Threats evade traditional security barriers
On-premises technology becomes overwhelmed by high-volume attacks quickly. Once online traffic arrives in high-volume, it needs management; otherwise, the battle is lost before the appliance can filter it. Due to this type of equipment's limitations, a multi-layered defense is recommended, which usually involves blocking the traffic within the cloud before it reaches the systems.
The protection you currently have in place may be provided by on-premises hardware. However, considering how the threat landscape is changing, we see the need for an additional defense layer, which the cloud offers, capable of scaling to address the most massive attacks.
Companies that lack multi-layer protection can suffer costly damage from attacks that penetrate their perimeter without detection. IT decision-makers are aware of this and are increasingly showing a lack of confidence in the current prevention and mitigation of malicious activities.
According to IDG Research, only 30% are confident their IT can block malicious activities; only 17% are optimistic that the organization can accurately predict gaps in the IT infrastructure. Only 19% are satisfied with the IT's detection capabilities.
The basic premise of multi-layered security is that no network security solution is 100% effective. This applies to any technology because every solution will have different strengths and weaknesses.
Enter multi-layered security
The best approach to IT security is to layer multiple, best-of-breed technologies on top of each other. This approach delivers various defense layers, which have different strengths and weaknesses, making it harder for cybercriminals to reach the data.
"Multiple layers of defense is the concept of having your data or infrastructure in the middle, with rings of security protection around them."
A multi-layer strategy delivers what today's threat environment demands. A spam filter can prevent emails with suspicious attachments from reaching users in the first place. A web filter can keep users away from websites contaminated with exploits. You might have these filters, but if those layers fail - and in some cases, they will - you need to have an anti-malware to check the code and the executables and potentially put them in a sandbox and detonate them to see what their behavior is.
Notice, multiple defense layers built upon the same underlying technology or hardware might put you back at risk. You don't obtain multi-layered defense because the layers will have the same strengths and weaknesses.
Proper multi-layered security is the industry-accepted approach, which means a severe consideration of best-of-breed cloud-based technology.
Effective defense measures
It is essential to understand the security layers are not distinct and isolated layers of security, but layers which integrate, intersect, and mutually enforce one another. To apply and integrate a new layer serve to improve, and further bolster the underlying layers.
Identity and Access Management: Controls the use of data and protects its circulation. It identifies who has the right to access the systems and data (across devices) – often with features as single sign-on and multi-factor authentication.
Data Loss Prevention: The means to identify and prevent unwanted leak or loss of data, blocking or placing content in quarantine to further protect or improve.
Classification & Secure Archiving: Marking and secure storing of confidential or sensitive data, as a customer and transactional data, provide compliance with regulation and company policies and is often a feature of data loss prevention tools.
File Encryption: The encryption of sensitive data before leaving the network without impeding its functionality.
Secure File Sharing: User-driven collaboration and third-party file sharing, supporting synchronization, and distribution.
Network Monitoring & Analysis: By applying an analysis engine in combination with sensors throughout a network, IT can evaluate suspicious objects, identify concealed threats that have already penetrated, and maintain a real-time view of incoming threats. The analysis can layout vulnerabilities, diagnose, and create a roadmap for bolstering network protection.
Next-Gen Firewalling: Intelligent differentiation between valid and compromised traffic and protection against known and unknown threats such as malware with intrusion prevention, application and user visibility, SSL inspection, DNS, and web filtering.
Sandboxing: Sophisticated malware bypassing traditional security is caught and detonated in a controlled and isolated environment for analysis and increased threat protection.
Patch Management: Strong system configuration and patch management capabilities help eliminate vulnerabilities quickly and maintain tight control over software throughout the network.
VPN: Encryption of data passage to and from outside the network.
Threat Detection: To spot suspicious activities or objects engineered for invisibility, security administrators should leverage threat detection. Threats are isolated and studied, and integrated solutions can automate rollback to reverse any damage to systems or data.
Threat Analysis: Anomalies and suspicious behavior is analyzed to improve prediction and identification of threats for mitigation. Context visualization helps avoid false positives.
Threat Protection: Algorithms to provide automated analysis of traffic worldwide to discern between malicious and non-malicious files. Machine learning supports threat intelligence within a network by detecting suspicious activity, even if that particular exploit is unknown.
Backup & Recovery: If a malicious object such as ransomware succeeds in executing, administrators also need malware rollback capabilities to keep systems and data intact. Backup encryption should be an inherent feature.
Endpoint Protection: Endpoints are secure when IT has firm control over devices, applications and enforces data policies for removable media and devices. A remote control can remedy theft and loss of mobile devices.
Web Protection: By securing mail and internet gateways, IT can automatically detect malware, isolate threats, and keep users off watering hole sites. SSL certificates are a popular feature preventing the interception of sensitive information from company websites.
Email Protection: Both in and outgoing protection prevent other than the designated receiver from accessing contents with features such as anti-spam, anti-phishing, and anti-malware.
Many organizations' traditional security tools may be useful within their reach, but there are gaps in most defense strategies that leave networks exposed to today's threats. To keep an organization protected from risks, IT leaders must deploy a multi-layer security solution that combines prevention, detection, and remediation in one manageable solution.
Kenneth Demskov is IT security specialist with 25 years of experience from the IT world and has worked with server-, network-, and database operations distributed across a broad spectrum of operating systems, database technologies and types of networking equipment. Certified in Fortinet and Microsoft focusing on design and delivery of security solutions to Danish organizations, Kenneth is specialized within network and endpoint security, advising companies on a daily basis how to secure the right data protection under de-centralized and fragmented security challenges.