5 tips for network security
This year has seen a ongoing rise in focused attacks and inside risks designed to grab private data. These days, any company that holds useful intellectual property can find itself in the crosshairs of a innovative attack.
“With the rising prevalence of APT and insider attacks, organizations must move beyond locking down the perimeter and arm their security professionals with the tools they need to hunt for attackers lurking inside the network,” said Tom Cross, director of security research at Lancope. “Government and enterprise IT organizations can no longer just sit back and hope that their security tools will block attacks while they sleep.”
Below you can read the 5 tips you can use for your network security:
1. Create a 0-day defense strategy. The advanced, targeted attacks that networks are seeing today cannot just be resolved simply by mitigating known vulnerabilities with technical controls like antivirus and IDS/IPS.
Recent research by Symantec discovered attacks involving 0-day vulnerabilities that proceeded for as long as 30 months before signature-based protections became available. If organizations want to detect these types of attacks, they must complement their signature-based systems with behavioral-based technology that can detect attacks when signatures are not available.
2. When trying to stop sophisticated attacks, focus on people and not just technology. The indices that lead to the detection of sophisticated attacks can be subtle. If security pros want to stay ahead of attackers, they must have a more active role, leveraging security tools and network event data to investigate incidents and gather intelligence. They should not completely rely on the tools to do all of the work of detecting and blocking attacks automatically.
3. Think outside the perimeter. While external controls at the network edge are valuable for detecting some types of attacks, today’s reality dictates a need for visibility into the internal network. Many of today’s threats do not even come into the network via the perimeter.
Instead, they originate from insiders or are carried through the front door on a USB drive or mobile device. It is prudent to assume that these days, some threats WILL bypass the perimeter, and the only way to detect and combat them is to obtain in-depth, internal network visibility.
4. Train your users. 2012 has been a flag year for password theft. Odds are high that at least a few of your employees have had their passwords to various web sites compromised in recent months. Some may be using those same, stolen passwords to access your network. End users are also targets of attacks like drive-by downloads and spear phishing.
Educating users on top security risks and the appropriate ways to avoid them can make a difference. Users who are on the lookout for suspicious emails may be the first to alert your security staff to sophisticated spear phishing campaigns that have evaded perimeter defenses.
5. Plan to protect an evolving infrastructure. As technologists continue to innovate, security unfortunately often takes a hit. This year, we have seen an explosion in trends including virtualization, cloud computing, BYOD (bring-your-own-device) and IPv6, which can all complicate network infrastructure (at least temporarily).
As organizations embrace these technologies, they should also be asking themselves how they will impact their risk posture. IT administrators need to determine if their current tools can protect against threats that could emerge from these innovations, and if not, quickly invest in tools that can.