Security

Router versus Firewall: What are the differences?

06/22/2020 By Andrew Roderos Leave a Comment

There seems to be some confusion about the differences between the router and firewall. One of the contributing factors to this is that device manufacturers tend to combine the functionalities into one device. Traditionally, these devices are specialized hardware that does a specific job well.

Both of these devices have advantages and disadvantages over the other, unique features, and different purposes. In this article, we will define what they are, identify their primary use in your network, and explain why you may need both.

What is a router?

A router is a device that quickly forwards data from one network to another. For example, for your devices to communicate to the Internet, you need a networking device to transmit the traffic from your home to the Internet Service Provider (ISP). Typically, this device is a router that either you purchased or provided by your ISP.

The type of router found in most homes and some small businesses is called a wireless router. The wireless router combines the functionalities of multiple devices: wireless access point, switch, and a router.

Furthermore, a lot of routers in the market provide some level of network security by including features like Network Address Port Translation (NAPT), Stateful Packet Inspection (SPI), etc.

What does a router do?

The principal function of a router is to route network traffic between networks. The job of a router is similar to the role of the United States Postal Service (USPS). The router tries its best to forward the data between the sender and the receiver in different networks.

Since the majority of routers in a lot of small businesses are wireless routers, they also allow the connection of wired and wireless devices such as computers, printers, mobile devices, etc.

What is a firewall?

A network-based firewall is a device that provides security by monitoring incoming and outgoing traffic and makes a decision whether to allow or deny specific traffic based on the rule sets.

For many years, the firewall has been an integral part of any successful security program. It serves as the first line of defense in network security.

Today’s modern operating systems, such as Windows and macOS, include a software firewall that provides added network protection. A software host-based firewall functions similarly to a traditional network-based firewall.

Nowadays, firewall manufacturers add extra features like anti-malware, Intrusion Prevention System (IPS), application awareness, URL filtering, etc. referred to as a next-generation firewall (NGFW). An NGFW offers far improved security than a router or a traditional firewall.

What does a firewall do?

The principal function of a firewall is to provide network protection by blocking unwanted traffic. A job of a firewall is similar to the role of the Transportation Security Administration (TSA). The firewall inspects network traffic to make sure everything looks good before it is allowed to pass through.

Some firewalls designed for small businesses or branch offices also combine functionalities of wireless routers, allowing both wired and wireless network connectivity.

Which one should you buy?

Unfortunately, the answer to this question is it depends. Determining the right device for your business requires an understanding of the goals and requirements.

For a small coffee shop, a wireless router from your favorite retailer may be sufficient. For some small and medium-sized businesses (SMB), they may opt to purchase NGFW for better security.

In some scenarios, you might need to purchase both a router and a firewall. For example, if a branch office has the following requirements: WAN connectivity options (both wired and wireless), VoIP, switching, NGFW, and computing. Then, buying a router that can do the majority of these requirements and a separate NGFW could be a suitable solution.

There are some instances where you don’t want to, by default, restrict network traffic. For example, in higher education space, the researchers may expect no restrictions and a fast network to transfer data between each other.

Summary

Both devices can provide a level of network security. However, NGFW gives a higher level of protection compared to a router with some firewalling features.

Choosing between a router and a firewall will vary from one company to another. The key to determining the proper device is by gathering the requirements, goals, and business and technical constraints.

If security is paramount to your company, then purchasing a next-generation firewall with a subscription to the advanced features is the right way to go.

Still unsure on what to get?

Let us answer your questions by contacting us. We’ll help you with hardware selection, design, configuration, and implementation.

LET’S TALK

NetworkJutsu provides networking and network security consulting services for startups, a more established small and medium-sized business (SMB), or large business throughout the San Francisco Bay Area.

5 Network Security Principles for the Enterprise

05/03/2019 By Andrew Roderos Leave a Comment

Security incidents are a fact of life in this day and age. U.S. CEOs recognize this fact, and they consider cybersecurity their number one overall external concern¹. It is no longer a matter of whether or not a cybersecurity incident will happen to their organization but a matter of when. The faster an organization accepts the inevitability of a cyberattack, the better they are prepared to prevent, detect, and remediate the effects of an attack.

Introduction

Network security hardware and software solutions are the first layers of protection between your organization and the outside world. They are an essential part of any defense and countermeasure strategy that organizations must have.

Everyone knows that firewalls and anti-malware solutions are vital parts of network security. However, network security is much more than installing and configuring firewalls and anti-malware software. A highly effective network security architecture requires a well-thought-out design based on the risk analysis and security posture you want to achieve.

Network Security Principles

Security is crucial in every organization. If no proper security principles are followed, it will lead to a lot of risks and unwanted public relations. When designing network security architecture, designers should follow the five network security principles discussed below. Following these security principles in small and medium-sized business (SMB), and enterprise environments will help improve your security posture.

1. Zero Trust

Zero Trust is a security model introduced by John Kindervag in 2010 that moves away from the old mentality of perimeter security. Fundamentally, organizations should not automatically trust anything inside their perimeter and instead must always verify everything trying to connect to their systems before granting access.

A lot of organizations use the perimeter security concept. With the perimeter security concept, the organization is heavily invested in protecting the network from outside attacks but trusts everyone inside the network. With this approach, when attackers compromise a machine inside the organization’s network, they can move laterally without much difficulty.

A recent example of perimeter security’s weakness is the Arizona Beverage Company’s ransomware attack². The ransomware attack has some similarities with WannaCry briefly mentioned in our how to improve your cybersecurity post earlier this year. Both cyberattacks highlighted the organizations’ security weaknesses.

2. Segmentation

Network segmentation has been around for many decades, and a lot of organizations employ this network defense strategy. While many organizations use this strategy, it’s often not as restrictive as most security professionals would like it to be.

Additionally, there are some misconceptions that if you implement different virtual LANs (VLANs) and subnets, you’ve achieved network segmentation. While there’s some level of segmentation, it is still considered a flat network. Flat in the sense that hosts are still able to communicate with each other freely. Real network segmentation requires additional steps that ensure the traffic flows are restricted as much as possible.

With the Internet of Things (IoT) explosion, organizations with a lack of an effective network segmentation will suffer from cyberattacks, such as what happened with the Arizona Beverage Company and an unnamed casino³.

While network segmentation reduces the attack surface, it doesn’t always reduce it enough. Fortunately, technology companies introduced an emerging technology called micro-segmentation that enhances the existing network segmentation techniques. Micro-segmentation allows for a more granular approach in preventing lateral movement between hosts.

3. Defense in Depth

The concept of defense in depth originated from the military since the Roman days. It is intended to slow down the attackers rather than stopping them in a single and strong layer of defense. It also relies on the tendency of an attack to lose momentum over time.

In computing, defense in depth refers to having multiple layers of protection in physical, technical, and administrative controls of your network. It is designed in a way that defenses are not dependent on any single layer of protection. Since the strategy originated from the military, it similarly seeks to delay an attacker to allow time for detection and response.

A lot of people mistakenly believe that layered security (or defense) is the same as the defense in depth. While they have a lot of concepts that overlap, they are two different concepts. To put this in perspective, let’s revisit the Arizona Beverage Company’s security incident. From a layered security perspective, minimum reasonable technical controls will be firewalls, endpoint security software, and operating systems with security patches. From a defense in depth perspective, it encompasses layered security and additional controls. Additional controls include data backup, ensures backup integrity and accessibility, monitoring, etc.

4. Principle of Least Privilege

The principle of least privilege is an essential concept in security. The idea of least privilege is that any user, application, etc. should have only the minimum rights and privileges necessary to perform its function. For example, finance users should not have the same level of access as users in the engineering department.

The least privilege helps reduce the attack surface by eliminating unnecessary rights and privileges that can result in security incidents, such as a major data breach. For example, the National Security Agency (NSA) had to reduce the number of people who had access to secret information after Edward Snowden had leaked classified data⁴.

Organizations should also implement periodic checks, possibly yearly, for any privilege creep. The idea is to prevent a gradual accumulation of rights and privileges beyond what the subject needs to perform its function. For example, when an IP address gets reused and serves a different function in the enterprise, they will gain a new set of firewall rules directly serving its new purpose. However, they continue to have the same network access privileges as the previous owner unless it is removed.

5. Monitoring

With the ever-evolving threat landscape, you should not make network security monitoring an afterthought. It should be one of the first defense strategies on your list. Why? Because it provides an ability for you to monitor your network for security threats, vulnerabilities, suspicious behavior, etc., and respond appropriately.

68% of breaches took months or longer to be discovered. In many cases, a third party, like law enforcement or partner, discovers the breach. The worst-case scenario is when your customers spot the breach⁵.

Fortunately, organizations are getting better at reducing dwell time compared to previous years. Dwell time is the number of days an attacker is present on a victim’s network. It is measured from the first evidence of a compromise to detection. Currently, the median dwell time is 78 days⁶.

Conclusion

In this day and age, managing network security is getting to be a lot more complicated and requires thoughtful planning. The threat landscape will continue to evolve, and organizations must continuously adapt in order to protect their infrastructure and data. Implementing these five network security principles into your organization will immensely improve your security posture.

Achieving these principles will require cooperation from all employees and not just the IT teams. More importantly, IT teams should have supportive executives who are fully committed to improving your organization’s network security.

Remember the saying “prevention is better than the cure”? This saying is very much applicable to cybersecurity. Applying a prevention mindset will harden the organization’s security posture. It doesn’t guarantee that it will prevent an attack from happening since cybercriminals are sophisticated and determined. However, implementing these network security principles will help make it less attractive or an easy target for cybercriminals.

Are you in need of network security consulting in the San Francisco Bay Area?

We specialize in helping enterprises improve their network security.
Get in touch with us today!

ENGAGE US

You might also like to read

How to improve your cybersecurity
What is multi-factor authentication (MFA)?

______________________________________________________________________________________________________________________________
¹ C-Suite Challenge 2019
² Arizona Beverages knocked offline by ransomware attack
³ Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
⁴ NSA to cut system administrators by 90 percent to limit data access
⁵ 2018 Verizon Data Breach Investigations Report
⁶ M-Trends 2019

WebAuthn: Moving to a passwordless world

03/31/2019 By Andrew Roderos Leave a Comment

What is Web Authentication (WebAuthn)? It is a new mechanism for authenticating to websites, replacing traditional username and password login credentials with security keys or built-in authenticators.

On March 4, 2019, World Wide Web Consortium (W3C) and Fast IDentity Online (FIDO) Alliance finalized the Web Authentication (WebAuthn) specification¹. This web standard is a major step forward in making the web more secure, passwordless, and easy to use.

The WebAuthn specification is a major and collaborative leap forward in the evolution of simpler, stronger user authentication.
James Barclay, Senior R&D Engineer, Duo Security, a Cisco business unit

Why are we moving to a passwordless world?

81% of hacking-related breaches leveraged either stolen or weak passwords

As mentioned in the multi-factor authentication (MFA) article posted last month, protecting accounts using passwords has been unsuccessful for many years. Credential theft via phishing is very popular and successful social engineering attack employed by cybercriminals. In addition, there are instances where collections of user credentials are posted online². The credentials are used to launch attacks known as a credential stuffing attack. The industry’s response to such attacks is the implementation of MFA, but some implementations do not adequately address attacks such as phishing and man-in-the-middle (MITM).

WebAuthn solves phishing and MITM attacks in a way that is more manageable and user-friendly but does not guarantee a rapid rate of adoption. Users are slow to adopt better security. In fact, Google revealed in a presentation on January 17, 2018, that only 10% of active Google accounts have two-factor authentication (2FA)³.

How it works

Traditionally, when we sign up for an online account, we are asked to create a unique username and password. With WebAuthn, we are instead presented with several choices for authentication such as username and password combination, multi-factor authentication, or passwordless authentication.

The next time the user connects to the website, the server sends a challenge and provides a list of credentials that are registered to the individual and can also indicate where to look for the credentials – internal or external authenticator.

Authenticator choices

There are two main authenticators available: internal and external authenticators. The internal authenticators, which are referred to as platform authenticators in WebAuthn specification, are built into the device. For example, Apple’s Touch ID, Windows Hello (e.g., fingerprint or facial recognition), etc.

The external authenticators, which are referred to as roaming authenticators in WebAuthn specification, are removable from and can roam among devices. For example, a security key, smartphone, etc.

Is it better than existing solutions?

It depends. Users have different levels of risks they’re willing to take. Some users are risk-averse than others. For people who, to this day, do no use a password manager software or a sort of algorithm to remember different passwords for their accounts, then this is a great solution. It doesn’t require them to remember any passwords, which means no password reuse issues, and it’s convenient to use yet still provide strong account protection.

Conclusion

In our previous post, we highlighted the importance of utilizing multi-factor authentication. While it provides an additional layer of security, some MFA strategies fail to address phishing, MITM attacks, etc. These cyberattacks enable cybercriminals the ability to compromise accounts even with an additional layer of security in place. WebAuthn attempts to address the shortcomings of both password-based authentication and multi-factor authentication.

From a security standpoint, it is a significant step in providing users a simpler and stronger authentication mechanism. WebAuthn may take some time for full adoption, but it is definitely a step in the right direction. In the meantime, being vigilant about protecting our passwords by enabling multi-factor authentication, where possible, is a must in this day and age.

You might also like to read

How to improve your cybersecurity
What is multi-factor-authentication (MFA)?

______________________________________________________________________________________________________________________________
¹ W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Login
² 2.2 Billion Accounts Found In Biggest Ever Data Dump — How To Check If You’re A Victim
³ Anatomy of Account Takeover

What is multi-factor authentication (MFA)?

02/28/2019 By Andrew Roderos Leave a Comment

What is MFA?

If you haven’t been living under the rock these past few years, you’ve probably heard of multi-factor authentication (MFA) or two-factor authentication (2FA) by now. In the last few years, MFA has gained enormous popularity in companies that are improving their cybersecurity posture.

Before we delve into MFA, lets define what is authentication. In simplest terms, it is a process to confirm if someone is in fact who they say they are.

A lot of people make mistakes that the combination of username and password is authentication. However, it is actually a combination of identification (username) and authentication (password). The username is used to claim an identity, while the password is used to verify the identity.

Authentication factors

There are three basic methods of authentication:

Type 1: Something you know – password, PIN, etc.
Type 2: Something you have – smart card, hardware token, smartphone, etc.
Type 3: Something you are or something you do – biometrics, signature, keystroke dynamics, etc.

Out of these three methods of authentication, Type 1 is the weakest and Type 3 being the strongest. Malicious actors, however, can still bypass some of the Type 3 authentication factors. For example, some fingerprint readers can easily be fooled by a duplicate fingerprint on a gummy bear candy¹.

Single-factor authentication (SFA)

As the name implies, single-factor authentication only requires one method of authentication. For many years, accounts for our email, web, social media, etc. were protected by this single form of authentication.

For a time, passwords were enough to secure the accounts. However, as cybercriminals become more successful in stealing credentials, it became clear that passwords alone were no longer enough to protect accounts.

Multi-factor authentication (MFA)

As you might have guessed, multi-factor authentication requires at least two methods of authentication. It can be a combination of any two or perhaps all three of Type 1, 2, and 3.

The use of two methods of authentication is called two-factor authentication (2FA), which is a subset of MFA. 2FA is the most popular method that is currently available on a lot of websites, applications, etc.

The concept of multi-factor authentication is not new. In fact, you’ve probably been using it but didn’t realize that you were. If you’ve ever withdrawn money from an ATM, then you’ve used MFA.

Withdrawing from an ATM requires you to present two forms of authentication: something you know (PIN) and something you have (debit card). Satisfying these two requirements will give you access to withdraw money from your account – assuming you have sufficient funds.

Importance of MFA

52% of the users have reused the same passwords

Protecting accounts with passwords has been unsuccessful for many years. A lot of people use easily guessable passwords for their accounts and in some cases have them written down within an arm’s length. The reuse of passwords across multiple accounts is also common. In a Virginia Tech University paper, they found in a study that 52% of users have reused the same passwords or modified existing passwords instead of coming up with something new². What’s worse is that these users are also using the same passwords for their personal and work-related accounts.

Password reuse creates huge risks and undermines security for both individuals and businesses. Some organizations are starting to offer free password manager software to their employees to combat this issue. This is a way of potentially arming their employees with the ability to practice good security in both their personal and professional lives.

The use of a password manager helps immensely in improving password security. It allows users to create unique and strong passwords without memorizing them. In fact, a few weeks ago, there was a data dump of 2.2 billion accounts³. Stolen credentials from personal accounts could be used to try and compromise business accounts as well.

81% of hacking-related breaches leveraged either stolen or weak passwords

There have been many instances where cybercriminals successfully acquired account credentials. In fact, according to Verizon 2017 DBIR, 81% of hacking-related breaches leveraged either stolen or weak passwords⁴. Reducing this number by implementing MFA solutions should be one of the top priorities of companies.

Common MFA methods

There are many approaches to MFA that companies take. Unfortunately, some of the approaches are weaker than others. We’re going to examine the most commonly used MFA methods.

OTP hardware-based

OTP-based hardware tokens, also known as security tokens or hard tokens, are one of the oldest MFA methods that are still in use today. RSA SecurID was very popular back in the early 90s.

There are drawbacks in using hardware tokens. Since they are small devices, they can be lost, stolen, or forgotten. When this happens, users won’t be able to access their accounts.

This scenario brings another disadvantage of hardware tokens. It can be hard to manage since it costs money to replace and logistics of delivering the hardware token.

The possibility of key extraction from a hardware token is another downside⁵. Additionally, cybercriminals can target manufacturers to steal information that could be used to compromise the security of the hardware tokens⁶.

OTP software-based

OTP-based software tokens are one of the most deployed MFA methods. It is very much the same as hardware tokens, but more convenient and less expensive. Assuming that users have smartphones – not everyone has one⁷. Instead of carrying another device, the user installs an app on their smartphone. The app generates six-digit passcodes for authentication.

Same as the hardware token, there are drawbacks to OTP software-based token. Smartphones get lost, stolen, or forgotten. In contrast, users are less likely to forget their smartphones at home than lose a hardware token. One can assume that users are more attentive with their smartphones than they may be with a hardware token.

Another thing to consider is the reliance on a smartphone’s battery life. Users won’t have access to the app to get their codes when smartphones are out of battery. It is also true that OTP-based hardware tokens also run on batteries, but their batteries can last anywhere from five to ten years.

Similar to hardware tokens, the seed value (or secret key) on a software-based token is vulnerable to theft, but in this case by smartphone malware or malware on the server. When malicious actors get a hold of the seed value, then they can replicate this to their own smartphone.

Both hardware and software tokens can suffer from a MITM (man-in-the-middle) attacks. To describe this attack, imagine a cybercriminal creates a fake bank website. Then launches a phishing campaign that entices users to give up their credentials including OTP. The server captures everything and passes your credentials to the real website. If done right, the server will maintain the session until the attacker is ready to make fraudulent transactions.

OTP SMS-based

Receiving one-time passwords (OTP) SMS (or text message) is another popular MFA method – possibly the most popular. With this method, upon successful first-step authentication, the user receives an SMS message with a random code.

Sometime in 2016, NIST (National Institute of Standards and Technology) seemingly deprecated SMS-based authentication but eventually softened their stance in the SP 800-63B (Digital Identity Guidelines) document⁸.

The key takeaway is to verify that the OOB (out-of-band) device is uniquely tied to a device. This means that users should not use VoIP-based services (Google Voice, for example) to receive passcodes.

While it is still acceptable to use OTP via SMS per NIST, it doesn’t mean users should keep using it. There are vulnerabilities in using this method such as SIM swap, SS7 (Signaling System No. 7) vulnerabilities, etc.

To highlight the insecurity of using this method, one virtual currency investor lost around $150,000 after the cybercriminal took control of his phone number⁹. Another instance where SMS-based 2FA was ineffective to protect the account was when Reddit got hacked via SMS intercept¹⁰.

Push-based notification

This method is taking the best of both worlds from SMS-based and mobile-app based MFA. The main advantage of this method over others is the balance between security and convenience.

The push-based method has been gaining popularity in the enterprise. In fact, Cisco Systems invested $2.35 billion to acquire Duo Security, an industry leader in the MFA space¹¹.

The beauty of this method is that when the user sees a push notification, the user can choose to allow or deny the authentication attempt. If it was the user who initiated the authentication attempt, then it gets approved. Authentication attempts not initiated by the user can be rejected.

Push technology, in theory, is a more secure method, but it doesn’t mean it is immune to attacks. One possible attack is by social engineering. Imagine a cybercriminal gets a hold of a user’s credential and tries to access the account. When the cybercriminal is ready to send the push, he/she can call the user impersonating a trusted entity such as an IT personnel convincing the user to accept the push.

Universal 2nd Factor (U2F)

Google and Yubico initially developed U2F, but now it is an open authentication standard supported by the FIDO (Fast IDentity Online) Alliance. It aims to provide strong second-factor authentication while also enabling users to quickly and securely access websites.

When a user wants to authenticate to a website (that the U2F is registered), the user will need to insert the USB token as the second-factor authentication. It is not vulnerable to phishing attacks, session hijacking, and MITM attacks.

Same as the OTP-based hardware token; however, it can be forgotten, lost, or stolen. It can get costly when supplying or replacing these tokens to all employees in large organizations.

Conclusion

While MFA is not perfect, it is still better than not having it at all. Our recommendation is to enable it wherever possible. Especially, when it comes to systems, websites, or applications that contain sensitive data.

When choosing an MFA method for your organization, you must strike a balance between security and convenience. The MFA strategy must be easy to use and sustainable. Without these factors, users may find ways to circumvent it, which in turn undermines the security provided by the second-factor authentication.

You might also like to read

How to improve your cybersecurity

______________________________________________________________________________________________________________________________
¹ Passwords: 4 Biometric Tokens and How They Can Be Beaten
² The Next Domino to Fall: Empirical Analysis of User Passwords across Online Services
³ 2.2 Billion Accounts Found In Biggest Ever Data Dump — How To Check If You’re A Victim
⁴ Verizon 2017 Data Breach Investigation Report
⁵ Efficient Padding Oracle Attacks on Cryptographic Hardware
⁶ RSA breach leaks data for hacking SecurID tokens
⁷ Smartphone penetration rate
⁸ Questions…and buzz surrounding draft NIST Special Publication 800-63-3
⁹ Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency
¹⁰ We had a security incident. Here’s what you need to know.
¹¹ Cisco Completes Acquisition of Duo Security

How to improve your cybersecurity

01/28/2019 By Andrew Roderos Leave a Comment

A lot of businesses are still not focusing on their cybersecurity posture. Unfortunately, today’s threat landscape is continuously evolving, and companies shouldn’t make it an afterthought. Long gone are the days that installing and configuring a firewall is enough to protect the company’s data and network. Today, the Information Technology (IT) and Information Security (IS) departments need to worry about application security, vulnerability management, human error, etc.

Who are the victims

out of the 53,000 incidents and 2,216 confirmed data breaches, 58% of victims are categorized as small businesses

One possible reason why businesses, especially small businesses, are not focusing on cybersecurity is that they believe they’re not the target of cybercriminals. This assumption is far from the truth. Cybercriminals are casting a wide net for whom they target. Small and medium-sized businesses (SMB) are not immune to cyberattacks. In fact, out of the 53,000 incidents and 2,216 confirmed data breaches, 58% of the victims are categorized as small businesses¹.

Cost of an attack

small businesses estimated average cost for security incidents in the last 12 months to be $34,604

Another possible reason why small businesses aren’t focusing on improving their cybersecurity is the lack of budget. Allocating a limited resource to cybersecurity is a challenge, but it’s vital to keep in mind the cost to the business as a result of a cyberattack. According to Hiscox, an insurance provider, small businesses estimated average cost for security incidents in the last 12 months to be $34,604. For companies, with more than 1,000 employees, the average was $1.05 million annually². Keep in mind that these numbers are just for direct costs. There are indirect costs as well, such as losing customers, brand reputation, etc.

Improving your cybersecurity

While the data presented is frightening, luckily, there are ways for businesses to improve their cybersecurity. Here are some of the things that companies should do to strengthen their cybersecurity.

Identify and classify your data

Identifying the types of data that your company process, store, and transmit is the key to knowing what to protect. These types of data could be one or more of the following: Personally Identifiable Information (PII), Protected Health Information (PHI), intellectual property (IP), etc.

The next step after data identification is data classification. It is the process of categorizing types of data based on the level of sensitivity, value, and criticality to your company. This step is key to how much resources businesses should invest.

Let’s use the military since their data classification is a great example. They have five levels of data classification: top secret, secret, confidential, sensitive but unclassified, and unclassified. Depending on the data, the disclosure may or may not pose a threat to national security. Applying a similar concept to your company will help in prioritizing what to protect.

Manage hardware and software assets

Doing an inventory of authorized hardware and software assets is another necessary step in improving your company’s cybersecurity. Having a complete list of both assets enables IT or IS to track and prevent unauthorized hardware and software connecting or executing on the network.

Actively managing assets also makes it easier to plan for replacing aging hardware. It also makes it easier to track what software needs an update or upgrade, which is crucial in thwarting cyber attacks.

Security awareness training

There is a saying that a chain is only as strong as its weakest link. In cybersecurity, when security controls are strong, then oftentimes the weakest link in the chain is human.

1,712 security incidents and confirmed data breaches that resulted from phishing and pretexting

There were 1,712 security incidents and confirmed data breaches that resulted from phishing and pretexting¹. While this is a small percentage, it is still a problem that companies must address. Social engineering attacks, such as phishing and pretexting, could be lessened with proper security awareness training.

The training program must also cover other types of social engineering attacks, physical, password, computer security, malware, etc. All employees must take the training and make it part of your onboarding process. A well-designed program must be interactive and should be relevant to their day-to-day functions and personal lives.

Protect your data and IT infrastructure

There are a lot of ways of protecting your data and IT infrastructure. This topic could be a series of blog posts, so we’re only going to touch on a few of them.

Endpoint security

cybercriminals used malware for 30% of the incidents and confirmed breaches

Cybercriminals used malware for 30% of the incidents and confirm breaches¹. That said, companies must invest in endpoint security. Gartner splits endpoint security into two markets: Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR). To quickly summarize the difference between the two, EPP is preventive and mostly signature-based, while the EDR is preventive and forensic.

The current buzzwords in endpoint security (technically, in other industries as well) are machine learning (ML) and artificial intelligence (AI). While machine learning in the endpoint security space can help, it is only as good as what it knows. It requires a massive amount of data to be able to distinguish if a specific behavior is malicious or not. That said, don’t just pick a vendor that has machine learning baked into their product. Machine learning alone doesn’t catch malware.

Network security

There are still a lot of networks out there that only protect the perimeter. Unfortunately, the perimeter defense is an old way of doing things. This type of network protection is often called hard outside, soft inside. Think of the Trojan Horse story (from the Trojan War), once the enemies were inside, they were able to wreak havoc because security was focused on protecting the perimeter. Today’s approach is Zero Trust Architecture, where you take the never trust, always verify approach.

The WannaCry ransomware, which affected over 200,000 computers, is a perfect example of a malware that exposed the network security weaknesses of companies. Once the malware was inside, it was able to infect other computers on the network. Sure, the malware also exposed the vulnerability management practices of companies.

Data backup

Businesses need to protect their data. One of the ways they can do this by backing up their valuable data. Without data backup, companies could suffer from data loss because of hardware failure, file deletion, malware, etc.

Some of the businesses that were infected by WannaCry paid ransom money to get their data back. If they had a good data backup strategy, then they wouldn’t have had to pay for the ransom and could’ve recovered quickly.

Multi-factor authentication (MFA)

Out of 55,216 incidents and breaches, there were a total of 823 where cybercriminals used stolen credentials¹. While it is a small percentage, it is still happening and must be addressed.

Cybercriminals use multiple methods on how to acquire credentials. One of which is by a phishing campaign. While security awareness training will help, there will still be people falling for it. To mitigate stolen credentials, enabling multifactor authentication (MFA) to all applications and systems is the key.

Vulnerability management

Every week, if not every day, software vulnerabilities are discovered. Some discoveries are responsibly reported to the vendor, but some are used for zero-day attacks. Periodically scanning for vulnerabilities will reveal security risks and should be addressed timely before it results in an actual compromise.

Keeping up to date software is another vital piece in improving your cybersecurity. Not applying the latest update to the software that runs on your network is essentially inviting cybercriminals to breach your company. The cybercriminals are still successfully exploiting known software vulnerabilities. In fact, the Equifax hack that happened in May 2017 was due to an unpatched software that was running on their public-facing server³.

Monitoring

Having preventive controls are great, but we have to keep in mind that nothing is 100% secure. That said, your company’s cybersecurity solutions should include monitoring to detect and respond to security threats, incidents, and breaches.

Often times, it only takes minutes (or less) for cybercriminals to compromise a system. Unfortunately, 68% of breaches took months or longer to discover. In many cases, it’s not even the company itself that discovered the breach¹. Don’t let your company be one of them.

Conclusion

There’s no silver bullet in cybersecurity, and no products and solutions are going to give you 100% protection. The only things that companies can do are to reduce the attack surface, mitigate security risks, educate employees about cybersecurity, and be able to detect and respond quickly to security threats, incidents, and breaches.

You might also like to read

What is multi-factor authentication (MFA)?
5 Network Security Principle for the Enterprise

______________________________________________________________________________________________________________________________
¹ Verizon 2018 Data Breach Investigation Report
² Hiscox Small Business Cyber Risk Report
³ Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach

Security

What is a router?

What does a router do?

What is a firewall?

What does a firewall do?

Which one should you buy?

Summary

Still unsure on what to get?

Introduction

Network Security Principles

1. Zero Trust

2. Segmentation

3. Defense in Depth

4. Principle of Least Privilege

5. Monitoring

Conclusion

Are you in need of network security consulting in the San Francisco Bay Area?

You might also like to read

Why are we moving to a passwordless world?

How it works

Authenticator choices

Is it better than existing solutions?

Conclusion

You might also like to read

Authentication factors

Single-factor authentication (SFA)

Multi-factor authentication (MFA)

Importance of MFA

Common MFA methods

OTP hardware-based

OTP software-based

OTP SMS-based

Push-based notification

Universal 2nd Factor (U2F)

Conclusion

You might also like to read

Who are the victims

Cost of an attack

Improving your cybersecurity

Identify and classify your data

Manage hardware and software assets

Security awareness training

Protect your data and IT infrastructure

Endpoint security

Network security

Data backup

Multi-factor authentication (MFA)

Vulnerability management

Monitoring

Conclusion

You might also like to read

Footer

WORK WITH US

Schedule a free consultation now!