Cyber security refers to every aspect of protecting an organization and its employees and assets against cyber threats. As cyberattacks become more common and sophisticated and corporate networks grow more complex, a variety of cyber security solutions are required to mitigate corporate cyber risk.
Cyber security is a wide field covering several disciplines. It can be divided into seven main pillars:
1. Network Security
Most attacks occur over the network, and network security solutions are designed to identify and block these attacks. These solutions include data and access controls such as Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application controls to enforce safe web use policies.
Advanced and multi-layered network threat prevention technologies include IPS (Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and Reconstruction). Also important are network analytics, threat hunting, and automated SOAR (Security Orchestration and Response) technologies.
2. Cloud Security
As organizations increasingly adopt cloud computing, securing the cloud becomes a major priority. A cloud security strategy includes cyber security solutions, controls, policies, and services that help to protect an organization’s entire cloud deployment (applications, data, infrastructure, etc.) against attack.
While many cloud providers offer security solutions, these are often inadequate to the task of achieving enterprise-grade security in the cloud. Supplementary third-party solutions are necessary to protect against data breaches and targeted attacks in cloud environments.
3. Endpoint Security
The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to do that with a mobile workforce is using endpoint security. With endpoint security, companies can secure end-user devices such as desktops and laptops with data and network security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and technologies that provide forensics such as endpoint detection and response (EDR) solutions.
4. Mobile Security
Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing businesses to threats from malicious apps, zero-day, phishing, and IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the operating systems and devices from rooting and jailbreaking. When included with an MDM (Mobile Device Management) solution, this enables enterprises to ensure only compliant mobile devices have access to corporate assets.
5. IoT Security
While using Internet of Things (IoT) devices certainly delivers productivity benefits, it also exposes organizations to new cyber threats. Threat actors seek out vulnerable devices inadvertently connected to the Internet for nefarious uses such as a pathway into a corporate network or for another bot in a global bot network.
IoT security protects these devices with discovery and classification of the connected devices, auto-segmentation to control network activities, and using IPS as a virtual patch to prevent exploits against vulnerable IoT devices. In some cases, the firmware of the device can also be augmented with small agents to prevent exploits and runtime attacks.
6. Application Security
Web applications, like anything else directly connected to the Internet, are targets for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web application security flaws such as injection, broken authentication, misconfiguration, and cross-site scripting to name a few.
With application security, the OWASP Top 10 attacks can be stopped. Application security also prevents bot attacks and stops any malicious interaction with applications and APIs. With continuous learning, apps will remain protected even as DevOps releases new content.
7. Zero Trust
The traditional security model is perimeter-focused, building walls around an organization’s valuable assets like a castle. However, this approach has several issues, such as the potential for insider threats and the rapid dissolution of the network perimeter.
As corporate assets move off-premises as part of cloud adoption and remote work, a new approach to security is needed. Zero trust takes a more granular approach to security, protecting individual resources through a combination of micro-segmentation, monitoring, and enforcement of role-based access controls.
The cyber threats of today are not the same as even a few years ago. As the cyber threat landscape changes, organizations need protection against cybercriminals’ current and future tools and techniques.
The cyber security threat landscape is continually evolving, and, occasionally, these advancements represent a new generation of cyber threats. To date, we have experienced five generations of cyber threats and solutions designed to mitigate them, including:
Each generation of cyber threats made previous cyber security solutions less effective or essentially obsolete. Protecting against the modern cyber threat landscape requires Gen V cyber security solutions.
Historically, many organizations’ security efforts have been focused on their own applications and systems. By hardening the perimeter and only permitting access to authorized users and applications, they try to prevent cyber threat actors from breaching their networks.
Recently, a surge in supply chain attacks has demonstrated the limitations of this approach and cybercriminals’ willingness and ability to exploit them. Incidents like the SolarWinds, Microsoft Exchange Server, and Kaseya hacks demonstrated that trust relationships with other organizations can be a weakness in a corporate cyber security strategy. By exploiting one organization and leveraging these trust relationships, a cyber threat actor can gain access to the networks of all of their customers.
Protecting against supply chain attacks requires a zero trust approach to security. While partnerships and vendor relationships are good for business, third-party users and software should have access limited to the minimum necessary to do their jobs and should be continually monitored.
While ransomware has been around for decades, it only became the dominant form of malware within the last few years. The WannaCry ransomware outbreak demonstrated the viability and profitability of ransomware attacks, driving a sudden surge in ransomware campaigns.
Since then, the ransomware model has evolved drastically. While ransomware used to only encrypt files, it now will steal data to extort the victim and their customers in double and triple extortion attacks. Some ransomware groups also threaten or employ Distributed Denial of Service (DDoS) attacks to incentivize victims to meet ransom demands.
The growth of ransomware has also been made possible by the emergence of the Ransomware as a Service (RaaS) model, where ransomware developers will provide their malware to “affiliates” to distribute in exchange for a piece of the ransom. With RaaS, many cybercrime groups have access to advanced malware, making sophisticated attacks more common. As a result, ransomware protection has become an essential component of the enterprise cyber security strategy.
Phishing attacks have long been the most common and effective means by which cybercriminals gain access to corporate environments. It is often much easier to trick a user into clicking a link or opening an attachment than it is to identify and exploit a vulnerability within an organization’s defenses.
In recent years, phishing attacks have only grown more sophisticated. While the original phishing scams were relatively easy to detect, modern attacks are convincing and sophisticated to the point where they can be virtually indistinguishable from legitimate emails.
Employee cyber security awareness training is not enough to protect against the modern phishing threat. Managing the risk of phishing requires cyber security solutions that identify and block malicious emails before they even reach a user’s inbox.
The different generations of cyberattacks have been defined mainly by the evolution of malware. Malware authors and cyber defenders are playing a continual cat and mouse game, where attackers try to develop techniques that overcome or bypass the latest in security technology. Often, when they succeed, a new generation of cyberattacks is created.
Modern malware is swift, stealthy, and sophisticated. The detection techniques used by legacy security solutions (such as signature-based detection) are no longer effective, and, often, by the time security analysts have detected and responded to a threat, the damage is already done.
Detection is no longer “good enough” to protect against malware attacks. Mitigating the threat of Gen V malware requires cyber security solutions focused on prevention, stopping the attack before it begins and before any damage is done.
In the past, organizations could get by with an array of standalone security solutions designed to address specific threats and use cases. Malware attacks were less common and less sophisticated, and corporate infrastructures were less complex.
Today, cyber security teams are often overwhelmed while trying to manage these complex cyber security architectures. This is caused by a number of factors, including:
Trying to solve all of these challenges with an array of disconnected solutions is unscalable and unsustainable. Only by consolidating and streamlining their security architectures can companies effectively manage their cyber security risk.
A modern security infrastructure is one that is consolidated and built from solutions that are designed to work together. This requires partnering with a security provider with experience in protecting all of an organization’s assets against a range of cyber threats.
Check Point offers solutions for all of an organization’s security needs, including:
To learn more about the threats that Check Point solutions can help to protect against, check out the Check Point 2021 cyber security and Mobile Security Reports. You’re also welcome to see Check Point’s solutions in action for yourself with a demo and try them in your own environment with a free trial.