Hackers know that no one has a clue what’s happening on your network
A recent survey taken by Sophos has found that nearly one in four IT Managers could not identify 70 percent of data traffic on their networks.
Perhaps this is not as surprising as it might first seem. Here’s a rendition of a pcap (packet capture) session courtesy of Wireshark:
Even most IT professionals will need some kind of software or hardware device to help translate this low-level information into something meaningful, and from that, be able to formulate a coherent cybersecurity policy. The broad range of traffic types on today’s networks helps hide unwanted activities, especially when most malicious traffic carefully emulates more innocent operations.
With VOIP traffic sharing the same bandwidth as BYOD apps’ constant chatter, every server and endpoint’s services broadcasting their presence, plus the flow of actually important data, it’s no wonder that the same survey found that 13 devices on a network of 100-1,000 machines were infected and had to be isolated (averages).
Network traffic flows inwards, out and across today’s enterprise networks, and firewall technologies have evolved from their early packet inspection days as threats have morphed. Initially, firewalls simply prevented ingress of suspect data, but later developed stateful inspection as a way of differentiating between expected, returning packets, from malicious attempts to gain access to protected LANs.
Later came application layer-aware firewalls and security software, which attempted to filter out data from unregistered services and applications. But software developers and hackers alike, seeing the security writing on the wall, learned to emulate known services and apps to bypass security measures: full remote desktop sharing over port 80 was a valued feature of systems administration, at least for some.
The latest firewalls and security software need to be very fast and very perceptive, therefore.
But even with these types of cybersecurity measures in place, many enterprise networks still allow unregistered applications to run, either by accident or design:
- The young intern in marketing is quietly mining cyber currencies using the department’s PCs at unused desks.
- The contracted IT developer is supplementing her MP3 collection by bit-torrenting her favorite artists’ back catalogs.
- The middle manager is using the business’s high-speed internet connection to download the latest movies from dubious sources.
- An executable on a USB stick (brought into the office by an un-named VP) has launched a PowerShell script which will, given enough dwell time, eventually install file-less malware on the company’s secondary domain controller.
There is a fine line to be trodden by cybersecurity teams developing policies and using technologies which can negate all these activities, while not impacting the day-to-day running of the organization.
Human activities, like mistakenly responding to a phishing email, are very close (certainly in effect) to actively downloading files containing pirated media; and neither are particularly easy to mitigate against.
Sound security policies and supporting technologies (such as firewalls and endpoint protection systems) are an evolving balancing act to get ‘just so’.
However, the latest versions of the protection mechanisms available on the market today come some way to providing viable solutions which ensure the best possible insurance against data loss and damaging downtimes.
Here at Tech Wire Asia, we’ve looked at three suppliers of cybersecurity systems which can help today’s enterprise work more safely in this digital world.
The best system deployments work mindfully of the daily data realities and requirements of the workplace, but do not require the policymakers to be fully conversant, on a packet-by-packet basis, of every data interchange in, out and inside the local network.
In short, IT security experts needn’t have to think like a firewall to use a firewall: the latest generations of cyber protection devices make security more manageable, more intelligent and more pro-active.
Some of the features you might like to look out for include:
- Intelligent firewall policies which can be quickly disseminated across multiple sites, deployed to new locations but presented in a single administrative portal.
- Isolation of infected endpoints identified by MAC address.
- Sandbox-ing of suspect files where tests can be undertaken to determine if payloads are malicious.
- Astute packet analysis able to identify rogue, if not entirely malicious, activity using the organization’s resources
- Co-ordinating facilities to unite firewalls, endpoint security measures, web application firewalls, conventional AV management, LAN to LAN communication methods, intrusion protection systems and so forth, into one overarching security policy.
These are three suppliers we’d like to recommend, companies whose reputations rely on their products’ effectiveness and pro-active stance.
With the tagline of “Sophos – Security made simple”, Sophos’ security solutions protect organizations’ networks, servers, and devices, both inside the business and out in “the real world”, especially valuable in today’s BYOD environment.
A go-to provider of cybersecurity for many years, today the company numbers more than 100 million users in 150 countries and a global network of channel partners.
The company’s latest generation of firewall technologies joins up gateway protection (LAN to WAN, LAN to LAN, etc.), traffic monitoring, IDS and other collected measures to endpoint security, and provides an interface for security professionals to gain a fast overview of the second-by-second situation.
The solutions come with pre-set security levels and settings if required, such as allowing or limiting access at pre-determined levels – ideal for swift, macro-policy formulation and installation. The ease-of-use continues with mechanisms for rapid deployment to new premises, for instance, and multiple devices and products can be united into one, CISO-facing interface.
For those security personnel who need a granular oversight extending to MAC by MAC protection, this too is eminently possible: with Sophos, simple-to-use, does not by any means equate to simple-to-navigate or turn around for malicious traffic.
Focused on innovation and backed by a global network of SophosLabs threat intelligence centers and localized support, Sophos delivers solutions which are simple to deploy, manage and represent the cutting edge of cybersecurity mitigation technologies.
Read about Sophos’ offerings in more detail here.
One of FireEye’s USPs is the extent of its existing network which covers the whole globe. It numbers 6,800 customers across 67 countries, including more than 45 percent of the Forbes Global 2000, to date.
FireEye’s protection systems cover endpoint, and network security and the company, headquartered in California provides central management of a range of security measures, including malware protection, spear phishing attempts, email scanning, anti-spam and dynamic threat intelligence.
As potential threats present, the company’s Triage and Audit Viewers are the first line of defense and are capable of inspecting for, and analyzing, potential threats by looking for key indicators of malicious activity.
Having identified an issue, FireEye’s systems alert administrators who can either act manually to mitigate on a case-by-case basis or have automated systems spring into action.
The company’s sizeable user base pools a broad database which identifies problems anywhere in the world as they occur. Private data accrued by its clients is first employed by the company’s customers – using real-time updates – and then in turn by the rest of the data security community, including other cybersecurity suppliers.
Check Point offers a variety of cybersecurity measures dependent on the size of the organization needing protection.
From domestic-level AV and antimalware, right up to enterprise-grade firewalls intended to protect distributed data centers via software-based modeling, the company creates cyber solutions for the new data-dependent generation of businesses.
Cloud assets are protected with Check Point CloudGuard, which actively shares cybersecurity resources right across the company’s client base. Like cloud provisioning, the cybersecurity measures can be scaled quickly, spun up and down at will, and the company offers one-click deployment for new cloud instances.
Endpoint protection is available on a per-person basis, rather than being client focussed. This means that individuals with, for instance, higher privilege levels (with accompanying slackening of security measures) can log onto any device and work seamlessly, rather than having to request permission alterations in different locales.
APAC presence is comprehensive, with offices and experts stationed in India, multiple locations in China, Australia and New Zealand, Japan, Singapore etc. – this is a genuinely global network but one with localized sensibilities.
Check Point offers a security consultancy service, which can undertake audits of existing provisions, taking into specific account local data governance requirements: invaluable.
*Some of the companies featured in this article are commercial partners of Tech Wire Asia