With the ongoing pandemic serving as the catalyst for more frequent and sophisticated cyberattacks, the World Economic Forum predicts cybercrime will rank among the greatest global threats of the next decade. Meanwhile, researchers with Cybersecurity Ventures predict that cybercrime will cost the global economy more than $6 trillion this year.
Without question, widespread remote work practices have contributed to the increased risk. Home offices simply aren’t as controlled and secure as company headquarters, and employees often use unsecure apps and personal devices while trying to get their jobs done.
No single security solution can provide complete protection for today’s distributed workforces. Different threats require different security measures, which is why organizations must employ a multi-layered defense featuring a variety of security controls at every potential point of vulnerability.
Here are four key solutions that should be part of any organization’s layered defense:
Next-Generation Firewalls (NGFWs)
Along with traditional firewall capabilities such as packet filtering, network address translation and URL blocking, NGFWs integrate more robust features such as intrusion prevention, Secure Socket Layer (SSL) and Secure Shell (SSH) inspection, deep-packet inspection and reputation-based malware detection.
Most important, NGFWs are application-aware, meaning they can distinguish one application from another and enforce granular security policies at the application layer. With the ability to understand details of web application traffic passing through, the NGFW can make smarter blocking decisions based upon very specific criteria.
Antivirus and Antimalware
Antivirus and antimalware solutions work well in tandem to protect against malicious software. Antivirus scans file signatures to detect known exploits, while antimalware tools look for anomalies that indicated more advanced threats such as zero-day malware, which analysts say carried more than 70 percent of all attacks in 2020.
These basic protections have been among the most overlooked during the transition to remote work. According to one recent survey, 68 percent of organizations reported they have not required or encouraged remote employees to use antivirus or antimalware solutions on their endpoint devices.
In the first months of the pandemic, security analysts reported a 6,000 percent increase in spam email designed to lure recipients into a variety of fraudulent schemes or trick them into exposing sensitive information. According to one report, three-quarters of these emails contained infostealers — a type of malware that steals sensitive information such as passwords or other credentials from an infected system.
Spam blockers use a variety of Bayesian and similar heuristic filters to identify spam and block it from ever reaching users’ inboxes, dramatically reducing the risk of malware infection. In recent years, spam filters based on machine learning algorithms have proven increasingly effective in dealing with junk email.
Not all web content is safe to browse, and even security-conscious employees can accidentally visit an unsafe website that contains malicious code. Content filtering solutions can identify malware signatures and block malicious content. They can also enforce access policies on remote and mobile devices that are used outside the network.
Filtering solutions typically cross-reference web address requests against dynamic databases of URLs, IP addresses or even character strings. The database then produces a real-time “safety score,” which your firewall compares to your local policy setting in order to either allow or deny access.
The Value of UTM
Instead of implementing these solutions as individual elements of a layered security environment, it can be more efficient to deploy a unified threat management (UTM) solution that consolidates multiple security functions in a single appliance. We’ll take a closer look at UTM solutions in our next post.