Cyber threats have been prevalent for a long time, but the potential damage is only now becoming fully understood. Malicious users are disrupting the digital world with high-profile denial of service attacks and security breaches into some of the world's most prominent companies. But it is not just big companies and government entities that need to think about security. In fact, according to the SEC, 60% of all cyber-attacks are directed at small and medium-sized organizations. And here is a staggering statistic: the SEC estimates that more than half of the small businesses that are hit with a cyberattack go out of business within six months.
Companies are understandably concerned about the high expense of cyber security. But the real question is, what is the cost of a security breach, and are you willing to take that risk? The most common rationalization we hear is "we are a small company, no one would ever target us." Unfortunately, these are exactly the types of companies that hackers are looking for. The bad guys are not searching for your company by name; they are blindly trolling the internet for vulnerabilities. If you want to keep your sensitive information safe, you will need sufficient protection for your websites, applications, network and email.
When it comes to Cyber Security, there is no such thing as one size fits all. At WinMill, we evaluate your business processes and risks, while taking into account your budget, to provide a custom solution that most effectively reduces your company's cyber risk.
It's time to rethink Cyber Security. It's time to call WinMill Software. Find out more about our WinMill Cyber Risk Assessment, and below check out some of our favorite security products.
Dynamic Website Scanning
Web application hacking is on the rise. Most corporations have secured their data at the network level, but many have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets and are online 24/7, are typically unprotected by a firewall and therefore easy prey for attackers. To combat this risk, you need to be running dynamic scans against your websites that search for vulnerabilities like SQL Injection, XSS, XXE, SSRF and Host Header Attacks.
Featured Solution: Acunetix Web Vulnerability Scanner
Static Source Code Scanning
Companies today are creating more software in house than ever before, to give them an edge on their competition. But with this rapid development comes an enormous risk, because most applications are not being built with security in mind. In fact, more than 60% of all applications fail the OWASP Top 10, and 80% of applications written in web scripting languages fail their first scan.
The solution is to implement static code scanning during application development. This is part of the "shift left" maxim, moving testing earlier in the application lifecycle. It used to be that code scanning required a copy of the source code, but source code may not always be available to you. Instead, the leading tools in this space now examine the binary code of the application. They look for coding flaws, back doors and many other dangerous vulnerabilities. Most importantly, the vulnerabilities are found before the application is released to production, which saves an enormous amount of time and money when compared to a "develop now, fix later" approach.
Featured Solution: Veracode Static Analysis
While your endpoint security is protecting your periphery and your dynamic and static scanners are looking for vulnerabilities in your applications, what about the network itself? A network scanner runs on a scheduled basis, checking for vulnerabilities on every IP device on your network. It looks for misconfigurations, missing patches, weak or default passwords, and much more. Network scanners use a library of known vulnerabilities that is constantly updated, with the objective of always staying one step ahead of the bad guys.
Featured Solution: Tenable Nessus
Next Generation Firewalls
Traditional firewalls have always been known to protect the perimeter of the network. Firewall technology has dramatically evolved, however, to provide top-to-bottom application protection of the OSI stack. Next Generation Firewall vendors now have the ability to protect the internal network, as well as provide Web Application Firewall protection, Intrusion Prevention, URL filtering, and Advanced Malware Protection.
Traditional Firewalls, more commonly referred to as stateful inspection firewalls, allow or block traffic based on state, port and protocol. They monitor all activity from the opening of a connection until the connection is closed. Filtering decisions are made based on administrator defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection. This is the basis on which the next generation features of a firewall are built upon.
Web Application Firewalls (WAF) provide the next level of defense beyond traditional firewalls. They learn your Web applications' "normal" behavior and correlate this with crowd-sourced threat intelligence. They learn all aspects of your web applications including the directories, URLs, parameters, and acceptable user inputs. They look for business logic attacks such as site scraping and prevent user account takeovers. They focus on blocking malicious users without impacting legitimate traffic.
Intrusion Prevention System (IPS)/Intrusion Detection System (IDS) technology within a firewall monitors traffic for security threats. The main function of an IPS/IPD is to examine network traffic to detect and prevent vulnerability exploits. These exploits typically come in the form of malicious inputs to an application or service. The IPS/IDS provides a complementary layer of firewall security that analyzes and detects dangerous content. The IPS/IDS has the ability to send an alert to an administrator, block the malicious traffic, and block traffic from the dangerous source.
URL Filtering provides the ability to allow, block, or limit access to millions of websites and web pages based on many different properties. The properties could be the content of the webpage or website, the time of day, the user who is browsing, the business category of the website, and so on.
Advanced Malware Protection helps an organization protect from and react to a malware attack. This uses Threat Intelligence to prevent general malware from entering the organization's network. During an attack, the system uses known file signatures and dynamic file analysis to identify and block malware.
Featured Solution: Cisco Firepower
DNS filtering provides protection for your users and data outside the periphery of your own networks. These solutions collect vast amounts of live internet data, identifying real and perceived threats around the world. The effectiveness of the solution is in how well it evaluates and correlates this data, and in turn, proactively protects you and your users.
The best DNS filtering correlates IP networks and DNS infrastructures to lean how threats are related. They automatically link events to known threats, and correlate the events with associated DNS infrastructures and IP networks. They assess suspect activity, identify patterns, and mobilize threat protection accordingly, while minimizing false positives.
Featured Solution: Cisco Umbrella
Extra security measures aren't difficult. We incorporate them into our everyday lives. We set the alarm at our house and lock the doors on our car. We use pins to retrieve cash at the ATM and authentication credentials to log into company computers. The effort is small, and so it easily becomes a part of our daily habits. However, securing email—all email—is a different challenge. We may secure our houses three to four times a day or visit the ATM twice a week, but who wants to encrypt and decrypt hundreds of emails a day? Passwords, portals and extra steps eliminate the ease of clicking 'send' and replace it with an annoying, almost painful, experience. And so we don't secure each email. In fact, unless your organization conducts business in a regulated industry such as healthcare or financial services, your organization probably doesn't secure any emails at all. But what you know about email encryption is about to change.
Featured Solution: ZixMail
End-Point security takes anti-virus to a whole new level. End-Point security solutions not only look for known malware, but they also use centralized, consolidated risk repositories to analyze behavior patterns and attack vectors. They provide visibility into attacks, identifying what happened and what resources were affected. They provide automated and manual upstream vulnerability assessments, allowing you to immediately quarantine sections of your network while you remediate.
Featured Solutions: Carbon Black, ESET
Many organizations now take a holistic approach to implementing cyber security and have started implementing stricter controls for every aspect of their business. Security integration and orchestration are becoming a prerequisite to new technology investments. Many solutions include analytics and strong reporting capabilities, but for some organizations this is simply not enough. If your organization has a significant application presence, and you have deployed multiple tools to strengthen your security posture, you are probably finding that you are investing a lot of time and effort in logging, vetting, compiling, assigning and tracking vulnerabilities found by your team.
Vulnerability correlation tools address this challenge. They allow you to integrate all of your application security tools into one centralized platform, from both an execution and results perspective. This helps to consolidate findings, decrease time between detection and remediation, and improve communication between security and development teams. These tools allow you to accurately measure exposure, prioritize remediation, and dramatically reduce your organization's exposure to cyber risk.
Featured Solution: Denim Group ThreadFix
Breach Detection Systems
While Application Security continues to grab headlines, there are still sophisticated threat actors targeting your networks and infrastructure. Network engineers and administrators are challenged in their ability to protect assets, locate threats, and stay up-to-date with the latest updates and patches. Organizations should consider a breach detection solution that monitors your network in real-time to detect anomalous activity and provides deep visibility into your IT assets and network activity. Breach detection solutions allow your team to find exploits as they occur. They analyze your network and establish a baseline for "normal" activity. Utilizing customizable alerts, they will notify you of unusual or suspicious behavior and present your response teams with a prioritized workflow for rapid remediation.
Featured Solutions: Nessus Security Center, Damballa Failsafe
You can be running every cyber security product on the market, but in the end, the proof is in a penetration test. High-end penetration testing solutions provide thousands of simulated attack vectors. Further, they allow you to automate your tests, saving countless hours and dollars and demonstrating immediate, tangible ROI. Finally, penetration tools provide a uniquely valuable education for your team. By simulating real attack path that may be used against your systems, you can quickly identify security gaps and prioritize your remediation efforts.
Featured Solutions: Core Impact, Metasploit Pro