The security industry is full of products claiming to offer total security against malicious software but as good as they may be, no product is 100% secure. A single product is always liable to being exploited and it may only take one breach to undermine your credibility.
A layered security approach is far better as there are more opportunities to isolate a malicious code outbreak though multi-vendor products and user education.
‘Security’ can be an ever escalating financial burden which will always have opportunities for exploitation but the following six steps offer a reasonable and considered approach to security. These are:-
1. Firewall – Gateway AV, IPS, Content Management
2. Patching – limits exploit opportunities
3. Antivirus – reliable product, up to date
4. Proactive Malware Defence – deeper malware behaviour monitoring
5. User Education – majority of modern attacks rely on user actions
6. Remediation – If all else fails, what is the recovery plan?
Firewall – The best place to intervene a malicious attack is before it gets onto your network. This is why you should have gateway protection that includes antivirus, intrusion protection and content management as part of the firewall design.
Patching – this is probably the simplest and certainly the cheapest step. Microsoft Windows Updates should be set to automatic as should most other web plug-ins such as Java. The only negative of allowing auto updates is the occasional bad update. Even accepting this, the benefits of better security outweigh the rare problems.
Antivirus – AV products are dynamic, they have to be reflecting the current threats. This also means that the best product one year is not necessarily the best forever. Keep abreast of the current products and refer to independent tests to ensure that your installed program is in the top tier of products.
Proactive Malware Defence – in addition to a standard level antivirus product, it is recommended that a deeper malicious behaviour monitor product should be deployed at the user level. This will improve massively the likelihood of malware detection before it can become disruptive.
User Education – even the cleverest get drawn into a well-planned scam. The scammers prey mainly on our fears of security to lure us into the scam. All users should be educated to the threats of malicious fraud and should start by reading our article ‘Ransomware – Limiting the Likelihood of Infection’ on our website.
Remediation – no security system is 100% guaranteed. You just have to read the press articles about multi-million pound multi-national companies who spend fortunes on security and still suffer incidences. What we can do though is make realistic efforts to minimise the risk but also have a remediation plan should the worse happen. This may involve data cleansing and recovery tools or a full recovery from a backup file. Whatever the plan is, it should be tested, documented and part of the business disaster recovery plan.
Summary – layering the security levels gives several opportunities to recognise an attack.
Network security is like cold weather clothing – it is most effective when in layers. A huge overcoat may keep out most intrusions but it is a single point of failure and if breached, leaves little protection.