Taking Technology Further

CTO INSIDER BLOG:
USING TECHNOLOGY TO IMPROVE HOW YOU DO BUSINESS

SUBSCRIBE

Does Your Security Have Enough Layers?

by Steve Knutson on April 27, 2017

When I was in the U.S. military, I learned about the power of “defense in depth.” This defense strategy, that dates back to beginning of time, involves employing multiple layers of defense to resist the rapid penetration of attackers. The attackers may overcome one barricade, but they cannot get through them all. At minimum, it slows down the attack to give you time to respond more effectively. 

Today, I bring that same layered security strategy to protect IT environments. Through layered defense (as it is often called), organizations combine multiple mitigating security controls to protect their users, data and resources.

While a single-focused security solution can stop specific attacks, it is no longer enough to keep your data and resources safe from the advanced capabilities of modern-day malware. This advanced malware is surprisingly sophisticated – and always changing. Even more concerning is that it is easier than ever for even non-developers to create and distribute malware with toolkits that can be found on the dark web. View how an effective attack comes together.

Small Businesses Targeted
Small businesses, with fewer than 250 employees, actually are the prime targets for these attacks because they:

  • Often lack adequate security measures;
  • Do not have the resources to “fight back” against ransomware, so ransoms are paid back at higher rates than larger enterprises;
  • Offer entry to larger businesses (remember the hack on Target in 2013. That actually was achieved through the retail giant’s HVAC vendor); and
  • Provide a reduced risk to attackers as they are less likely to be investigated.
Over the past five years, small businesses have increasingly taken the brunt of the attacks. They represented 43 percent of the attacks in 2015, up from 18 perScreenshot 2017-04-27 11.55.52.pngcent in 2011, according to the 2016 Symantec Internet Security Threat Report. In 2015, larger enterprises with more than 2,500 employees received 35 percent of the attacks while medium businesses represented 22 percent, as shown in the chart to the right. 

Creating a Layered Defense
The best strategy against today’s threats is to employ a Defense-in-Depth “Layers” Strategy. This includes deploying multiple, overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method.

For example, it is no longer sufficient to have a firewall or an antivirus software on your server or workstation and a password on your Wi-Fi. You need all three, plus a few additional items.

An effective IT defense strategy starts with knowing where you’re most vulnerable to attacks. Here’s the most common attack points (or vectors as they are sometimes called), according to a 2016 Security Report from McAfee Labs:

  1. Browser (downloading software infected with malware)
  2. Brute force to try to crack a password/PIN
  3. Denial of service (attacker overloads your server with more requests than it can process)
  4. SSL data intercept
  5. Open port scan
  6. DNS (redirecting users to bogus websites)
  7. Backdoor through software and hardware bugs
  8. Others (social engineering, compromised devices, advertisements, etc.)

An effective security solution should protect against at least five of these attack points.

Am I Protected Enough?

Marco developed an extensive Layered Security Map that outlines the purpose of each key security solution, the layers of security it provides and the number of common attack points it protects.

For example, Cisco’s Meraki solution that we offer:
Provides: Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS), Advanced Malware Protection (AMP), Client VPN Services and Application Visibility Controls.
Achieves three key security layers: Authentication, malware protection (at the edge) and content filter.
Result: Protects against six common attack points.

Of course, organizations want all the attack points covered. So, that’s why they need to use a variety of security solutions. It’s common for even a small to medium business to use several security solutions to effectively implement a depth in defense strategy across their IT environment.

Mapping which solutions are right for your organization is an essential task. You don’t have to do it alone. Contact us today to learn more about the Layered Security Map and the solutions needed to effectively protect your organization.

Learn More About Business IT Services

What Marketing Earns Business? Not This.

As the CTO and CIO at Marco, I get inundated – I mean inundated – with marketing solicitations. It used to be primarily mail, some email and the occasional call. Now, I can spend a good chunk of my...Read more

How Employees Can Protect You from a Cyber Attack

Security threats change every day. Are your employees ready to fight against them? It’s a question that’s often on my mind. Today, hackers do not hack systems; they hack people. A recent IBM study...Read more

You Might Need Managed IT Services If… (Thanks Jeff Foxworthy)

A friend recently asked, “What are key ways you know you need Managed IT Services?” Instantly, a rendition of the Jeff Foxworthy redneck one liners started running through my head. They were not...Read more

2 Tools for Faster Collaboration

The meeting is scheduled. Everyone shows up on time – some even early. The agenda is set. You check off all the calendar and meeting etiquette steps, we’ve talked about in recent blogs....Read more

Take Back Your Calendar: 7 Ways to Better Scheduling

In any given week, I will pull up my electronic calendar and find myself double or even triple booked. It’s become laughable. How can this be? Isn’t technology supposed to prevent this? I spend the...Read more

7 Ways to Improve Your Meetings

Technology is supposed to make us more productive – especially in our meetings. We have electronic calendars, e-communication tools and can start a meeting with anyone – anywhere in the world – with...Read more

What’s the Future of Data Centers?

In communities where the construction of new manufacturing facilities once adorned the headlines, we’re seeing a new economic player: data centers.  We’re creating and storing more information...Read more

When Customer Service Goes Wrong

I recently had one of my worst customer service experiences, if not the worst. It all started with the inability to connect to the Internet at a business that my family operates. It meant the...Read more

Does Your Security Have Enough Layers?

When I was in the U.S. military, I learned about the power of “defense in depth.” This defense strategy, that dates back to beginning of time, involves employing multiple layers of defense to resist...Read more

How Are You Looking for Opportunities to Improve?

As I walked with the Marco team into the airport to return home from a recent trip to Costa Rica, my first thought was, “There has to be a better way.” Some passengers walked straight to the...Read more

We’re Building Factories. Should You?

We’re building factories. While that’s a sentence I never expected to say as Chief Technology Officer of Marco, it’s not what you think. I am not talking about the traditional bricks-and-mortar...Read more

A Futuristic Notebook Is Here

I have piles upon piles of notepads of my handwritten notes filed in my desk drawer. Some of them date back quite far and yes, I still pull them out and refer to them. Sometimes, it takes some...Read more

Key Technology Services Go À La Carte

As a technology provider, we have to change our business model constantly to stay relevant and deliver value to our clients. That means being willing to update the products and services we sell and...Read more

How Technology Shifts Change Us

As Chief Technology Officer, I have helped provide the strategic direction of the technology and related services that Marco provides. In recent years, that role has become more demanding due to the...Read more

Futuristic Self-Service Arrives: Are You Ready for This?

I remember when my oldest daughter was two. Like many kids her age, she desired to do things herself. It didn’t matter if it took her longer to do it. As she grew older, it meant I waited patiently...Read more

5 Tech Trends That Will Impact Business in 2017

I’m often asked to pull out a crystal ball and talk about where technology is going. Preparing for the future and identifying the right technology for it is a main role I play as Chief Technology...Read more

Proximity Marketing Increases with Wi-Fi Access Apps

You know the saying that there is no such thing as a free lunch. The same is true when it comes to Wi-Fi. It’s become so common to jump on a network - for free - after quickly clicking “I agree” to...Read more

Password Alert: Your Account Could be Compromised

If you’re using your birthday, anniversary, kids’ birthdays or any information that can be found online – including your social media account – in your passwords, your account could easily be...Read more

Have Your Heard of the Dark Web?

Have you heard of the Dark Web? I bet not and I encourage you to resist the urge to Google it and start clicking. It is called the Dark Web for good reason.  The "Dark Web" is the encrypted...Read more

Where Are You On the Technology Curve?

My job is to stay ahead of the technology curve. That used to mean looking out three to five years – or even 10 years when I first started my career. Today, we expect some technology to be obsolete...Read more

What Do the Russian Hacks Mean to Your Organization?

There has been quite a bit of talk – and jokes – about the “Russian attackers” in recent days. So is the threat real and how does it impact your organization?Russian hackers claim they will try to...Read more

What Technology Do Small Businesses Really Need?

Acquiring technology is among the first steps any entrepreneur takes when starting a small business. It may start with a computer, printer and software before quickly growing to storage, networking...Read more

What is Your Client Satisfaction Data Telling You?

As we recently implemented a new sales software system, the company pressed into us, asking, “What really is your value differentiator?” What they really were asking was “What do we actually do...Read more

Do You Have Email Standards?

Email was designed to be an efficient business communication tool. But if your inbox looks anything like mine, you’re beginning to feel like the efficiency is being lost in translation. The answer is...Read more

8 Reasons I Won’t Go Without VDI

If there is one piece of technology that you’d have to pry from my dead fingers, I am pretty sure it’s VDI. (Of course, it requires my smartphone or other devices to operate so those are an obvious...Read more