7 Best Practices for Layered Cybersecurity
The recent cyberattacks on Colonial Pipeline and JBS underscore just how debilitating it can be for the U.S. economy when major supply chains shut down. If energy and food resources can’t get distributed to retailers, a state of panic can ensue as consumers hoard as much of the products in short supply as they can.
And it’s not just large enterprises that are at risk—businesses of all sizes must consider their security posture. According to a Small Business Trends article, 43 percent of cyberattacks target small businesses. And the National Cyber Security Alliance found 60% of small companies suffering a major cyberattack go out of business within six months.
With trends like these, it’s critical to take proactive steps to protect your business. One of the best strategies is to implement a layered approach, which gives you multiple opportunities to stop bad actors.
To help you take on this challenge, I recently interviewed Nick Blozan, a Security Engineer at PulseOne. During a PulseOne Tech Talk, Nick provided a rundown of the seven best practices for implementing layered cybersecurity.
#1 – Manage Your Vulnerabilities
Your first layer of defense comes from regularly scanning your IT systems and your infrastructure for vulnerabilities to determine areas that are outdated or require an update. You can also conduct penetration testing to identify any vulnerabilities that hackers can exploit.
“Taking these measures enables you to reduce your exposure,” Blozan says. “You can understand what’s going on in all of your environments—on-premises, the cloud, co-location and anywhere else there’s an external IP address that can be breached.”
#2 – Patch and Monitor
Hackers are always scanning for vulnerabilities, but you also have someone on your side—the OS and application vendors who issue regular updates to patch those vulnerabilities, which is your second layer of defense.
Consistent patching ensures your systems are up-to-date, which makes it more difficult for hackers to penetrate them. “And by monitoring your critical security infrastructure—such as firewalls—you ensure your perimeter security devices are running optimally,” Blozan adds.
#3 – Monitor Logs to Detect Threats
The third layer of defense comes in the form of a security information and event management (SIEM) tool that collects and correlates log data across an IT infrastructure. The data comes from applications like Office 365 and MS SQL as well as network devices (firewalls, routers, endpoints) and other sources, such as Active Directory.
“An IT security team can use this log data to detect, categorize and analyze security incidents,” Blozan says. “And with the security insights generated by the logs, the team can alert business leaders about security issues, produce compliance reports, and discover the best ways to safeguard the business against cyber threats.”
#4 – Detect and Respond to Endpoint Threats
The newest generation of endpoint protection solutions is the fourth layer of defense, stopping a wide range of malware, Trojans, hacking tools, and ransomware before they impact the infrastructure. These tools detect highly-sophisticated attacks, memory exploits, script misuse, and other file-less attacks.
“Traditional anti-virus software looks at signatures inside of attachments, which you still need to do, but many attacks come from email links or by downloading an application with malware,” says Blozan. “An endpoint detection and response solution detects abnormal behaviors like large file transfers or unusual processes running in the background. It then isolates impacted endpoints so the malware can’t spread, and it can roll devices back to their state prior to a malware breach.”
#5 Protect Email
The fifth layer of defense focuses on protecting email, which is key because the simple act of opening an email or clicking a link can release virus payloads. Apart from demolishing your network’s internal structures, the viruses can also unleash devastating consequences—spreading secretly from one computer to another with malicious intent.
An email blocking solution defends spam, viruses, malware, ransomware, phishing attempts, and other email threats, which are the most popular endpoint threat among hackers. “The solution sits on top of email to identify phishing links before someone can click on a bad link,” Blozan explains. “It also stops spam and can detect email addresses that don’t match the norm—they look legit but have minor differences, trying to fool the recipient into thinking the email is coming from someone they know.”
#6 – Secure End-User Online Activities
You can defend your organization from spear-phishing, ransomware, impersonation and other targeted attacks by blocking access to malicious and risky websites. The key capability here is DNS filtering for all users, regardless of location. This provides comprehensive web security to all your remote and work-from-home users.
“This layer protects you from users that get directed to a malicious website from email or social media,” says Blozan. “You can protect all of your users during web browsing no matter where they are working—at the office, on the road, or at home.”
#7 – Ensure Backups and Business Continuity
This is your final line of your layered defense just in case something sneaks through. Your backup solution is essential for remediating malicious activity and ensuring business continuity in the event of an attack.
“Be sure to regularly test your restore process and validate your applications and data to make sure everything is operational and available when needed,” Blozan recommends. “This layer protects you just in case the previous measures do not work. You can quickly recover files and devices, which enables you to fight against ransomware attacks and breaches that encrypt data.”
Multiple Layers Required to Defend Sophisticated Attacks
The best way to mitigate cyberattacks is through a layered approach that slows down and hinders threats until they can be completely neutralized. Deploying multiple layers is vital because criminals are getting more and more sophisticated and increasing their volume of attacks against all sizes of companies.
You may not need all seven layers, and you may be able to leverage layers that are already in place. That’s where PulseOne can help. Our security experts tailor solutions to take advantage of what you have and integrate those defenses with what you need based on your environment.
If you have questions about deploying layered security for your IT infrastructure, contact PulseOne today!