Building an impenetrable defense
Against the backdrop of sophisticated attacks, companies in the SMB segment are prioritizing network security investments
For SMB and mid-market companies, there is a dawning realization that network security is now a priority aspect to consider as part of their overall company strategy as much as it is for larger sized companies. That is because IT infrastructure, whether in the cloud or on premises holds invaluable digital assets and in the face of the rising number of cyber attacks, there is just too much at stake to leave your network inadequately secured.
Discussing changing priorities of SMB organizations in the region towards network security, Nitin Awasthi, Division Head-ICT at Infocomm, an ICT Services provider says, “Small and Mid-Sized Businesses until recently were allocating very low budgets for the IT and Network Security, but in the recent past many such Businesses have faced a large number of targeted cyber attacks or hacking that has caused damage or loss of critical business data and credibility. As it is quite apparent that the growing volume of data and the company’s reputation are both critical to the Business, they are realizing the need to prioritize their own security like any other larger sized organizations and have started allocating more budgets to Information Security Investments.”
Shanawaz Sheikh, Regional Director, sales and channel, Sonicwall opines that many of the companies in the SMB space do understand the significance of adequate network security that is required at all times even if there are no specific threats.
He elaborates, “Many serious SMB businesses in the region are not ignoring the need for investments in Network Security space, in the era of sophisticated threats that may not specifically target them but could cause disruption to their businesses. The SMB businesses understand the importance of been adequately protected and in their planning and budgeting have prioritized investment in network security space to keep their businesses running worry-free.”
The fact is that malware and cybercriminals seem to be evolving from day to day and there could always be new ways of breaching the network, which therefore requires a more comprehensive multi-layered network security layer to prevent a breach.
Harish Chib, Vice President, Middle East & Africa, Sophos say, “Cybercriminals are continually changing their attack methods to avoid detection. These days, nearly every malware instance is a new zero-day variant that hasn’t been seen before and is more sophisticated, stealthy, and targeted than the one that came before it. This makes traditional signature-based detection obsolete. You need multi-layered defense across several vectors, each using behavioral analysis and working better together to provide adequate protection.”
The threat landscape
Malware continues to evolve with encrypted forms of attacks now required responses in nanoseconds. With IOT deployments, the threat scenario of the network being compromised only continues to rise.
Shahnawaz elaborates, “As the volume of Ransomware reduced over previous years, the unique variants of ransomware is still on the rise. The increase in Malware surpassing 9.0 billion at the beginning of this year raises the concern for SMB businesses as these are simple to complex threats in this global cyber-crime world. Memory attacks are the new form of attacks, these memory-based attacks are using proprietary encryption methods that can’t be decrypted, organizations must quickly detect, capture and track these attacks once they’re exposed in memory, usually in under 100 nanoseconds. Chip-based attacks will be at the forefront of the cyber arms race for some time to come. Additionally, the new IoT threats and Malware cocktails are some of the new threat areas that organizations of all sizes should be prepared to combat and defend from such threats.”
The changing paradigm with a new generation of threats entails that the response is equal to the task. A conventional layer of protection as in previous years may not measure up to what is required to stem the threats.
Nitin adds, “The cyber security threat landscape has changed significantly faster in the recent few years. Previously, basic virus protection and security controls were sufficient to deter threats. The cyber security threat landscape is changing faster and organizations are witnessing an increase in targeted attacks against enterprises of all sizes in the past few years. Well-funded and technically adept attackers have the capability to bring an entire enterprise or sector to a halt – something that was unimaginable a decade or two ago. In the past few years, we have seen mobile malware growing in popularity. Malware that compromises mobile operating environments such as Android is also expected to rise in prevalence.”
The emergence of new services and applications, advanced technologies including cloud and IoT, are proving further impetus to the changing cyber security threat landscape. With an increase in the number of breaches, the need for a strong and robust cyber security framework is now more than ever. Digital transformation and cloud migration have made cyber threats more numerous and sophisticated.
The multi-layered approach
The weakest link is possibly always the first point of entry and ensuing there are no weak links can be done only through a combination of security solutions.
Shahnawaz says, “As encrypted threats are on the rise and in the advent of memory attacks, IoT threats or threat actors finding any weak link that connects to a business, the businesses should at the same time think and plan a step ahead of the looming threats and start thinking and planning holistically and apply multiple protection layers at all entry/exit points of users, data, access to information, mobility, communication etc., In order to achieve comprehensive security and business continuity, organization usually start building their security posture from Next Gen Firewalls and then go on to add protection to other areas around it, viz., End points security, wireless security, email security, mobile access security, protection for web servers, web filtering etc., Secondly with multiple security solutions in a single network, a central management solution also becomes essential for effective and easy management of multiple different solutions in a network.”
Nitin says, “In the past, budgets were mostly consumed on investments in applications and servers but today the situation has changed in the SMB sector and companies have started budgeting and investing in cyber security solutions as well. SMBs are looking for reliable and cost effective security solutions for maintaining their IT Infrastructure. They are in need of simple solutions or products that are easy to monitor and manage.”
He adds that leading technology vendors are increasingly developing products designed specifically with SMBs in mind.
“Many SMBs today are opting for UTM Security Solution / Appliances that provides multiple security features in a box e.g. Firewall, VPN, IPS, Antivirus, Antispam, URL / Content filtering, etc.”
While the firewall as a device has evolved over the years into the next generation firewall with more functionalities, there is still need for more enhanced features such as risk management.
Harish says, “While network security solutions like firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take on additional duties, such as compliance and risk management. While most modern next-gen firewalls provide basic visibility and control over user activity, they often fall far short when it comes to providing any kind of risk assessment or insights. These days, you need all the help you can get, which means a firewall solution that not only makes it easy to setup and enforce acceptable use policies, but also one that can identify risky users and apps before they become a problem.”
A multilayered approach is the need of the hour for network security and Harish elaborates that there are seven key technologies that in tandem can secure your network perimeter against modern threats. These steps working in tandem include Advanced Threat Protection, identifying and isolating compromised systems, intrusion prevention, sandboxing, web protection, email protection and web application firewall.
Advanced threat protection is important to identify bots, APTs, and other threats already operating on your network. in the aftermath of an attack, to prevent data loss and further infections, and to accelerate remediation, your firewall should immediately identify not only the infected host, but the user and process in the event of an incident, and ideally, it should also automatically block or isolate compromised systems until they can be investigated and cleaned up (preferrably automatically by your endpoint protection). Intrusion prevention systems (IPS) can detect hackers attempting to breach your network resources. Sandboxing can easily catch the latest evasive malware and advanced threats like ransomware and botnet malware before it makes its way onto your computers. Effective web protection can prevent botnet-recruiting malware from getting onto your network in the first place while Email protection is important as email is still one of the primary entry points for threats and social engineering exploits. Finally, the Web Application Firewall or a WAF can protect your servers, devices, and business applications from being hacked.
Securing the virtual and physical
While networks may include virtualized environments, all scenarios require the same level of security.
Shahnawaz says, “The adoption of Appliance based Network security solutions continue to be on the rise. Customers with hybrid environments or virtual only environments should also be protected the same way as users behind the physical appliance to gain complete visibility into intra-host communication between virtual machines for threat prevention, deliver safe application enablement rules by the application, user and device regardless of VM location. A virtualized solution for virtual environments and combination of appliance and virtual for hybrid environments helps businesses get stronger security according to their network architecture and increase overall operational agility, efficiency and elasticity.”
SonicWall offers appliances for small to medium to large networks. The vendor provides a virtual network security solution for virtual environments, also offers on-premise or virtual or cloud based email security, as well as a virtual or cloud based central management, wireless and endpoint management solutions.
Nitin contends that while there are many things to consider while choosing appliance or cloud based security solution deployments, network level security will always be best handled on-premise.
“Network security tools such as next generation firewalls and IPS will remain on-premise because organizations will need to control the flow of data into and out of their networks.”
On the other hand, for data or cyber security, cloud-delivered security services can scale and react faster than traditional static deployments, matching costs to usage more closely than the on-premise need to build out extra capacity to meet possible future growth. Most importantly though, only a cloud-delivered security service can match the dynamic and highly automated operations model that attracts so many organizations to the cloud in the first place.
On the cost front, placing your network security in the cloud allows businesses to free up capital and personnel because the up-front cost to deploy is less than traditional premise-based tools and the vendor provides the bandwidth, IT staff and infrastructure to secure the data.
Nitin adds, “While both cloud and appliance based solutions have ongoing costs associated with their use, there is no denying that installing and maintaining an appliance based security solution might need more physical devices and will require much more capital and operational expenditure over the long run.”
Customers need to choose which solutions best meet their requirements based on features and capabilities. For instance, Sophos provides a Next-Gen Firewall Buyer’s guide which helps customers to pick the right solution for their organization. Sophos and its and our partners train organizations on these lines to choose the right scalable fits for their organizations.
For Businesses who are aware that IT infrastructure they use for enabling theirs Business growth is always going to be a critical asset, the network security will always be an essential investment priority. With that outlook, they must look to identifying the best solutions out there in the market that addresses their needs for now and into the foreseeable future in consultation with their trusted local solutions provider.