December 2016: While using a network may seem simple when you’re working, managing the backend is anything but. Protecting today’s interconnected systems from threats like ransomware, botnets, cyber espionage, and breaches keep getting more complex as technology evolves. How can your company keep up? Use next-generation tools.
Next-gen tools offer much more than tools used a few years ago. From deterring attacks to baselining activity to using heuristic engines, these tools can literally save the day. Here are four you should know about:
1. Next-generation firewalls (combination of hardware and software)
Next-gen firewalls do a lot more than filter spam and block known malware. They’re powerful tools that can withstand nonstop attack attempts, perform deep packet inspections, and offer a lot of controls, such as the ability to set specific filters and security policies. They can put questionable software in a sandbox to keep it away from the network until it’s proven safe, and they can integrate with the cloud to guard against web-based attacks, which is where most malware is coming from these days. Next-gen firewalls can also improve productivity through controls that allow you to do things like block video streaming, limit Facebook access, and throttle downloads to prevent internet congestion.
2. Network activity baselines (combination of hardware and software)
Most of the breaches you hear about in the news could have been minimized with baselines. If network activity baselines had been created for those networks and then those networks had been monitored for anomalies, the damage (and the fallout) would have been far less. The Home Depot and Target breaches, for example, went on for months and the Sony breach went on for years. Next-gen tools that create network activity baselines by “hearing” every digital conversation that takes place over your network for a certain period of time so they can learn what’s normal (and what’s not) for your company. Normal activity includes things like the way your network interacts with file servers, computers, cloud apps, websites, and other networks, devices and platforms to conduct business. It also learns the characteristics of each conversation and how long each should last.
Once the baselines are in place, your network operations center can use them to investigate problems — how do the problems compare to the baselines? Let’s say, for example, it’s taking longer for users’ emails to open. You can compare each part of the digital conversation that takes place to open an email — from the email server to the internet connection to the DNS service — to the baseline. If these conversations match the baselines, then you need to look at outside causes, such as the possibility you’ve been hacked, in which case traffic could be going through a third party before it gets to you. Without the baselines, you don’t know what’s normal in your complex environment so you don’t know where, exactly, the problems are located. And if you don’t know where the problems are, you can’t stop them and they can continue for a long time. Next-gen tools like those from ExtraHop and others work in real-time so problems can be solved in real-time, too.
3. User behavior baselines (software)
Baselines for user behavior can be just as important to finding and stopping problems as baselines for network activity. Is it normal for the CFO to work late at night on that app? Is the sales team supposed to be communicating with people in East Asia? Does Bob usually download so many files?
Next-gen tools that create user baselines learn which apps each person uses and when, how they use the network, what files they usually access, and other key behaviors. Then, using behavior analytics, the tools search for patterns of behavior that are anomalies when compared to the baselines. When you create security settings, apply filters, and track usage you can spot anomalies even faster, then report on whose account was used and where it was used from. These tools also allow you to set up triggers to automatically shut down accounts that have met a predetermined threshold. So while they don’t prevent malware or hacking, these tools help you shut them down fast.
Companies with huge amounts of data and multiple generations of employees are prime candidates to benefit from user behavior baseline tools like those from Varonis and others. The process of completing the work that’s needed to create the baselines in the first place — including data discovery, data inventory and data mapping — is a huge organizational benefit on its own. Tools like these are an investment and especially useful for regulated industries.
4. Improved anti-malware heuristic tools (software)
The old way of keeping malware out of your network was based on identifying and blocking known malware. This left your company vulnerable to unknown malware — once it was identified the anti-malware software was patched, but until then you were at risk. Not anymore. Next-gen anti-malware uses what’s known as heuristic engines to look at the behavior of a known virus and match it to the behavior of something new and unknown. This is effective because when cyber criminals change malware, including ransomware, to bypass anti-malware tools, they usually don’t change it very much. So while there may not yet be a known definition for the new strain, if it quacks like a duck but doesn’t look exactly like a duck, the heuristic engine can still flag it as a possible duck. This sophisticated next-gen software is a welcome improvement and one that Leapfrog Services recommends for all businesses and all of our clients. Our frogs like tools from Kasperski, among a few others.
Trying to keep up with all of the available next-gen tools for network monitoring and management can be an overwhelming task for companies that don’t have dedicated staff for research, development and training. Leapfrog focuses on testing and running next-gen tools that solve specific problems our clients are experiencing, with the four types of tools listed above being the most effective in our customer environments so far. If your company is still using tools that don’t include the next-gen capabilities, feel free to contact us for more information. We’re here to help you operate securely while still being super productive.