Here is the next installment of our best practices for the month of April:
GATEWAY DEFENSES – The security measures that we deploy on the gateway level serve as our first line of defense against the bad guys. We consider this multi-tier approach absolutely mandatory in our client networks. The goal of this approach is to stop as much of the malicious traffic at the gateway / firewall level before the traffic reaches the end users. Gateway Antivirus, Intrusion Protection and WebBlocker are some examples of technologies that we employ at the firewall level. We recommend using different AV vendors on the gateway vs. client-side. For example, we use Watchguard on the gateway which leverages definitions from AVG and on the client side we use Symantec Endpoint Protection. This gives us a broader protection range.
Intrusion Protection Systems do most of the heavy lifting these days by inspecting the actual network traffic for threats instead of the files that people are downloading. IPS detections make up the vast amount of the security alerts that we see by a substantial multiplier. Leveraging IPS technology gives us a substantial advantage when it comes to preventing ransomware such as CryptoLocker.
WebBlocker technology serves as an excellent additional tier of protection by blocking websites based on certain categories. There are specific categories such as Adult Material, Hate, Intolerance, etc. that we can safely restrict without client push back. By restricting these categories, you eliminate literally millions of websites that could be hosting dangerous threats.