With the current barrage of attention on cyber espionage originating from China, many businesses are left wondering what implications this has for them. They find themselves asking, are these sophisticated groups abroad really going to target my business? What should I be most concerned about and what steps do I need to take to ensure my business is not compromised?
In serving our enterprise and mid-sized customers, we have clearly seen the class of targeted attacks known as APTs (advanced persistent threats) is no longer reserved for just Fortune 500 companies. We're seeing smarter, everyday malware criminals - not nation states - speed up the evolution of APTs, making smaller and mid-sized organisations bigger targets than they previously have been.
While it is beneficial to stay apprised of high-profile network breaches and follow the major reports issued by companies like Mandiant, businesses really need to pay attention to the real-world threats that affect their network security on a day-to-day basis. Companies should take these five steps to avoid the flood of malware that is knocking on their network doors daily.
1. Take a Multi-Layered Approach: Defence-in-Depth. Today's increasingly blended threats require blended solutions. No single network security provider can block every attack, no matter what they claim. According to Gartner, an estimated $60 billion is invested by corporations and governments in network security systems, yet hackers are still finding ways to sneak past them. A multi-layered approach to network security is the best protection. When combined together, firewalls, intrusion prevention services, proactive anti-virus (AV) solutions, anti-spam and anti-phishing protection, and cloud-based reputation defenses maximise the chance that one or more security controls will catch part of an APT attack.
2. Filter egress rather than just ingress. Most firewalls today already block ingress traffic that an organisation has not explicitly allowed. But surprisingly, an alarming number of businesses still don't consider the threat posed internally, or by egress. By far, more botnet traffic is caught through egress rather than through ingress. Egress filtering helps ensure that unauthorised or malicious traffic never leaves a corporate network. Companies need to carefully monitor and restrict the flow of outbound information. Packets that are being sent from corporate networks must be examined and evaluated against a company's security policy. If the data doesn't pass the sniff test, the packets should not be allowed to be distributed.
3. Open your network's eyes. You can't protect what you don't know. Most companies find out about their breaches the same way you do: in the news. Today, new internet and social media applications are a common source of vulnerabilities and attacks, and IT pros are faced with the challenge of managing or controlling a vast array of web applications without hindering productivity. Without the right visibility tools, administrators can't set the necessary granular controls by employee and by application. Visibility helps organisations enforce acceptable use policies that are mandated by industry regulation, legal and political jurisdictions as well as corporate culture.
Sign up for Computerworld eNewsletters.