That depends on what you have deployed and how you have configured it. The changing nature of the cyber security threat does call for an agile and adaptable protection approach that will increasingly make use of automation and machine learning. In addition, the requires of GDPR call for an effective cyber security regime that protects data effectively and has monitoring and detection systems in place.
A comprehensive approach requires multiple layers of protection not just to address the different types and areas of threats but also to provide an element of redundancy. Threats that may not have been picked up by say your endpoint protection solution may be detected by your network layer security solution for example. Research has indicated that most deployed security products only 10% of their features enabled and correctly configured.
While some features just may not be relevant for a particular deployment, the main reasons why many businesses just don’t switch these features on include;
It’s worth flipping the conversation on its head and viewing things in terms of the benefits, which once they are clear enough, turning on the required features becomes a no brainer. We are overwhelmed with all kind of statistics about the cost of cyber attacks – one startling one is a US government indicates that 75% of small business suffer a cyber breach, while the cost of the average cyber attack is over $1m. So, there are massive benefits to getting security right in terms of avoiding reputational damage and worst still sever financial costs or potential fines.
Going back to the original question – do you need to replace the solutions already deployed. First, you need to look at what you have, how its configured and how much more you can do with it.
A good area to start with is your firewall, if you have a well-featured Next Generation Firewall (NGFW) in place, you just need to make sure it is configured for maximum protection. Here are some of the features you need to enable to make it close to 90% effective – if you don’t enable them it would be analogous to having keys to all your business premises doors and windows but leaving all but a few ajar.
By default, your NGFW may have intrusion detection enabled (IDS) but given that most people don’t understand the alerts even if they are monitoring them, it’s worth automating the protection by enabling IPS. You can implement a IPS to block attacks such as worms, virus and downloadable exploits/attachments.
The feature will use deep packet inspection to identify threats. This is particularly useful to have a second bite at stopping threats not picked up by endpoint security. Also, some devices such as IoT types devices may be more vulnerable to such an attack but are unable to run anti-virus software.
Malware may not be blocked by other technologies such as IPS or AV and therefore a good anti-malware engine must be deployed to help in the fight against this principal threat. Next Generation Firewall malware protection features can include indications of compromise based on event correlation, site reputation and sandboxing reports.
This feature enables integration of near real-time global intelligence feeds to identify and block bad domains and emerging malware sites before they cause damage
Sandboxing is a useful tool in identifying and preventing attacks, it provides the ability to run and analyse executable code in an isolated environment. The results can be fed back to the NGFW to block or allow a file
Compliance regulations mandate auditing capability that logs who, what, when users are accessing systems. You can configure a Next Generation Firewall to log and control what your users are doing and when they are allowed to. Importantly it can also manage and minimise the impact of non-productivity applications such as Netflix during business hours.
Blocks individual sites or categories that are either suspect or have no business relevance e.g. adult content, job portals etc. Suspect sites are also commonly used to inject malware onto unsuspecting visitors.
Segment your internal networks into logical groups and protect each segment via an interface on your Next Generation Firewall. That way you will protect against lateral spread if a virus/malware gets in.
A logging solution should be in place and logs from all critical assets sent to the logging solution. This will provide an invaluable tool for any future analysis especially when a breach occurs
If you are not utilising the above capabilities it will leave you susceptible to threats that could otherwise have been mitigated. Make sure your security team is familiar with Next Generation Firewall capabilities and take full advantage of the available features to ensure your network is protected against the full spectrum of threats. Get more bang for your NGFW buck.
$2,235,018 per year
The average amount SMBs spent in the aftermath of a
cyber attack or data breach due to damage or theft of IT
assets and disruption to normal operations.
The amount is staggering, and enough to jeopardize the viability of
many companies. Yet the business benefits that come with the internet,
Cloud computing and other applications are impossible to forego
and remain competitive.
That’s why business owners and executives are asking one question:
If your service provider can’t demonstrate how it is making you
company less likely to become a victim of cybercrime, then it is time
to consider alternatives.
In this eBook, we’ll outline what companies are up against
today, and how Cisco Umbrella can help bring you peace of mind.