

Containment and response leads into continuous monitoring for ongoing assessments and audits. These activities identify and specify the effectiveness of an organisation’s security, the state of security amongst their peers and the continued evolution in the threat landscape.

If you can provide these five components inside a homogeneous security-centric framework, you’ll be going a long way to helping your clients keep their data safe and their reputations intact. Not to mention that you’ll be their preferred security supplier for the foreseeable future.

By Joshua Alcock, Fortinet senior systems engineer.

Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.
Noel Leeming slapped with $200,000 fine for misrepresentation
“This prosecution related to multiple consumers in multiple locations. It was not isolated or ‘one off’ conduct.”
Review: Should you buy the Fitbit Charge 3?
If you are new the to the world of wearables you might be wondering if Fitbit’s new offering is a good first step. Maybe I can help with that.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
Avnet to boost AI/IoT solutions with acquisition
The acquisition of Softweb Solutions adds software and artificial intelligence to Avnet’s ecosystem and bolsters its IoT capabilities.