That’s right; there is really no way to stay on the offensive when it comes to cyber security. Let’s face it; security is rarely the top priority of companies until after an attack has taken place. In today’s business world, IT Security professionals spend most of their time waiting around for something to happen. If the network goes down, they fix it. If a Virus is found, they quarantine and destroy it. If data is stolen, they replace it. We are in a war where the troops are only deployed when an attack has already taken place. Guess what? That is far too late. We are at War, and it is time we start thinking of it as such. This war is happening on our turf; it is happening in our companies, on our servers, in our networks, on our endpoints. How do we make a good offense with only defense? How do we protect our networks when we do not even know who or what the next threat is going to be? We make sure we have a defense that is strong and MAINTAINED.
With every year, the level of Security on your network goes up, yet the threats become more prevalent. It seems like the new measures we took in 2009 were designed to defend against the threats of 2008. Those same threats are still there, but now there are new tactics taken by cybercriminals in 2010. Make no mistake, no matter how small your business is, no matter how expensive you security software is, and no matter how many memos you send to your staff regarding security, you will be attacked, your network will go down, information will be lost, and someone will be blamed.
Luckily, there are measures you can take. The first thing you have to do is take an initial assessment of your current level of security. Run your scans to make sure there is nothing suspicious on your network. Make sure you know what is allowed in and out of your firewall. Know which ports are open, and close any that should not be open. Make sure that all your AV is running and up to date on every node in the network. Assure that all patches and updates have been installed. Make sure there is no malicious software or malicious code hiding within legitimate software. If you do not have a Security Policy for your company, make one! Then, enforce it!
Now that your network is running perfectly, and there are no current threats, how do we keep things from going downhill? This is where we need to send out the troops to not only secure our perimeter, but make sure that all security measures within the perimeter are being followed. Let’s face it, when the attack happens, you want to make sure all your warriors are ready to defend the gates.
Now the biggest threat to your network is the moron end-user who decides to disable automatic updates because he thinks it slows down his machine, or ignore updates to his AV program because he does not have the time to press “ok”. These are the people who spend have their day on Facebook, a website that is going to be a fan favorite of cybercriminals in 2010. Twitter is another website that lacks the security measures needed to protect against today’s advanced cyber-terrorists.
The only way to enforce your security policy on your end-user is to find a monitoring tool, such as Clear Blue Security’s Endpoint Security Monitoring Tool, to help make sure the rules are being followed. Software such as the one mentioned above, (www.clearbluesecurity.com) can be very expensive, but tools like these are becoming more widely available to the SMB market. This particular one has a free version of their software that works great! The Clear Blue Security SaaS based software sends you alerts of missing patches and updates, if anti-virus is not running or up to date, if your overall Security Policy is not being followed, if unapproved software is being installed, if a port is open that should not be, etc.
Software like Clear Blue Security allows you to be proactive about security. Tools like this are a new weapon in this ongoing war. Reactive Security has been the norm for far too long. It is time we put up a defense that works. We need a defense that fights by searching for vulnerabilities, rather than searching for a virus that already exists. Let’s not react after an attack has taken place, but before the attacker has ever thought about bringing the war to our network.