An effective and comprehensive security strategy must have several key components:
- Firewall: A crucial component of any security strategy, a firewall acts as a barrier between a private network and the public internet, controlling access to and from the network. Essentially, a firewall is a gatekeeper that monitors all incoming and outgoing traffic and decides what should be allowed to pass through. Stateful firewalls keep track of the state of network connections and only allow traffic that is part of an established connection. Application-based firewalls inspect traffic at the application layer and make decisions based on the specific application being used.
- Intrusion Prevention System (IPS): An IPS identifies and stops malicious traffic before it reaches the network. It works by examining network traffic and comparing it against a database of known threats, which is constantly updated. If the IPS detects a threat, it can take a variety of actions, such as blocking the traffic or alerting a security administrator. Some IPS systems can also learn from past attacks and adjust their security measures accordingly, making them more effective over time.
- DNS-layer security: Domain name servers (DNS) are at the heart of connecting every internet request. Securing the DNS layer means blocking malicious domains, IP addresses, and cloud applications before a connection is ever established. DNS is particularly effective against phishing attacks that use malicious links embedded in seemingly legitimate emails.
- Malware Protection: Anti-virus and anti-malware software help protect against viruses, malware, and other malicious software. They work by looking for malicious code or abnormal behaviour, and best practice demands that all end-points (servers, laptops, PCs, etc.) should be protected.
- Multi-Factor Authentication (MFA): MFA provides an additional layer of security beyond the traditional username and password login. It requires users to provide additional verification to access a system such as a fingerprint or one-time code generated by their mobile device. It helps to prevent unauthorised access to systems and data, even if a password is compromised, and makes it more difficult for employees to share login credentials or use weak passwords.
- SD-WAN: Software-Defined Wide Area Network (SD-WAN) is a network architecture that allows organisations to connect multiple locations securely over the internet. It provides a more flexible and cost-effective alternative to traditional WAN architectures, such as MPLS. SD-WAN is a more sophisticated evolution of the traditional Site-to-site Virtual Private Network (VPN).
- Secure Remote Access: Technologies that support flexible working strategies by enabling home-workers and roaming users to safely access your applications and resources from outside the corporate network, whilst being subject to the same safeguards and policies as office-based employees.
- SIEM: Security Information and Event Management (SIEM) systems collect and analyse security data from various sources, including firewalls, antivirus software, and IPS systems, allowing organisations to identify potential security threats and respond quickly to them.
The important takeaway is that no single technology can mitigate all threats, but by implementing these key components, organisations can create an effective and comprehensive security strategy that protects against a wide range of security threats.
How can we help
When looking at security projects we generally start with a GAP analysis. What does the customer have already? Is it up to date? Can it be upgraded? Is anyone monitoring logs and alerts? Where are the gaps? Then we devise an implementable, costed action plan. Are there any quick wins? For example, adding DNS-layer security is relatively quick and inexpensive.