Threat Intelligence is the Smart Way to go for Layered Security
Intrusion doesn’t just happen at the edge of your network. With the latest malware exploits using http and https (SSL) to access and compromise desktops and servers, cyber threats are bypassing even the best firewalls and Intrusion Prevention Systems. Simply certifying that a security appliance is functioning well and all systems have the latest updates and security patches isn't enough to protect you and your business from today's malicious threats.
A comprehensive, layered security strategy is imperative to limit your exposure to data theft and destruction. This approach includes protecting your network with firewall and VPNs, intrusion prevention systems, endpoint security, application visibility, URL filtering, email security, access controls and device security. Although that sounds like an expensive and complex undertaking, there are comprehensive solutions that deliver the components necessary to protect your business across the entire threat continuum.
Today’s best security solutions start in the cloud by using databases (Threat Intelligence) of known threats and blocking them at the edge of your network where you connect to the Internet and where your firewall resides. Since most ransomware delivers an exploit payload to a desktop you need to have the ability to assess, track, stop, and when necessary, remediate a desktop infection before it spreads to the rest of the network and your data.
With nearly 1 million new malware variants released every day, you can no longer wait for signature based virus protection to release an update. Zero day threats can only be stopped once they have been analyzed and tagged as a threat. Leverage a “threat intelligent” solution that tracks unknown activity on the network and devices, and then can rollback any malicious changes perpetrated by the malware. Implementing these solutions are neither complicated or costly, but a solid infrastructure design and reliable solutions are imperative.
What is Threat Intelligence?
In simple terms, “Threat Intelligence” is a cloud-based collection of data from millions of sources (think all those free anti-virus clients) about viruses and malware, such as source IP address, size, author, reputation, payloads, and file hash (just to name a few), that is constantly updated and leveraged by security products for real-time protection.
Typically, when a “Threat Intelligent” product encounters a new file or application, it sends detailed information to the cloud for validation. If found to be safe, it is allowed to run; if it is known malware, it is blocked; and if it is unknown, it is allowed to run but monitored. Every action by the unknown file/program gets journaled for possible rollback or remediation, and any effort to transmit data from the device will be blocked until the application has been cleared as safe. If it is found to be malware all information on the file is added to the “Threat Intelligence” database in the cloud and protection is instantly available to all connected devices.
Much like a suit of armor, your network security deployment cannot have any uncovered or vulnerable parts. If you are connected to the Internet, the likelihood of malware entering your business is 100%. Even disconnecting from the Internet does not guarantee the protection of your data, it just means someone has to be on premise to steal it.
For help or questions about threat intelligence or a proper layered security design check out Kobargo's Cybersecurity solutions.