You can never have too much security, but you can have too little!
Often, people will tell us that they have an anti-virus or a firewall, so they are fine. This is wrong for two reasons.
First, anti-virus and firewalls are not enough. An anti-virus will only stop known viruses. They won’t contain new or unknown viruses or anomalous behavior. And a firewall won’t block something that is already in your system.
Second, and probably most importantly, this is a false sense of security. If you think you are protected, you will likely not try to improve security or be careful of risky behavior. A flu shot will protect you from the flu but not from measles, cancer, heart attack, or a broken leg. And you certainly wouldn’t assume you’re fully protected with that flu shot and smoke for 40 years, eat fast food all your life or jump off the roof of your office building.
Having a defense-in-depth cyber security program will protect your organization. This includes more than just the technical tools.
Defense-in-depth means having a comprehensive, cohesive security program. Just layering one thing over another is not good enough. You will likely leave unprotected gaps. Here are the areas that should be included in your defense-in-depth security.
People – Your people can be your biggest threat or your best defense. The three most essential tools to ensure they are part of the security team are Training, Training, and More Training.
Policies – Make sure you develop and foster a culture of security. This means having policies and supplemental procedures that you promote and enforce. This includes periodic password changes, required use of MFA, scheduled updates/patching, procedures for onboarding new employees, ensuring legacy accounts are terminated, implementing a least privilege policy, etc.
Device Protection – Using an endpoint device protection and response (EDR) technology for workstations and servers to identify malware, stop it, and prevent it from infiltrating the network.
Network Threat Detection – Security Information and Event Management (SIEM) to detect threats and respond quickly to protect the entire network.
Secure Operations Center (SOC) – A 24×7 staffed SOC using both AI and human analysts to continuously monitor logs for malicious or anomalous activities to elevate appropriate alerts.
While many of the tools needed for implementing a comprehensive defense-in-depth cyber security program are available online, ensuring a cohesive approach and not a patchwork system of defenses is better. Using a Managed Security Services Provider (MSSP) will allow for a holistic approach with the best tools and experts watching out for your security, enabling you to do what you do best and continue with the daily operations of your business.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.