Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions.
Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that. But malware protection alone is not enough, instead what's needed is a more holistic approach. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device.
This approach will not only help stop and mitigate the damage from malware, but defend against other types of threats too, such as credential theft as a result of phishing, insider threats, and supply-chain attacks.
Malware Protection and Web Filtering#
The first and most sensible place to begin is with anti-malware solutions. It's important to look for malware solutions that can confront today's key threats, such as known malware, polymorphic variants, ransomware, zero-day exploits, and Advanced Persistent Threats (APTs). This requires a strong toolkit of virus signature databases, virtual code execution, as well as heuristics and other machine learning techniques.
Ideally, you would also use malware protection for both the network and the endpoint. This requires two different solutions, but a multi-layered approach means less chance of something getting through.
In addition to Malware Protection, Web Filtering keeps your employees away from potential threats by disallowing known malicious sites, questionable sites, and other places online you'd rather not have managed devices visit.
Zero Trust Network Access#
Every security strategy in a modern network environment should embrace the principles of Zero Trust. The most practical implementation of which is Zero Trust Network Access (ZTNA).
Zero Trust itself is a set of ideas about security based on the idea "never trust, always verify." That is, no one should be allowed to just log in to the network and stay as long as they like. Because if you do that, you can never really know whether or not the user logging in is who they claim to be, or if they're a threat actor who obtained a legitimate user's login credentials.
Instead, each user should only be allowed to access resources they need to do their job, and not to every cloud resource or on-prem server in the company. An HR employee, for example, has no practical reason to access a company Git server containing a codebase, or an SQL database containing sensitive customer information. So the network should, by default, group HR employees together into one group and disallow them from accessing that information.
This approach goes for every department. Only the resources they need to do their jobs should be available, while access to everything else is disallowed.
Segmenting access at the application level isn't quite enough to qualify as Zero Trust, however. In fact, this level of restricting access, known as micro-segmentation, is just one part of the Zero Trust approach.
A full ZTNA implementation also embraces context checks that can involve the security status of a managed device, time-based access rules, and geographic requirements.
You might, for example, require that managed devices must be running a specific minimum version of Windows or macOS. You could require that all devices have a specific antivirus solution running, or that a specific security certificate is installed somewhere on the device.
Micro-segmentation, allowing specific people to access specific applications, in conjunction with context-based authentication rules provides a complete Zero Trust approach.
In addition, there should be access rules not only for users on managed devices but also on unmanaged devices. The latter are best handled by Agentless ZTNA solutions where people access individual applications through a web portal that is not discoverable over the open Internet. Here, too, you can apply context rules such as allowing access only during certain times of the day or disallowing access based on location.
With a ZTNA strategy in place, it will be much harder for threat actors to traverse a business network in search of sensitive data. Ransomware will have a much harder time encrypting all of a business' files, and disgruntled employees won't be able to exfiltrate as much data or cause other mayhem within the company.