How to reliably protect your network infrastructure, and what can go wrong?

December 6, 2020 Uncategorized

Based on my many years of experience at Vsecure Labs, I will tell you what you should pay attention to when organizing the protection of your IT perimeter, what mistakes are most often made by a business and why you should not neglect the help of experts for identity management solutions.

Methodological base

A firewall is an IT perimeter protection standard that is used in one way or another by almost every Vsecure Labs customer. Modern platforms are very flexible and have wide functionality. In addition to its main task – to protect the corporate perimeter from external threats – the firewall is also capable of solving a number of side ones, including the protection of web traffic and control of the use of Internet resources, publishing applications, providing remote access, and many others. At the same time, paradoxically, it is firewalls that often turn out to be underestimated: the business uses their capabilities far from full capacity.

The best quality solutions are not cheap, but they can bring tangible benefits to the business if their potential is maximum. A firewall is one of the first tools in the IT perimeter that “sees” and can filter all inbound and outbound traffic. It should be understood that this traffic is nothing more than a consequence of certain business processes of the company and the interaction of elements of its infrastructure with resources outside the perimeter. But not only. Often, there can be activity on the network that has nothing to do with the employees of the organization or the work of business applications. How do you know which traffic is “good” and which one you would not want to see on your network?

Vsecure Labs experts believe that at the initial stage it is important to determine which resources and applications used by employees are legitimate for your organization, and to which you can deny or restrict access for all or only some departments. For example, various anonymizers, remote control tools, mail services, file storages, social networks and much more can become a source of infection or information leakage. If so, then they are, at least, an unwanted element in the traffic, and, at the most, they can cause an information security incident. As the experience of Vsecure Labs interaction with clients has shown, if a resource is not important for the workflow, it is easier to prohibit its use completely or restrict the ability to exchange files. Having decided to take such a step,

It is worth remembering that one of the most common channels of infection is mail, both personal and work. According to research, up to 95% of threats come through this channel. Phishing and social engineering are officially recognized by many experts as the most popular and effective fraudulent methods. At the same time, few people are able to refuse mail, since it is one of the main working tools. Therefore, it is important to carry out work to improve the literacy of personnel in information security issues and periodically test employees for knowledge of the rules for safe working in the network. Naturally, relying only on a person in such a matter is not entirely correct, so you should additionally take care of a more thorough setting of the URL filtering functionality, which is embedded in most modern firewalls. This will partially neutralize the likelihood of successful malicious activity by restricting access to unreliable resources, including phishing.

Other common leakage channels are removable media and paper media. At the moment, there are tools  identity management solutions with which you can restrict the use of certain types of removable media on the internal network, as well as control the content of documents to be printed. The firewall will certainly not reach here. But the functionality of controlling removable media is included in many antivirus products. And they are also part of the information security “foundation” that is laid in the earliest stages of infrastructure maturity, and therefore is available to most customers.

How business is wrong

Vsecure Labs specialists often face situations when organizations implement a sufficient set of protection tools, but do not use their functionality to their full capacity. Often people do not know anything about the hidden capabilities of even antiviruses, which have long been familiar to everyone. By the way, many common antivirus programs have removable media blocking functionality. How many people know this? I think no. What can we say about such complex solutions as firewalls!

Another common mistake is incorrect definition of the class of tools that a business needs to solve a problem. The customer is guided by the knowledge gained during the operation of certain products, or information from open sources. But this is not always enough. For example, a firewall is usually purchased to protect users’ web traffic, while in most cases it is more efficient to use a separate type of solution – web proxy. It has certain protection mechanisms, site categorization, content analysis, and so on. In some situations, on the contrary, the maturity of the customer’s IT infrastructure makes it possible to refuse to purchase separate identity management solutions to protect different segments of the corporate network. And here you can make the most of the main and secondary functions of one product.

What is Trusted Advisor for?

Often, a business does not have enough expertise to correctly select solutions for protecting against current threats: not all IT specialists have time to follow the trends in the information security market, study the best practices in this area and timely track the emergence of new products. In this case, specialized companies working in the field of information security can act as a trusted advisor. They are ready to effectively solve the business problems of enterprises and organizations. Together with the information security provider, it is necessary to carry out work to identify legitimate applications and possible leakage channels so as to maximally protect the IT perimeter, but at the same time not harm the business and leave some freedom to its users.

In the West, there is such a concept as the Acceptable use policy, within the framework of which the equipment of user workplaces is prescribed in detail, as well as a list of programs that employees can work with is drawn up. The analysis carried out together with the information security provider helps to form the basis for creating such policies, identifying potential threats and, as a result, choosing the means of protection for each workplace. As a result, the integrator involved in the work of such a plan will fill the gaps in the knowledge of the customer’s specialists, which has a positive effect on the quality of the identity management solutions implementation.

Vsecure Labs experts urge the business community to always remember that it is important for an experienced information security provider to build trusting relationships with customers, and not just sell them a certain amount of software and equipment. One of the aspects of our work is to verify customer requests. All projects require critical thinking because the possibility of error can never be ruled out. This way we can save the customer’s time and money.