As IT professionals, it’s our responsibility to do everything within our power to protect our organizations from IT security threats. Unfortunately, all too often I hear fellow IT pros express an almost universal confidence in endpoint protection as the be-all, end-all to combating these threats. While endpoint protection is definitely an important part of any threat protection solution, it is absolutely not a one-stop, solve-everything product. To provide the best possible protection against existing, new, and zero-day threats, a multi-faceted approach must be utilized. Endpoint protection by itself simply doesn’t go far enough against modern threats.
A truly effective threat protection solution is systemic. It includes not only endpoint protection but also network level and perimeter defenses as well. Change monitoring and reporting is a must. These mechanisms all work together to combat threats head-on. In addition, they create an ecosystem adept at adjusting to ever changing attack vectors.
What types of products should be used? Let’s look at each of the key areas individually, beginning with endpoint protection. These products should include reputable anti-virus/anti-malware software, updates management, and a software firewall. Change auditing should be in place to detect unauthorized system level changes. Detecting these changes early can prevent a malware infection or rootkit from taking hold in the first place.
At the network level, access should be controlled by device and user. Utilizing VLANs not only improves Quality of Service management but also protects more secure segments from less secure ones. Patch management systems should be in place for servers and network infrastructure equipment alike. Switches, routers, firewalls, and similar equipment are often put in service and rarely updated. This can present a significant weak point when it comes to mitigating threats. Consider that many devices from Cisco, Watchguard, and other leading equipment providers were susceptible to the OpenSSL Heartbleed vulnerability. Updating websites and server OSs but failing to patch these devices is akin to locking the doors but forgetting to lock the windows. It may be more difficult for a crook to sneak through a window but that doesn’t mean they won’t! Change monitoring and reporting will reduce the likelihood anything falls through the cracks.
At the perimeter, the toughest systems stand guard. Firewalls, Intrusion Prevention Systems, web access control systems, and spam filtering – all work to prevent threats from ever reaching the internal network, let alone a user’s computer. Change auditing at this level is a given. Remember one of my favorite axioms, “you cannot manage what you cannot measure.” Change auditing provides the measurements that enable properly managing the perimeter defense systems.
The days of installing anti-virus software and considering the network defended have passed. IT security threats are more advanced than ever and continuing to evolve. These threats are so real and so significant that new career paths have been created. From Chief Security Officers on down, organizations are investing in protecting their IT infrastructures. It’s time to see the writing on the wall and embrace a holistic approach to mitigating threats. Investing in protection at the endpoint, network, and perimeter levels, as well as utilizing proper change auditing, will pay dividends the next time an IT threat comes banging on the door.
