Tue, January 24, 2017

Best Ways to Enhance your Network Security

Network Security, Threat Protection, ITAlthough network security has always been a top priority for businesses, in recent years this has escalated to a necessity. New threats are constantly emerging, and compromising business data. There are now additional measures that should be taken above and beyond the standard network security infrastructure. In fact, some industries are now requiring specific enhanced security conditions to meet compliance standards.

Below are 7 ways to enhance your organization’s network security, to prevent unwanted viruses, malware, and suspicious activity.

Managed Anti-Virus

The foundation of a secure network, however trivial it may seem, is for a business class anti-virus to be installed on servers, desktops, and laptops. Some organizations may have users with different versions of anti-virus, trial versions, or not have anti-virus at all. This makes central management of users and servers very difficult, which leaves room for threats to occur.

Specifically for Centrality’s AV Defender, daily checks are made to verify that the device is receiving updates and ensure that there are no reported infections. In the background, a daily quick scan is run to determine if there are any issues on either the drive or in the registry.  In addition, alerts are configured so that our Operations Center is alerted to any events requiring intervention. Once a week, a full scan of each workstation is also run to analyze the hard drive and registry settings. Central management allows for tasks to be completed proactively, instead of reactively.

Mobile Threat Management

BYOD (Bring Your Own Device) has become increasingly prominent part of today’s workforce. Mobile apps are creating new and efficient workflows for employees. Seamless access to work data, emails and content is growing in parallel, enhancing the productivity gains from these trends.

As a result of the popularity and speed at which mobile devices have become a mainstay of SMBs, mobile devices have become the next target for malware. Corporate data is especially vulnerable to rogue apps and malicious websites.

IBM’s MaaS360 Mobile Threat Management detects, analyzes and remediates mobile risks. This includes malware, suspicious system configurations and compromised devices, delivering a new layer of security for Enterprise Mobility Management.

Intrusion Protection & Intrusion Detection Systems

Also known as IPS/IDS, this service is now commonly an add-on feature to the newer firewall configurations. For instance, the Cisco ASA 5506 with FirePower or the Barracuda NG Firewall.

According to Barracuda, Intrusion Detection and Intrusion Protection Services (IDS/IPS) strongly enhance network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases. For example:

  • SQL injections and arbitrary code executions
  • Access control attempts and privilege escalations
  • Cross-Site Scripting and buffer overflows
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Directory traversal and probing and scanning attempts
  • Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

Advanced Threat Detection

With advanced malware toolkits easily purchased online, this means that essentially any organization is susceptible to an attack. Many times, malware that enters a corporate network from an email or web download is undetected by AV, especially if it is a zero day threat. Although signature-based antivirus is still important, over the past few years a new class of malware has emerged that bypasses traditional AV. These are called Advanced Persistent Threats – once installed, it continuously hides its tracks.

Advanced Threat Detection (ATD) is the second line of defense to prevent malware from compromising your corporate data. ATD analyzes what the file being downloaded actually does once it is executed, using a method called sandboxing. Although some vendors have a separate ATD solution, others (like Cisco and Barracuda) have this incorporated as an add-on subscription for firewalls.

Add a Web Filtering Device

Implementing a web filtering device or service allows IT administrators to create and enforce effective internet content and access policies. For instance, restricting social media sites, chat forums, gaming applications, or other known harmful websites. Some web filtering devices, like the Barracuda NG Firewall, have the ability to provide a granular report on individual user activity or application for advanced monitoring.

Overall this type of solution protects user productivity, blocks malware downloads and other web-based threats. It also enables compliance by blocking access to unwanted websites and servers. Thus, providing an important additional layer of security alongside application control.

Spam & Virus Protection

Spam filtering services provide an added level of network security, especially since email is a targeted data intrusion method for hackers. Emails are assigned a Spam Confidence Level. This determines if the email is routed to the Junk folder or the inbox. This not only prevents a deluge of spam emails from flooding your inbox, but also from any emails that may pose a threat if opened or clicked.

For Microsoft Office 365 email subscribers, this is included in the monthly licensing cost. Spam filtering and virus protection are automatically enabled on all inbound and outbound email messages by Microsoft Exchange Online Protection (EOP). However, if your organization has an on-premise Exchange server, a subscription like Symantec’s Mail Security for Exchange is a recommended option.

User Education

This is arguably the most important prevention method. Making your user community aware to follow a few best practices to minimize potential threats. One of the most common ways a virus or ransomware attack begins is by a user clicking an email from an unknown sender. If there is any doubt about the validity of the source of an email, instruct your users to contact the IT system administrator before opening any attachments or clicking a link.

Share this post from Centrality