I wanted to write the first blog for Secure Point Solutions from the standpoint of educating end users and businesses. Education is part of the mission here (more on that soon) and I believe the better prepared we are the better we can face this ever-changing world. Today’s blog is to help shed some light on cybersecurity related buzzwords and take a look at the “stack”.
What Is a Cybersecurity Stack?
Cybersecurity stack is an industry term used to talk about the layers of different technologies businesses and people use. The cybersecurity stack uses multiple layers for different reasons.
First, is that some cybersecurity layers are designed to stop specific threats. As we will discuss further in the next section, these layers have different jobs and are used in different areas of your organization. An email filter is not going to detect communication from a workstation, but a DNS filter would.
Second, having different cybersecurity layers can provide fault tolerance when one layer is disabled in a cyberattack or is unable to recognize a cyber threat. Some malware is designed to shutdown Anti-virus software as its first step of an attack. A different layer could note this and alert to it or prevent the malware from communicating further thus stopping the attack.
Finally, cybersecurity layers can be selected based on the cyber risks involved to an asset in your organization. The office coffee machine that is Internet connected does not need the full access of your critical servers but should be kept separated from the rest of the network.
Cybersecurity Stack Best Practices
We have briefly touched on some of the solutions that comprise the security stack, but I wanted to help educate you further on them. Secure Point Solutions uses the best practices that industry leaders have worked hard to develop. Software and hardware are not just thrown together without due diligence of each solution. What is great about many of them is that you can integrate one or more into your existing IT provider’s stack of products.
Cyber Threat Intelligence
One of the best ways to stop cyber threats is to know they are coming and minimize your exposure to them. Using near real-time information of active groups attacking and what Indicators of Compromise are found, allows your other layers to be tuned to better detect and defeat the cyber threats. A strong vulnerability management program can help minimize the avenues a cyber attacker can use to compromise your systems.
Attachments and links are some of the biggest risks to users and organizations, filtering solutions can safely check these before passing them along to the end user. Information derived from those deemed malicious are feed back into the Cyber Threat Intelligence layer.
Usually this is your first line of defense for your actual business’s physical location. Sitting between your internal systems and the Internet, it monitors and alerts to traffic attempting to enter and exit the network that may be malicious in nature. For companies with internal applications and services the firewall may also provide secure connections (using VPN) when working remotely or when multiple offices need to share data. Internet content that runs counter to your HR policies can be filtered at this level as well.
Malware often communicates back to a command and control server for additional payloads to further the cyber attack or for an adversary to control an infected machine. By blocking malicious domains, the malware has no way to continue the attack and simply sits until removed. Furthermore, this cybersecurity layer can also help to filter content similar to the Firewall.
Unfortunately, cyber attacks are successful at times, and it is important to minimize the “blast radius” to lessen the damage by potentially sacrificing one or a few non-critical computers. Segmentation can include separating workstations and servers by placing on different networks with limited access between them or using credentials exclusive to servers. Keeping the coffee machine from your systems is definitely a first step.
Endpoint Protection and Prevention
Anti-virus has been around, well since viruses. Endpoint Detection and Response (EDR) along with Managed Detection and Response (MDR) are newer cybersecurity solutions that analyze things differently from traditional anti-virus. Ideally both solutions should be used. Anti-virus to stop malware from attacking an endpoint and EDR/MDR to provide information used to both stop a cyber attack and investigate what happened leading up to and after an attack has happened.
Installing applications that are potential dangerous to your devices and data is often an issue with small businesses. Users being able to freely add apps without first determining their reputation, and what they will have access to is a serious concern.
Creating a user focused security program starts with education. Not just sitting employees down for an hour to watch the same video as last year. In person or webinar style training is crucial to understand not just how to protect your devices and data but also why you need to protect them.
Business Continuity and Disaster Recovery
This is the cyber layer that can mean recovery or closing for a business. Business Continuity and Disaster Recovery is not just having a backup of your data but a plan for where your employees can work and testing to ensure the plan works. Most businesses had hard lessons from COVID but never experienced the loss of their infrastructure.
Secure Point Solution Has Your Cybersecurity Stack in Mind
Your cybersecurity stack is crucial to the protection of your data and keeping your business operational. No single layer can provide the adequate risk mitigation needed nor can a business defend against cyber attacks with layers missing.
What does your cybersecurity stack look like? Are you missing some of our best practices? I would be happy to talk with you about your cybersecurity needs, schedule a consultation today by emailing firstname.lastname@example.org or calling 515-344-3008.