Defense in Depth from Inside and Out

For over a decade, information security professionals have been preaching the benefits of “Defense in Depth” to protect your organization’s assets from the constant barrage of external threats. The approach typically consists of layered prevention technologies that, working together, provide an impenetrable barrier of defense to protect your data. Typical components to this strategy usually include, at a minimum:                                

  • A Firewall
  • Antivirus and Anti-spam technology
  • Intrusion Detection and/or Prevention Systems
  • Automated Patch Management Systems

These typical defenses should be implemented in all data networks, and a variety of options exist for organizations of every size to establish a functional security perimeter around their critical data. However, a solid perimeter is no longer enough to protect your organization from the constant advances in malicious tools and techniques that have victimized very large organizations that had all of these tools in their arsenal. In many highly-publicized cases, the victims were compromised for months before they were able to detect a breach. Also, many documented breaches are the result of insiders (such as employees or business partners) who, intentionally or unintentionally, send confidential data out of their network. In many cases, the elaborate defenses designed to keep attackers from coming into your network are useless in keeping your users from taking the data out.

As a result, the best protection for your data network is a combination of prevention and detection controls to keep your organization informed about how confidential data is moving in and out of your network. Each prevention technology provides a potential detection point that can keep you informed about potential data breaches, whether they are the result of an external attack or a violation of your organization’s security policies. Technologies that can assist you in logging, identifying and controlling confidential or restricted data includes Digital Loss Prevention (DLP) technologies, Security Information and Event Management (SIEM) tools, and a wide variety of technologies to help your organization both implement and effectively manage security policy for your entire organization or individual users.

Creating, maintaining and constantly evolving information security strategies is and will remain an important topic.  While there are definitely a set of best practices, for many questions, there are no definite right or wrong answers.  As you continue to address your organization’s security needs, I hope you will share your thoughts and opinions, as well as successful approaches.

Vector Expands Its East Coast Presence

I am very pleased to announce that Vector Resources is opening an office in Harrisburg, Pennsylvania, our sixth office nationwide.  While it’s clear to us that there are many important growth opportunities in and around large cities, such as our Los Angeles-area headquarters, we’ve realized there are also many excellent opportunities in mid-sized markets, such as around our Rancho Cucamonga office, and now Harrisburg.

There are many mid-sized and enterprise level businesses in centralPennsylvania, as well as a large number of educational and government opportunities.  Vector has unparalleled expertise in these sectors and we believe these organizations in the Harrisburg area are currently underserved. 

Look for a formal announcement about our new office in coming days, as well as more news from Vector.

Managing the Rogues in Your Network

Within any organization, there are employees who are always diligent about following company procedures. Then there are “rogues,” people who mean well, but are free spirits and don’t always think about the ramifications of their actions.  For people involved in creative roles, that’s terrific, but when it comes to managing a network, it can be problematic. 

As IT teams continue to work hard to protect their networks from viruses and other forms of malware, here are a few activities employees sometimes undertake that can put the entire enterprise’s network at risk:

  • Creating unauthorized wireless networks – Sometimes, a workgroup within a company will decide to create their own wireless network to share content more easily.   They may do this to secure faster data speeds, or because their project is confidential and don’t want it available to other employees.   However, if they don’t set up the wireless network properly, they open the entire company up to hacking.
  • Connecting unapproved wireless devices – Most people today have a smart phone, tablet or both.  Everyone wants to connect their devices to the network to get their content anytime, anywhere. While that’s a laudable goal, connecting these devices improperly opens the network up to intrusions.
  • Forgotten test servers – Many organizations employ test servers either to evaluate software the IT team or others have purchased before loading it onto the network, or to test applications under development within the company.   On many occasions, the team testing the software or the application then move on to other projects, but the test server is still connected to the Internet.  Without proper safeguards, these servers are ideal gateways for hacking into the organization’s network.
  • Incomplete IT procedure manuals – IT teams, like many other disciplines within an organization, have had to learn to do more work with fewer resources over the past 3-4 years.  One of the projects that has fallen by the wayside in many organizations is developing and updating IT procedure manuals.  Among the basic procedures these manuals should include are:

        1. How to create “strong” passwords less open to hacking

        2. Information on email attachments that are safe to open, and how to recognize those that might be unsafe

        3. Rules against downloading free software

  • Out-of-date or insufficient network security – In a network with multiple locations and multiple servers, it’s easy for security software to become outdated.  And, many IT teams lack the resources to deploy security solutions beyond firewalls and antivirus software.  Employees often will receive messages that their security software is out of date, but just “assume” their IT teams are handling it. 

In fact, creating a secure network today is much more than just installing firewalls and antivirus software.  For example, because no antivirus package can mitigate against all threats, IT teams should plan to deploy several packages to minimize the chance of a network intrusion.

Robust security practices are so important that my colleague, Patrick Luce, will devote next week’s Vector Views blog exclusively to “defense in depth” strategies IT teams should consider to achieve maximum network protection.

As we all strive to build and maintain secure networks, I look forward to hearing your thoughts and viewpoints.