IT Security Software

IT Security Software Guide

Nowadays, business owners have more options in terms of computer security than they’ve ever had before. With technology evolving as it has, hackers have many more ways to exploit a computer network. In terms of potential threats, the attack surface is larger than ever and there’s a myriad of new ways to exploit a network. This has led to internal policy changes for offices, and a whole host of new approaches for security specialists. Overwhelming as it may seem, there is still going to be one correct choice. That choice, however, is going to be different depending on the individual needs of your business and the structure and size of your office. This means identifying the business’s individual risk and determining where the attack surface is.

This isn’t the easiest of tasks, especially for those that aren’t computer savvy. Security specialists are trained to think like hackers. They’ll be looking at your business’s network as if it is an attack surface. They’ll be identifying vulnerabilities and they’ll come up with a security solution that meets your individual needs.

Consider, for instance, the use of Bluetooth devices. Most folks would consider them innocuous everyday devices that power their wireless keyboards and headsets. On the other hand, what if the signal from a wireless keyboard could be intercepted without the individual who is using it being aware that their data is being transmitted outside the network? This would allow a potential hacker to steal passwords by logging the individual keystrokes coming from the keyboard. Not only is it a risk to your system, but it would also risk your client’s information.

Another issue for business owners is not understanding fully what the risks are to their system or paying for an advanced security system that does not entirely meet their needs or protect the entire network. It thus becomes an issue of prioritizing the risks to your business and shoring up any potential holes in your security. For a layman, that’s no easy task. This article should help you get the lay of the land and make a better choice for your business.

What is IT Security Software?

In the old days, security software was the only option available. Today’s needs for security go much farther. Security software still exists, but now there’s also hardware and hosted cloud-based services that businesses can purchase. Each of these represents a different approach to managing a business’s security needs and they are often used in tandem. In order to fully understand the different approaches to security and determine for yourself what the best approach for your business will be, you’ll have to familiarize yourself with the many different ways of securing a network and computer. These are the basics.

Firewalls are the computer’s first line of defense against intrusion. They prevent a hacker from attacking your network simply by infiltrating the IP address. Firewalls for personal computers are generally software, but for businesses, they can also be hardware combined with a software solution. Firewalls are designed for the specific purpose of determining what traffic is allowed into your network. Most businesses rely on more sophisticated firewalls than your typical home PC will employ. For instance, these firewalls will be able to determine the specific applications employees use allowing security specialists to implement a precision threat assessment. Many of these firewalls will come with options that are above and beyond what some businesses need. In addition, they have expensive price points and in order to customize them, you’ll need to know a thing or two about IT security or have someone on staff that can configure them properly.

Antivirus and anti-malware software are staples of both home PCs and business networks. Antivirus software works by conducting scans on a computer. It looks for viruses and malware and then quarantines and removes them. In order to do this, it must have an expansive virus definition file. The scan runs through each file on the network to determine if one bit of code in a program matches up with one of the known viruses or malware. It also scans new files that appear on the computer or network immediately for threats. These can include spyware, bots, and keylogging software in addition to computer viruses. This solution, while effective, is also incredibly clunky, eats up lots of RAM, and slows down your entire network. It’s a brute force solution to the problem of harmful software infiltrating your network.

Encryption involves the process of making your data readable only to those within your business. In terms of security, encryption is one of the most effective means of protecting data. It’s nearly impossible to decrypt data without the security key used to make it readable to those in your inner circle. Even for networks that are breached, hackers won’t be able to make good use of the data unless they can read it.

Email represents one of the most common avenues of attack for hackers. Some companies institute an email policy while others employ software that scrutinizes the contents of the email to determine if attachments are themselves malware or if there is a potential threat from clicking a link. Other businesses will find it necessary to install a secure email gateway. These can scan traffic moving both into and out of your network. It catches potential malware earlier than an antivirus can and before it enters your network.

Integrated Security Suites: What are They and How do They Work?

Integrated Security Suites are a good option for those that have dedicated security staff on hand to manage the configuration and deployment of the suite. They tend to be among the cheapest options, but they will also cost a business elsewhere. Namely, you’ll need someone on hand that is well versed in network security to monitor, update, configure, and reconfigure your defense strategy.

In addition, there may be an option to have the security bundle monitored remotely. A vendor may offer this as an option, or there may be a third party that monitors the network. Any of these options are going to make the security bundle less cost effective to the business but will improve network security.

Bundled security packages tend to include the various services listed below in some combination.

Endpoint Protection constitutes protecting each and every device on the network. An endpoint is simply techspeak for a device. This includes mobile devices, laptops, desktops, tablets, printers, or anything else that is connected to the mainframe. Endpoint Protection Platforms (EPP) are bundled security packages that are installed on each individual device. They include common security software such as antivirus, encryption, intrusion detection and prevention, and a firewall. As a point of policy, network security specialists should not allow devices that have not been outfitted with the software to connect to the network.

Unified threat management also known as UTM may either be a locally installed piece of hardware or a hosted service. This will contain what is called a “Next Generation Firewall” and a host of other security tools including antivirus, spam blockers, intrusion prevention and detection, and content filtering.

UTMs can be an ideal choice for small to medium sized businesses. Because a UTM is fundamentally either a managed service or a piece of hardware, it can be circumvented by a clever hacker that attacks an endpoint. UTMs provide a perimeter defense scheme to protect endpoints, but once an endpoint has been compromised, the network may be vulnerable. Thus the fewer devices on the network, the smaller the attack surface is, and the less vulnerable the network will be.The larger the network, the larger the attack surface.

A Mobile Device Management (MDM) solution is ideal for networks that have a lot of mobile devices such as tablets and phones requiring access. An MDM can determine which devices are authorized and which aren’t, excluding those that aren’t. Since MDM is a kind of Endpoint Protection Platform, it can be bundled together with some EPP packages. MDM will allow network administrators to determine precisely what individual mobile devices can access and if need be, the network administrator can erase company data from an individual device remotely.

Protecting Against Traffic Risks

A good metaphor for understanding the problem of network security is to consider your home as a metaphor for the network. Your home has a few different doors from which you can access the inside. You want some people to be able to access the inside, but not others. A firewall fundamentally creates a barrier between unwanted visitors and your family.

Unlike a home however, data flowing into and out of a computer on a network isn’t immediately recognizable. A security specialist must program a set of rules determining which ports are safe to receive data from. For instance, you want your company’s website to be able to receive data from clients and customers. The firewall thus creates an exception for the individual port that your website operates from.

Threats can come from outside the network and they often do in the form of hackers. However, the threats that come from inside your network are likely the ones that leave you the most vulnerable. These can be from employees clicking an email that installs some kind of malware on your network, or from an unregistered bluetooth device that is being used by an employee that is not heeding (or simply unaware of) company policy. In both instances data that is leaving the network may be received by a hacker on the other side that can compromise your client’s and your company’s most sensitive data.

Thus, traffic must be monitored both coming and going.

A Secure Web Gateway can differentiate between different kinds of content coming into and exiting the network. A typical firewall blocks traffic based on where it’s coming from. In other words, it gives a network administrator more control over the firewall. There’s a lot of applications that run over the network that require internet access. Firewalls need to be able to allow these programs to open ports in order to let information in and out. A Secure Web Gateway, unlike a typical home computer firewall, can ensure that certain kinds of data are not leaving the system.

A Secure Web Gateway can also restrict employee access to certain online websites. In addition, it scans all data that is coming over the network and leaving the network specifically looking for suspicious activity. This can be of major benefit to businesses that employ a vast number of workers. It typically happens that your employees are themselves security risks either due to malicious intent, or pure carelessness. Secure Web Gateways are designed to prevent honest mistakes, and consciously malicious actions taken by an employee. Many times, malware can come from emails or over the web, so Secure Web Gateways are designed to catch malicious code while it’s being transferred through the network, not as it’s being executed or as part of a scan. In other words, it preempts the process of downloading and executing the malware.

Secure Web Gateways are an ideal solution for any size business. They can be implemented as either a software solution, hardware, or as a remotely hosted service.

Data Loss Prevention (DLP) refers to a method of defending against the theft of sensitive company data. This can include your customer’s credit card numbers or other confidential information. DLP is aimed at sifting through data that is being sent through the network elsewhere. It can determine if an individual user is allowed to send certain data through the corporate network, or even if an individual recipient is authorized to have that data.

One thing to note is that DLP is not meant to prevent intrusion. It can, however, stop data packets from leaving the network rendering a potential intrusion fruitless. It is generally offered as part of a broader package as it ensures a critical line of defense against hackers that can invade a system in a variety of ways.

IPS and IDS refer to Intrusion Prevention and Intrusion Detection Systems. Firewalls are designed to keep intruders out, but they have no way of determining if an intrusion has taken place. In addition, IPS offers a degree of protection that goes above and beyond what your typical firewall is capable of providing. Intrusion detection is meant to ensure that malicious activity is blocked even when the intruder may have accessed the system using legitimate credentials (which happens often). In other words, IDS identifies malicious behavior.

Access Management

Access management involves the administration of credentials to access the network at various levels. For instance, you might not want an entry level employee to have access to every aspect of your company’s business. You still, however, want this employee to have access to the network in order to do their job. Access management tools regulate who gets access to what within an individual network.

There are two main components to Access Management. Those are Identity Access Management (IAM) and Network Access Control.

Identity Access Management refers to the software that manages employee usernames and passwords. It authenticates individual employee credentials and manages their level of access. Some sort of IAM solution becomes necessary the larger your business is. Smaller businesses face a different sort of threat profile when everyone is operating out of a single small office. Larger businesses may have hundreds of employees, so it won’t necessarily trigger alarms if someone comes in off the street and starts hacking away at a network terminal. Smaller businesses generally don’t have that problem.

In contrast, Network Access Control is a kind of software that determines what devices are allowed to access the network and what level of access individual devices should have. Large organizations will employ NAC as well, but even smaller organizations that allow their employees access to the network will benefit from NAC software.

Threat Intelligence

Threat intelligence is designed to scrutinize behavior to determine if it’s a threat to the network or not. Most modern cloud based security systems run on lightweight servers that do not employ vast virus and malware definitions. Instead, they analyze the behavior of certain programs and determine whether or not they’re behaving in a threatening fashion. This is an integral piece of the puzzle because there are no security systems in place that can be 100% effective against preventing files or data from coming into the network. So threat intelligence programs exist to minimize the damage caused if there is a breach in network security.

System Information Management and Security Event Management are two distinct methods that operate in tandem to track down suspicious activity, identify suspicious activity, and respond to suspicious activity. This, in essence, is the network’s last line of defense against a threat. Logging the data will help a company respond to a security issue in the future, while the other methods neutralize suspicious activity as it’s occurring.

Vulnerability Scanning also known as Penetration Testing employs software that “attacks” your network for weaknesses. In other words, it simulates a hacker attempting to gain access to a network in order to shore up weaknesses within your network. Security teams employed by a company will attempt to break into the company’s mainframe using a variety of sophisticated attacks. If successful, the company then can respond by shoring up that hole in their security.

Considering the Cost

Most security software operates on the same basic licensing agreement that any software license operates on. That means paying the license on every device on which the security software is installed. In some cases, it will also mean employing additional IT technicians to monitor the network and configure the software. The added cost has caused many companies to move toward hosted services that operate and manage a company’s security remotely. This means less of a burden on an IT staff and an individual company. Individual companies have also begun consulting third party security specialists to analyze their network and determine what the most cost effective strategy would be for their individual needs. Scalability may be a major concern for larger or growing companies, but smaller companies are going to be most interested in providing themselves with effective protection at a manageable price.

Evaluating Security Software and Security Packages

Over the last decade, network security specialists have diversified to the extent that it actually feels like you have to be an expert simply to select the right security package for your business. Indeed, many companies have recruited consultants for the very purpose of determining the company’s security needs. According to a recent poll, however, this has not led to a wide amount of customer satisfaction. What did lead to customer satisfaction was due diligence on the security firm’s references and having a trusted lawyer go over the agreement before signing.

One could argue that satisfaction is not the best determiner for the quality of a security service. If you never notice the security system then it’s doing its job properly. On the other hand, with so many options to choose from, analyzing a vendor’s credentials and having a lawyer read over the fine print of an arrangement isn’t such a bad option.

In the end, an article such as this can only help companies and their executives understand the options that are available to them. Different businesses will indeed require different kinds of protection. Many security vendors offer entire boutiques of protection for a wide array of businesses. The reputable ones are those that put a premium on customer satisfaction and repeat business.