Every year hundreds of millions of malware attacks occur
worldwide, and every year businesses deal with the impact of
viruses, worms, keyloggers, and ransomware. Malware is a pernicious
threat and the biggest driver for businesses to look for
cybersecurity solutions.
Naturally, businesses want to find products that will stop
malware in its tracks, and so they search for solutions to do that.
But malware protection[1] alone is not enough,
instead what’s needed is a more holistic approach. Businesses need
to defend against malware entering the network, and then on top of
that have systems and processes in place to restrict the damage
that malware can do if it infects a user device.
This approach will not only help stop and mitigate the damage
from malware, but defend against other types of threats too, such
as credential theft as a result of phishing, insider threats, and
supply-chain attacks.
Element 1: Malware Protection and Web Filtering
The first and most sensible place to begin is with anti-malware
solutions. It’s important to look for malware solutions that can
confront today’s key threats, such as known malware, polymorphic
variants, ransomware, zero-day exploits, and Advanced Persistent
Threats (APTs). This requires a strong toolkit of virus signature
databases, virtual code execution, as well as heuristics and other
machine learning techniques.
Ideally, you would also use malware protection for both the
network and the endpoint. This requires two different solutions,
but a multi-layered approach means less chance of something getting
through.
In addition to Malware Protection, Web Filtering keeps your
employees away from potential threats by disallowing known
malicious sites, questionable sites, and other places online you’d
rather not have managed devices visit.
Element 2: Zero Trust Network Access
Every security strategy in a modern network environment should
embrace the principles of Zero Trust. The most practical
implementation of which is Zero Trust Network Access
(ZTNA)[2].
Zero Trust itself is a set of ideas about security based on the
idea “never trust, always verify.” That is, no one should be
allowed to just login to the network and stay as long as they like.
Because if you do that, you can never really know whether or not
the user logging in is who they claim to be, or if they’re a threat
actor who obtained a legitimate user’s login credentials.
Instead, each user should only be allowed to access resources
they need to do their job, and not to every cloud resource or
on-prem server in the company. An HR employee, for example, has no
practical reason to access a company Git server containing a
codebase, or an SQL database containing sensitive customer
information. So the network should, by default, group HR employees
together into one group and disallow them from accessing that
information.
This approach goes for every department. Only the resources they
need to do their jobs should be available, while access to
everything else is disallowed.
Segmenting access at the application level isn’t quite enough to
qualify as Zero Trust, however. In fact, this level of restricting
access, known as micro-segmentation, is just one part of the Zero
Trust approach.
A full ZTNA implementation also embraces context checks that can
involve the security status of a managed device, time-based access
rules, and geographic requirements.
You might, for example, require that managed devices must be
running a specific minimum version of Windows or macOS. You could
require that all devices have a specific antivirus solution
running, or that a specific security certificate is installed
somewhere on the device.
Micro-segmentation, allowing specific people to access specific
applications, in conjunction with context-based authentication
rules provides a complete Zero Trust approach.
In addition, there should be access rules not only for users on
managed devices, but also on unmanaged devices. The latter are best
handled by Agentless ZTNA solutions where people access individual
applications through a web portal that is not discoverable over the
open Internet. Here, too, you can apply context rules such as
allowing access only during certain times of day, or disallowing
access based on location.
With a ZTNA strategy in place, it will be much harder for threat
actors to traverse a business network in search of sensitive data.
Ransomware will have a much harder time encrypting all of a
business’ files, and disgruntled employees won’t be able to
exfiltrate as much data or cause other mayhem within the
company.
Fight Malware and Protect the Network From the Cloud
All of these tools and technologies: ZTNA, Malware Protection,
and Web Filtering[3]
are best served as part of a cloud-based, converged network
security solution like Perimeter 81. Being cloud-based means
there’s no hardware to maintain or upgrade, and scalability is much
simpler. Plus, a converged solution means you can manage everything
from a single dashboard for full visibility.
With a converged security solution to help manage your network
and network security you’ll be off to a great start protecting your
business.
Found this article interesting? Follow us on Twitter [4]
and LinkedIn[5]
to read more exclusive content we post.
References
- ^
malware
protection (www.perimeter81.com) - ^
Zero
Trust Network Access (ZTNA)
(www.perimeter81.com) - ^
Web
Filtering (www.perimeter81.com) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2023/04/protect-your-company-ransomware.html
