Every year hundreds of millions of malware attacks occur worldwide, and every year businesses face the impact of viruses, worms, keyloggers, and ransomware. Malware is a disastrous threat and the biggest driver for businesses to seek cybersecurity solutions.
Naturally, businesses wanted to find a product that would stop malware in its tracks, so they looked for solutions to do just that. But malware protection alone is not enough, what is needed is a more holistic approach. Businesses need to defend against malware entering the network, and above all have systems and processes in place to limit the damage that malware can do if it infects a user’s device.
This approach will not only help stop and mitigate damage from malware, but also defend against other types of threats, such as phishing-driven credential theft, insider threats, and supply chain attacks.
Element 1: Malware Protection and Web Filtering
The first and most reasonable place to start is with an anti-malware solution. It’s important to look for malware solutions that can deal with today’s major threats, such as known malware, polymorphic variants, ransomware, zero-day exploits, and Advanced Persistent Threats (APTs). This requires a powerful toolkit of virus signature databases, virtual code execution, and heuristics and other machine learning techniques.
Ideally, you’d also use malware protection for your network and endpoints. This requires two different solutions, but a layered approach means less chance of hitting something.
In addition to Malware Protection, Web Screening keeps your employees away from potential threats by banning known dangerous sites, questionable sites, and other online places you don’t want to visit on managed devices.
Element 2: Trustless Network Access
Any security strategy in a modern network environment must adhere to the principle of Zero Trust. The most practical implementation is Trustless Network Access (ZTNA).
Zero Trust itself is a set of ideas about security based on the “never trust, always verify” idea. That is, no one should be allowed to just log on to the network and stay as long as they like. Because if you do that, you can never really know whether or not the logged in user is who they claim to be, or whether they are a threat actor who obtained the legitimate user’s login credentials.
Instead, each user is only allowed access to the resources they need to do their job, and not to every cloud resource or local server in the company. An HR employee, for example, has no practical reason to access a company’s Git servers containing a code base, or SQL databases containing sensitive customer information. So the network should, by default, group HR employees into one group and prohibit them from accessing that information.
This approach applies to every department. Only the resources they need to do their jobs should be available, access to nothing else is allowed.
However, grouping access at the application level is not sufficient to qualify as Zero Trust. In fact, this level of access restriction, known as micro-segmentation, is only one part of the Zero Trust approach.
A full implementation of ZTNA also includes context checks which can involve managed device security status, time-based access rules, and geographic requirements.
You might, for example, require that managed devices must be running a certain minimum version of Windows or macOS. You can request that all devices run a special antivirus solution, or a special security certificate is installed somewhere on the device.
Micro-segmentation, allowing certain people to access certain applications, along with context-based authentication rules provide a complete Zero Trust approach.
In addition, there must be access rules not only for users on managed devices, but also on unmanaged devices. The latter is best handled by an Agentless ZTNA solution where people access individual applications through web portals that are not discoverable via the open Internet. Here, you can also apply context rules such as allowing access only during certain times of the day, or disallowing access based on location.
With the ZTNA strategy, it will be much more difficult for threat actors to traverse business networks looking for sensitive data. Ransomware would have had a much harder time encrypting all of the business’s files, and disgruntled employees wouldn’t be able to extract as much data or cause other havoc within the company.
Fight Malware and Protect Your Network From the Cloud
All these tools and technologies: ZTNA, Malware Protection and Web Filtering best served as part of a cloud-based converged network security solution such as Perimeter 81. Cloud-based means there’s no hardware to maintain or upgrade, and scalability is much simpler. Plus, the converged solution means you can manage everything from a single dashboard for full visibility.
With converged security solutions to help manage your network and network security, you’re off to a good start to protect your business.