Does effective cyber security protection and GDPR compliance mean that existing solutions will need replacing?That depends on what you have deployed and how you have configured it. The changing nature of the cyber security threat does call for an agile and adaptable protection approach that will increasingly make use of automation and machine learning. In addition, the requires of GDPR call for an effective cyber security regime that protects data effectively and has monitoring and detection systems in place. A comprehensive approach requires multiple layers of protection not just to address the different types and areas of threats but also to provide an element of redundancy. Threats that may not have been picked up by say your endpoint protection solution may be detected by your network layer security solution for example. Research has indicated that most deployed security products only 10% of their features enabled and correctly configured. While some features just may not be relevant for a particular deployment, the main reasons why many businesses just don’t switch these features on include;
- Difficulty configuring the features
- Lack of adequate skill set
- Concerns it will slow down performance
- Don’t understand how the features will benefit them
1. Turn on Intrusion Protection Systems (IPS)By default, your NGFW may have intrusion detection enabled (IDS) but given that most people don’t understand the alerts even if they are monitoring them, it’s worth automating the protection by enabling IPS. You can implement a IPS to block attacks such as worms, virus and downloadable exploits/attachments.
2. Enable network-based anti-virus protectionThe feature will use deep packet inspection to identify threats. This is particularly useful to have a second bite at stopping threats not picked up by endpoint security. Also, some devices such as IoT types devices may be more vulnerable to such an attack but are unable to run anti-virus software.
3. Enable Malware protectionMalware may not be blocked by other technologies such as IPS or AV and therefore a good anti-malware engine must be deployed to help in the fight against this principal threat. Next Generation Firewall malware protection features can include indications of compromise based on event correlation, site reputation and sandboxing reports.
4. Use security intelligence feedsThis feature enables integration of near real-time global intelligence feeds to identify and block bad domains and emerging malware sites before they cause damage
5. Enable SandboxingSandboxing is a useful tool in identifying and preventing attacks, it provides the ability to run and analyse executable code in an isolated environment. The results can be fed back to the NGFW to block or allow a file
6. User and Application ControlCompliance regulations mandate auditing capability that logs who, what, when users are accessing systems. You can configure a Next Generation Firewall to log and control what your users are doing and when they are allowed to. Importantly it can also manage and minimise the impact of non-productivity applications such as Netflix during business hours.
7. Web Filtering and ProtectionBlocks individual sites or categories that are either suspect or have no business relevance e.g. adult content, job portals etc. Suspect sites are also commonly used to inject malware onto unsuspecting visitors.
8. Segmentation of the networkSegment your internal networks into logical groups and protect each segment via an interface on your Next Generation Firewall. That way you will protect against lateral spread if a virus/malware gets in.
9. Log everythingA logging solution should be in place and logs from all critical assets sent to the logging solution. This will provide an invaluable tool for any future analysis especially when a breach occurs If you are not utilising the above capabilities it will leave you susceptible to threats that could otherwise have been mitigated. Make sure your security team is familiar with Next Generation Firewall capabilities and take full advantage of the available features to ensure your network is protected against the full spectrum of threats. Get more bang for your NGFW buck.
Free eBook: A View of the Cybercrime Threat Landscape
$2,235,018 per yearThe average amount SMBs spent in the aftermath of a cyber attack or data breach due to damage or theft of IT assets and disruption to normal operations. The amount is staggering, and enough to jeopardize the viability of many companies. Yet the business benefits that come with the internet, Cloud computing and other applications are impossible to forego and remain competitive. That’s why business owners and executives are asking one question:
- Is our internet safe?