9 ‘Good’ And ‘Bad’ Security Measures Businesses Need To Know

Blog Security Tuesday 30th August 2016 • 5 min read
Steve Nice, Chief Technologist

Which security measures are ‘known goods’ for enterprises, and which are ‘known bads’?

Recently, I was approached by a journalist who asked me that question.

Security professionals are often asked questions like this. Not everyone has the time to think through all the complexities of security provision, so from a certain standpoint, such a temptation to oversimplify is understandable. It also makes for satisfying reading.

Naturally, the right security strategy depends on the details of your brief, your budgets, the size and nature of your systems, in-house skills, the degree of risk involved, and a million other factors. What’s usually required, especially for medium to large enterprises, is a combination of approaches that can supply ‘defence in depth’.

With that caveat, I answered:

1. ‘Known bad’; Firewalls in isolation

Stopping traffic, opening and closing ports, examining data as it comes in… Firewalls are a fundamental security measure. However only using a firewall as your principle security measure (as a surprising number of smaller companies do) is, indeed, ‘bad’. Firewalls should be employed as part of a ‘defence in depth’ approach, adding another moat to your castle.

2. Known good’; whitelisting

Simple whitelisting is affordable across a range of budgets. The latest whitelisting technologies are incredibly advanced, employing AI and deep learning neural networks to analyse your ‘normal’ patterns of behaviour in order to anticipate what should and shouldn’t be let into your network.

3. ‘Known good’; Unified Threat Management

With the growing architectural complexity of today’s business systems, and the growing use of cloud infrastructure, encompassing multiple security solutions within a single management platform, (firewalls, whitelisting, anti-malware, IPS, etc.), is broadly a ‘known good’, (particularly for companies with larger, more complex systems).

Again, it’s about taking a multi-layered approach. However, such systems are often from a single vendor, which many businesses would see as increasing their risk. To address this, you might split the various layers of solution out, or obtain the solutions from different vendors. So, UTM isn’t a black-and-white ‘good’ or ‘bad’ solution.

4. ‘Known bad’; relying on passwords

Passwords are all-too-frequently hacked and published en masse on the Internet. People tend to be lazy: Mark Zuckerberg’s LinkedIn password was compromised a few months ago, and it turned out that he used the same password for his Twitter account. Broadly-speaking any alternatives to the traditional password, (such as biometrics) are a good thing.

5. ‘Known good’; Two-factor authentication

Two-factor authentication is one of the best ways of securing applications, especially as everything moves into the cloud. It’s becoming increasingly important to ensure the right person is logging in to apps and services.

6. ‘Known good’; some kind of email monitoring

We use Mimecast to monitor suspicious activity on email, particularly phishing attempts, which are becoming increasingly sophisticated.

7. ‘Known bad’; relying too much on your employees

Realistically most employees will be too busy doing their jobs to dedicate the necessary amount of headspace to security. Ensure they understand policy, but security professionals need to accept that half the time that advice may well be forgotten or ignored.

8. ‘Known good’; data encryption

Data encryption is definitely a ‘known good’. In fact, it should really be the default position now, (opt out, rather than opt in). Any data that is in transit, especially, should be secured, (via https, VPNs, SSL, etc.).

9. A potential ‘known good’; outsourcing

Today’s threat landscape is so complex that protecting a company’s infrastructure can be a full time job. As a result, for many companies, it makes sense to outsource threat management to companies that can treat it as such, and which have the time, skills and expertise to monitor systems appropriately.


P.S. If you want to take a close look at the security vulnerabilities of your existing systems, and understand how to implement your security in a balanced, comprehensive way, GET IN TOUCH.

Related stories

Latest blog releases of interest...

News
7th June 2017

Node4 opens new office and Security Operations...

Node4 announces the opening ceremony of a new office and...

News
20th April 2017

UK mid-market IT budgets to rise across...

IT budget outlook is bright, with 77% of mid-market companies...

Blog
28th March 2017

Discover The Advantages and Disadvantages of Cloud...

Cloud computing has been a hot topic for a long...

Blog
7th March 2017

Beware: 5 Cloud Computing Misconceptions

Cloud is on the tip of everyone’s tongue these days:...


Discover Think Colocation is for you?

Purpose built demo suite

All Aboard the Mobile Solutions Centre