Joshua Alcock, Fortinet senior systems engineer, outlines the five critical components to advanced threat protection.
Every day your clients read about hackers breaking into supposedly secure networks, snoopers lurking around web sites looking for windows of vulnerability and phishers tricking unsuspecting staff into revealing log-in IDs and passwords.
The spotlight is burning brightly on internet and network security. Your clients, now more than ever, need good, solid advice on what they should be doing to harden their defences against intruders of all shapes, sizes and origins.
No other IT market moves as fast as network security. There is literally no way to stay ahead of the game. Even the US National Security Agency - the people who put PRISM on fibre optic cables to monitor threat levels - got hacked. The best you can do for your clients is help them set up an advanced threat protection framework, develop a set of procedures and ensure that they keep their systems up-to-date.
There are five critical components to advanced threat protection:
• Access control
• Threat prevention
• Threat detection
• Incident response
• Continuous monitoring
These components, working in concert and kept current, can go a long way in protecting your clients networks, data and reputations.
Access control reduces the attack surface by forcing all users and traffic through established inspection points running appropriate threat prevention and detection technologies.
Solutions include layer 2/3 firewalls, patch management and two-factor authentication. Keep in mind that these technologies are less effective when deployed in silos. A security-centric infrastructure with a hardened OS provides pervasive security.
Threat prevention stops malware before it enters the network. Most attacks utilise modified versions of known malware to bypass content-oriented inspection. Threat prevention technologies - such as intrusion prevention, application control, web/email filtering and antivirus/spam - keep the windows and doors shut. Proactive solutions, typically subscription-based services, can identify and stop
If your clients do detect a threat - or even suspect their perimeters have been breached - they need to take immediate action. For instance, IT managers can ‘sandbox’ or run objects in a contained environment, to isolate threats. Similarly, botnet detection uncovers communication patterns indicating botnet activity.
If a security event occurs, incident response actions kick in to validate and contain the threat. All components, including those deployed for detection and prevention, need to work in
concert for fast response and corrective action.
Containment and response leads into continuous monitoring for ongoing assessments and audits. These activities identify and specify the effectiveness of an organisation’s security, the state of security amongst their peers and the continued evolution in the threat landscape.
If you can provide these five components inside a homogeneous security-centric framework, you’ll be going a long way to helping your clients keep their data safe and their reputations intact. Not to mention that you’ll be their preferred security supplier for the foreseeable future.
By Joshua Alcock, Fortinet senior systems engineer.