If you skipped Part 4 → go back.
I mentioned at the first part of this blog series to take a multi-tiered approach. This approach is necessary with today’s landscape.
ANTI-VIRUS is not enough. Traditional anti-virus is a signature-based product. These signatures are always playing catch up. If a virus/malware is reported on the market your anti-virus product will have a signature for this code and send the update to your computer. Your anti-virus product detects these files as they enter your computer and will flag them if they are bad.
However, standard anti-virus is being replaced with next gen anti-virus. Modern malware is not picked up by signature based content. Modern anti-malware products are written to detect file behavior patterns on your computer and stop the action. A single anti-virus product can’t keep up.
Your FIREWALL will not do this on its own. No matter how good your firewall is they are naturally designed to allow users out to the internet and content coming back in. As we know, users are the single biggest security risk and we create these security risks by asking for them. Don’t assume your firewall by itself will stop it all. Of course, a very good properly tuned firewall will help, but it is not enough.
EMAIL is the single biggest point of malware infection. Email is unsolicited, unsecure, and can easily be spoofed. No matter how many spam filters you have or what security approach you have in place for email something will get through. However, it is very important to have an email solution that is filtering email for you. At the current time we only recommend a single spam filter, but in the future, we might need more. Get business-class email, don’t use POP or IMAP. Business class email offers a good layer of spam protection.
A SIEM has always been something a big business needs, not the small/medium size business world. SIEM is “security information and event management”. A SIEM is the next level of protection. This is a process where your incoming file from email\internet or some other protocol is sent through a filter and if suspected the SIEM will run the file in a protected environment like a Sandbox and wait for the results. Typically a SIEM will have billions of reference files and be able to quickly categorize the results.
The major difference in the SIEM and anti-virus is the anti-virus engine will scan files for patterns and allow them through. The SIEM will scan them and execute them for you prior to allowing them through.
If I had to give you some advice about security I would say
- Spend the money now to get protected. It is cheaper now than it would be in the middle of an outbreak.
- Don’t think this will not happen to me. Think it will happen to me and this is what I will do when it does happen. Know your plan.
- Accept that what we do today may not be enough in the future.
- Educate your users.
The role of the managed service provider working for a business is to keep their IT systems working at the highest level. We do not accept downtime. We need to provide all the information for you make the best possible decisions about how you spend money for security.
As always, please contact us with questions.