A bird’s eye view of enterprise security: From reaction to prevention
The cybersecurity space has become incredibly convoluted - a simple organic search of “cybersecurity solutions” will generate approximately 28,500,000 results. The nature of cybersecurity makes it a constantly moving target, but the sheer number of tools and methods designed to combat the dizzying array of threats is enough to make any corporate leader’s head spin as they contemplate which technologies achieve what and which are worth the investment.
Enterprise organisations feel overwhelmed and ill-equipped to tackle today’s cyber threats. Executive decision makers need an objective overview of the tangled web of security technologies they may encounter and choose from. Let this serve as their guide and glossary.
Perimeter solutions keep intruders out of the enterprise. Firewalls serve as a start, but attacks have become increasingly sophisticated and therefore require heavier reinforcements. Distributed denial of service (DDoS) attacks are a common method for cybercriminals who seek to shut down a website or server by assailing it with multiple compromised “zombie” computers. A firewall isn’t capable of defending against these attacks, but a DDoS prevention solution will.
The positioning of assets behind a firewall demonstrates the use of an intrusion prevention solution (IPS). This technology not only examines network traffic flow for threats but also takes automated actions such as alerting administrators, blocking traffic from malicious sources and resetting the connection. If implemented correctly, an IPS system will thwart a DDoS attack and add an additional layer of network security.
Employees introduce the most risk to an organisation. Whether deliberately or, more often, unwittingly, employees who fail to practice good password hygiene grant cybercriminals access to secure systems, data and IP through stolen login credentials.
Multi-factor authentication and password managers are two services that can help employees fortify their login credentials. When instituted properly, they enable users to select stronger passwords (without having to keep track of them) and to input biometrics in place of passwords wherever possible. The problem with these remedies is that too few people use them across all accounts and devices at their workplace and at home. Thus, every time an employee logs into a secure account from a personal device without these technologies as a safety net, they introduce risk to the organisation.
Phishing is also a significant issue, which often leads to employees downloading malware via innocent-looking email attachments and links. Behaviour-based solutions vow to recognise and stop malware that attempts to evade antivirus protection, but they don’t always work because threat actors have adapted their tactics to bypass them.
One of the most typical security measures organisations take is to install anti-virus software. The key is ensuring software versions are always up-to-date with the latest virus protection signatures. Companies can also practice encryption by installing software that transforms plain-text passwords or other sensitive information into unreadable code. Beware, however: Most common encryption types, such as unsalted md5 and sha1, are quickly cracked by cybercriminals. Choosing stronger encryption like Bcrypt is highly recommended.
Data loss prevention (DLP) software assists network administrators in limiting and monitoring what employees may or may not transfer outside of the corporate network. Data loss may be as innocent as a lost thumb drive or as nefarious as ransomware. A DLP solution prevents data exfiltration and ensures sensitive data stays where it should.
Of all cybercrimes, account takeover (ATO) is one quickly rising in popularity. In fact, the most common breach type last year leveraged the use of stolen credentials. ATO prevention solutions constantly compare employee credentials against a database of exposed credentials and provides resolution if a match is found, typically locking the account until a new, uncompromised password is created. Although dependent on solid threat intelligence, ATO prevention ensures criminals cannot take over accounts to access sensitive data or infect exposed users with malware.
Companies are more recently trying to simplify network security by using unified threat management (UTM) systems that combine multiple security services. This approach consolidates disparate solutions for each security-related function, making it easier and often less expensive to manage. And when it comes to reactively addressing aforementioned ATO, many enterprises rely on scanners, scrapers and crawlers.
Artificial intelligence: Game changer or snake oil?
With the advent of AI and machine learning, many of the technologies discussed are wrapped together and made more efficient. As AI systems are deployed and used, they get smarter, faster and more reliable. And because these systems are designed to evolve, the enterprise is made more nimble and capable of staying ahead of emerging cybercriminal techniques.
For example, AI and machine learning-powered threat intelligence platforms are able to scan and monitor networks comprehensively, gather threats and produce actionable intel within seconds. Never before have enterprises enjoyed access to such rich data so quickly, data that informs proactive decisions. It is important to realise, however, that AI-powered solutions are only as good as the algorithms they utilise and those algorithms’ relevance to existing datasets.
Ultimately, there’s just no substitute for executives being knowledgeable about the types of solutions on the market for the constantly-expanding security landscape. Be thorough and be skeptical in selection. There is no single panacea for cybersecurity threats -- several perimeter, interior, preventative and reactive solutions work together to protect the organisation. A strategic combination effectively supercharged by AI will provide the most comprehensive protection, but understanding all the options that exist is half the battle.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Why improving endpoint security needs to be a primary enterprise goal in 2020
- » As user privacy and MDM become more incompatible – the new guide to BYOD vs company devices
- » It’s no longer time to think of ‘digital’ for manufacturing – it’s the new business as usual
- » Companies need to disclose their cybersecurity risk to attract investors, study finds
- » Using AI to secure the modern world – where enterprises are particularly vulnerable