It’s Day Two of 2020, and security breaches continue to garner headlines across every geo and industry. Organizations who have been lax with or unaware of their network security posture, are feeling the brunt of it not only directly from data breaches and possible data exfiltration if not ransomware, but also from regulators and enforcers. Case in point: Singapore authorities are investigating two malware incidents that potentially comprised thousands of personnel data from the Ministry of Defence (Mindef) and the Singapore Armed Forces (SAF). The incident puts the spotlight on two 3rd party vendors that were managing the confidential data. One was a victim of email phishing activities involving malicious malware sent to employee email accounts and the other was a victim of a ransomware on a backup server to be encrypted on a given date.
The incident is one of many in an alarming statistic that should give pause to all organizations worldwide.
With respect to this incident, Today Online wrote a study in September, on the alarming rise in organizations in Singapore that are in breach of protecting confidential data, and the associated fines they incur. In a country that prides itself in being a technology hub, these incidents are more than just embarrassing. Data breaches leaves everyone vulnerable, the individuals affected, the vendors in charge of protecting their data, as well as the government agencies appointed to protect them.
In light of today’s cyber security landscape and in an era of stealth and sophisticated attacks, what does your cybersecurity resolution entail this year? How can you position you network security to protect valuable and confidential data and keep your business out of damaging headlines?
No one single security solution can beat hackers
The answer is this: No single security tool or solution is sufficient to stop sophisticated and targeted attacks coming from the outside or inside the network, where a significant amount of breaches occur. What we have seen to be successful is a multi-pronged approach – in order to fully protect valuable assets, organizations need to deploy multiple tools and techniques that complement each other and work in synch to provide a layered and constant shield that monitors and detects attacks in progress at different stages of the attack Kill Chain in order to effectively break the chain.
In the example of the dormant backup server scheduled with a ransomware date, if the network traffic had been monitored for abnormal behavior, it would have been flagged by the firewall and the relevant action recommended to the security admin. Stealth viruses that breach the perimeter of a network can only be traced by their footprint and the anomalous behavior they cause against a baseline behavior already captured by the right tool.
The Hillstone portfolio matches the needs of today’s businesses based on real-world needs, and based on available and advanced technologies. The foundation of Hillstone’s portfolio includes the most advanced technologies: artificial intelligence (AI), machine learning (ML) and behavioral analytics—to secure networks against unknown malware.
Hillstone’s Intelligent Next-Generation Firewall (iNGFW) and Server Breach Detection System (sBDS), work to help your IT team see and understand threats, while enabling your security admins to nip threats in the bud.
The Hillstone T-Series brings the power of AI to the firewall in order to:
- Detect unknown malware via its built-in proprietary engine that has analyzed over a million known malware samples and using statistical clustering, identifies malware variants that it subsequently adds to its living database of malware.
- Detect abnormal behavior based on behavior modeling, where it continuously monitors the network to gauge normal activity for a particular timeframe and provides alerts when network activity exceeds those logged thresholds.
- Deliver rich forensic analysis that allows admins to visualize in hyper detail every aspect of an attack, including the firewall policy that allowed the attacker to gain entry. Every action taken by a potentially malicious code is automatically linked to steps within the Kill Chain.
- Allow for preemptive mitigation through pre-defined policy templates that limit the bandwidth or the number of sessions of the attacker. In the most extreme instances where the attack is critical and the confidence level is high, mitigation can include a complete blockage of all network resources.
To protect critical servers such as the backup server containing confidential personnel data, the Hillstone sBDS is the ideal solution. sBDS combines multiple threat detection technologies — traditional signature-based as well as large-scale threat intelligent data modeling, and user behavioral analytics modeling. These engines help detect unknown or 0-day threat attacks and prevent ransomware incidents.
Tying the human and the artificial intelligence together in solutions that work
By 2020, if we have learned anything, it’s that technology and people (human intelligence and artificial intelligence) need to work hand in hand to be effective. In the phishing case, it’s apparent that education and awareness could have prevented corporate employees from being the weak link in their defense posture. Continuing to educate people and the industry on cyber security is as critical as having the appropriate security tools to help, enable and empower the humans behind it.