What is your Security Plan? (Part 2 of 4)
When’s the last time you took a step back and took an honest look at what you and your organization were doing to address IT security? In the first of this four-part series we discussed a few things you should be concentrating on regarding email security and training your end users to know what is and what is not a phishing attempt, while also keeping your machines fully patched. In the second part of the series we will focus on Next Generation Firewalls (NGFW), Web Application Firewalls (WAF), and Denial of Service (DoS).
The firewall(s) in your environment(s) are the first line of defense. What does this mean?
In this brief explanation I am going to use the example of how security at an international airport has evolved over the years, as it is not that different than what has happened with firewalls in IT security. Years ago, when you arrived at the airport to check in for an international flight you would have to show your passport along with your ticket to get through security. This is similar to a basic stateful packet inspection firewall. Today, when you are provided your ticket or you open up the mobile app for your airline, you are issued a bar code that is required to be scanned at security. When your ticket or mobile application is scanned by the security personnel there are multiple checks that are going on in the background to make sure that you are approved to proceed through security, and of course they are confirming that this information matches what is on your passport. The checks that are going on in the background equate to the advanced NGFW features that you get in many modern firewalls, like Fortinet, today. Some of the things that are able to be done with Next Generation Firewalls are listed below:
- Stateful Firewall
- Intrusion Prevention
- Application Control
- User/Device Identity & Authentication
- Web Filtering
- IP Reputation
- SSL Inspection
- IPsec/SSL VPN
One area that we should highlight is SSL inspection. NSS Labs is predicting that 75% of all web traffic will be encrypted by 2019. You may ask, “why does this matter to me?”. It matters because the SSL encryption makes it more difficult to know what is happening in your environment. Having a NGFW that can let you see the encrypted traffic is something that you should have high on your Security Plan list. The good, bad, and ugly are happening on encrypted channels so why would you not want to be able to see what is happening.
The next matter we are going to showcase is Web Application Firewalls (WAF). If you are unaware of what a WAF is, think of it as a firewall that is specifically built to protect your critical HTTP web applications. WAFs can protect your applications from sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, and cookie poisoning. Many of the WAFs accomplish this by looking at IP reputation, web application attack signatures, credential stuffing defenses, anti-virus, and utilizing Sandbox technologies to inspect files that may be uploaded to your applications.
The last area we are going to bring attention to is Denial of Service(DoS) and Distributed Denial of Service(DDoS). If you have any critical infrastructure you are hosting you need to make sure that you have a DoS mitigation plan in place. The speed and bandwidth that these attacks are consuming is beyond what any single human can keep up with. A recent memcached DDoS attack was recorded at 1.7Tbps which is a staggering amount of bandwidth. If you take a step back and look at the bandwidth in your data center in most cases you probably do not have more than 1Gbps. So, if you were to get hit with a DDoS attack at 1.7Tbps your applications will be offline until the DDoS attack was over. Using a DDoS mitigation service allows you to offload the DDoS traffic and lean on experts to assist in shutting down the DDoS attempt on your environment.
The IT security landscape is rapidly changing and Thrive can help you navigate the enormous number of options available today. Please contact us for more information on updating your Security Plan. Be sure to check back for Part 3 of this series where we will dig into how to incorporate Endpoint Protection into your Security Plan.
Thrive has solutions to address your particular business requirements as every situation is unique and our engineers can help to architect the correct solution for your business. Contact Us today to learn more and discuss how we can help your company with your Cyber Security and Disaster Recovery initiatives!