Cyber security starts at the firewall, creating barriers between internal networks and external networks to control and funnel traffic, preventing any “wildfires” spreading from one area of your system to another.
But as technology evolves so does application usage and user behaviour, creating a need for more complex network infrastructures which in turn brings greater security risks. It’s simply not enough purely having a firewall in place, it must be the correct firewall for your needs and correctly configured with efficient rules and policies to manage and control your network traffic effectively.
An effective firewall provides you with the necessary visibility across your network traffic to control and protect your applications, users and content everywhere.
Firewalls are not just essential from a network perspective but also for maintaining consistent security of your public cloud environment which operates on the “Shared Responsibility Model”.
Cloud vendors such as AWS, Azure and Google only take responsibility for protecting the infrastructure (hardware/software/networking/facilities) that run their services and not your data or applications. Using the same brand of enterprise-class firewall across your cloud and network infrastructure removes reliance on the native firewalls provided. Employing a consistent firewall across your cloud and on-premise environments ensures you are benefiting from a coherent security policy and are even more secure.
Types of Firewall:
- Unified Threat Management Firewalls incorporate functions of an antivirus, intrusion prevention and stateful inspection firewall.
- Next-Generation Firewalls have the ability to stand up against modern cyber threats such as advanced malware and application layer attacks.
- Threat-Focused Next-Generation Firewalls incorporate functionalities of the traditional NGFW along with advanced threat detection and remediation capabilities.
Key Features of NGFWs:
- Filtering traffic and creating targeted security policies to allow safe access to relevant applications (including SaaS applications)
- Preventing attacks by limiting unwanted applications to reduce the attack surface
- Blocking known vulnerability exploits, viruses, spyware and unknown malware
- Protecting data centres through segmentation controls and high-speed threat prevention
- Enabling secure public and private cloud computing environments and maintaining consistent security policies for physical infrastructure as well as virtual machines
- Incorporating tools and resources that help you adopt industry best practices
The type of firewall you need and the level of security your organisation requires depends on your overall security policy.
Larger organisations inevitably need the ability to focus on preventing attacks that target the network, securing encrypted traffic using automating behavioural analytics to find and stop insider threats in the network.
To determine which firewall best suits your organisation and whether your existing firewall meets your security requirements we will ask:
- Are you reliant on a detect and response approach for cyberattacks?
- Does your firewall use a legacy, hash-based approach to detect modern threats?
- Can your security detect and prevent new threats targeted at macOS, Android, Linux, and Windows?
- Are you able to use native automation in your firewall management?
- How are you protecting your end users against phishing and sensitive data theft attacks?
- Have you invested in multiple products to achieve NGFW feature parity?
- Have you enabled SSL decryption on the firewall?
Valtec offers all our customers a free Security Assessment providing actionable intelligence around the traffic, applications, content and threats traversing your network.
We then provide you with a Security Assessment Report that includes recommendations on how to reduce your organisation’s overall risk exposure.
Having visibility of your network is the key step to protecting it from threats. Get in touch today to arrange your free Security Assessment.
The security threat landscape has expanded and cyber attacks have grown in volume and sophistication. Attackers now take advantage of technology and automation to create and launch new coordinated attacks targeted at end users.
Most attacks start by compromising an endpoint, meaning that firewall protection alone is not enough. An effective firewall will secure your virtual and cloud environments. But what about your servers and desktops? And what about users operating outside your network?
Endpoints represent soft targets for threat actors who can mount effective and targeted attacks at minimal cost to themselves.
However the average cost to an organisation of a successful endpoint attack is over $5 million on account of the loss of productivity, system downtime and information theft.
Gartner has predicted that by the end of 2020 endpoint devices will be the source of 99% of vulnerabilities exploited.
IT Security Teams need to ensure they have an effective endpoint-security strategy in place within their overall network security framework that can keep up with modern threats.
Zero-day malware can often bypass traditional security systems and antivirus solutions to exploit vulnerabilities in an organisation’s infrastructure.
Fileless attacks incorporate exploits, macros and other methods that don’t even require a user to download anything to activate them. These are much more likely to succeed than traditional file-based malware.
Endpoints are regularly removed from network boundaries and encrypted internet traffic can often circumvent basic SSL and SSH prevention capabilities.
Effective endpoint protection is secured via an advanced, multi-layered, multi-method, purpose-built malware and exploit prevention solution that protects all your endpoint devices from both known and unknown threats.
It is also important to ensure your endpoint security solutions protects all devices and operating systems, not just Windows-based PC laptops and desktops, but also Mac/IoS and Android devices which have come under increased attack as malicious actors develop specific threats to infiltrate them.
Previously endpoint protection primarily relied on a traditional signature-based antivirus solution installed on the device. However the effectiveness of this technology has diminished over time as operating systems, networks and applications evolved in complexity. As a result, legacy AV solutions alone are no longer effective in stopping modern advanced threats.
Fileless attacks do not have any signatures and do not install any new files on the system. There contain nothing for a traditional antivirus to scan or analyse. A fileless attack can easily circumvent static, disk-based detection allowing an attacker to exploit endpoints. The attacker can then use the trusted applications installed on the device to perform reconnaissance.
Endpoint Detection and Response (EDR)
EDR is a more advanced endpoint solution addressing the need for real-time endpoint monitoring with a focus on behavioural analytics and incident response. It can be managed from a centralised platform and provides complete visibility into every endpoint in the corporate infrastructure.
EDR uses machine learning and threat intelligence techniques for threat hunting, detection and incident response. Its main aim is to detect known and unknown threats by identifying and analysing incidents outside of the established trusted and tolerated corporate applications and environments.
The key benefit of an EDR solution is that it provides analysts within the IT Security team with information enabling them to fortify and thereby improve their security posture by mitigating the risk of future attacks. However this inevitably requires the organisation to have dedicated cybersecurity resources within the IT department to ensure the benefit and investment in the solution can be maximised.
EDR vs XDR
XDR is the next stage in next-generation endpoint protection … with the ‘X’ representing any data source. XDR considers that an organisation’s attack surface involves all enforcement points in the cybersecurity ecosystem: network, endpoint and cloud.
By providing visibility of data and activity across the entire security infrastructure (rather than just endpoints) XDR enables faster detection of threats thus enabling IT security teams to investigate and respond quicker.
Get in touch with us about determining the best endpoint solution for your organisation’s needs.