Security has become an enabler for your business to grow in this “chaotic world”, where you may have already been breached but you have not detected it yet.
Let’s just go back to basics to achieve Cyber Hygiene as the first and most important step towards building a good Security Architecture. Research shows that basic Cyber Hygiene can prevent or minimize the impact of many reported breaches so far.
In the past, cyber security was more about protecting your perimeter, and if a hacker gets through the first perimeter, there will be a second one to block it – the so-called “defence in depth” security architecture. In this legacy security architecture, there are “Trusted” and “Untrusted Zones”. This architecture clearly does not work anymore in today’s context of working anywhere (no more perimeter), BYOD, malicious web sites and phishing emails that looks very genuine. Enter Zero Trust Security Architecture, where there is no such thing as a trusted zone or trusted login credentials. To access anything, one has to proof you are who your credentials say you are, using MFA, conditional access based on context, device used, job function, time-of-day or where your connection originate from.
In PTC, we have curated a portfolio of security products that can help organizations win the war against hackers and cyber criminals out to disrupt your business. Kindly contact us for a more detailed discussion of these products. Below is a brief summary:
END POINT PROTECTION, DETECTION & RESPONSE (EPP, EDR)
Since 90% of data breaches occur at the end point, it makes sense to have an EPP that high efficacy in preventing malware infection.
CylanceProtect is a lightweight, high performance EPP that is AI-based, not dependent on daily signature updates, or cloud intelligence (requiring internet connection) to effectively convict malware with high efficacy, compared to traditional AV vendors.
CylanceOptics is an EDR tool to help in-house security team to quickly investigate, obtain forensics, perform threat hunting, contain the endpoint, and remediate if infected.
WEB & EMAIL ISOLATION
Over 90% of all breaches can be traced to a well disguised phishing email, or a URL with malicious intent, or a weaponized document, to infect your end point with malware.
What if all your employees can be isolated from the bad actors on the internet with the ability to browse internet freely while working on emails in the job?
With Menlo Security, your employees are effectively shielded from infection that can come from web browsing and email activities without the need for a continuous, expensive and company-wide security awareness training.
It takes just one curious employee to click an infected link or download a weaponized document on a phishing email to cause a breach. No amount of continuous security awareness training can guarantee that will not happen. With Menlo Security isolation, these harmful effects are always isolated from your end points.
PRIVILEGED ACCESS MANAGEMENT
Those who have the system administrators’s accounts have the “keys to the kingdom”.
A PAM like MasterSAM can login on behalf of users, with full recording of their activities.
Nobody can login directly to any system because nobody will have root access, only the PAM knows the real root password.
CONTINUOUS SECURITY POSTURE VISIBILITY
Your organization had deployed many security tools in the hope that all security gaps had been covered.
But how do you know whether each of these tools were deployed effectively, or if they had been even configured correctly? Are there any more gaps that your security tools have not covered yet.
Do you know from minute to minute how your security posture had changed, based on what all your security tools are monitoring, all from a single pane of glass.
Cyber Observer is one such tool, unique in the industry, to be able to gather all the data collected by your security tools, to form a very accurate picture of your security posture, continuously, minute by minute. It also point out to you which specific Critical Security Control are the ones affecting your security health score negatively, so that you know exactly what to fix to improve your security posture.
It is not a well-known fact that your basic DNS infrastructure can be used by hackers to exfiltrate data right under your noses because most organizations are not watching DNS traffic as a transport medium for stolen data.
If you are still using generic BIND that came with your Linux OS or DNS service that came with Windows Server, you are vulnerable to DNS-type attacks and data exfiltration.
Infoblox is the leader in DNS security whose appliance also integrates DHCP and IP address management into one box with one security management plane.
CLOUD ACCESS SECURITY BROKER (CASB)
With more and more organizations moving their workloads and data to the Public Cloud, how do you ensure that it is as secure as when it was on premise?
If you do not already know, the security of your apps and data is your responsibility, NOT the Public Cloud provider. This is what the cloud providers termed as the “Shared Responsibility Model for Cloud Security”.
With a next-gen CASB like Bitglass, all access to your cloud resources are proxied, managed, monitored, and protected against threats, stolen identity access, data leakage and Shadow IT activities.
In today’s security landscape, your security infrastructure would not be complete if you have no complete visibility into what is going on in your network, not just north-south but also east-west traffic.
There are many modern security tools that need to ingest raw network traffic to do UEBA, sandbox analysis, machine learning, etc, for the detection of threats in your on-premise network.
The most effective way to capture network traffic once and feed it to multiple security tools, is to use a Network Packet Broker like Gigamon, and passive fiber optic taps at all your strategic network patch panel junction points.
Then you can use network security tools from Fireeye for sandbox analysis and Aruba IntroSpect for UEBA and Network Traffic Analysis.
A full network packet capture from the above infrastructure would also benefit your security analysts to perform comprehensive security investigations from detailed network traffic forensics.