What is threat prevention?

Four steps for threat prevention

Providing sufficient threat prevention can be overwhelming. In our network security checklist, we identify five simple steps for cyberthreat prevention. Below we outline the main components.

Secure the perimeter

The first component to consider is the perimeter. Traditional firewalls and antivirus solutions are no longer sufficient. However, next-generation firewalls (NGFWs) integrate Advanced Malware Protection (AMP), Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), and URL filtering to provide a multilayered approach.

An NGFW is a crucial first step to securing the perimeter and adopting an integrated solution.

Protect users wherever they work

Today, over 50 percent of employees are mobile. As employees change the way they work, IT must adapt. IT security solutions should focus on protecting employees wherever they work. Employees may work at the central office, a branch office, or at any location with a mobile device.

For most IT departments, mobile device security has been the biggest challenge. Despite being difficult, it is important to address mobile device security because businesses will continue to increase the number of mobile devices. Technologies such as virtual private networks (VPNs) and user verification and device trust can immediately improve mobile device security.

Smart network segmentation

Software-defined segmentation divides your network so threats can be easily isolated. With an increase in business applications and users, codependencies can be difficult to identify. For sufficient threat prevention, businesses must have advanced network security analytics and visibility to identify all of the interdependencies of a network.

Overly segmenting the network can slow things down. Not segmenting enough can allow attacks to spread. Businesses must be smart and efficient when segmenting.

Find and control problems fast

Security breaches will happen. A crucial element of threat prevention is identifying and removing problems. This requires extensive visibility and control. It also requires well-prepared IT staff. To help prepare, we often recommend that businesses develop an incident response plan and test current network solutions with penetration testing.

Types of threat prevention and detection solutions

NGFW

As mentioned above, an NGFW is a crucial first step to threat prevention. Traditional firewalls simply grant or deny access. While this seems intuitive, its efficacy relies on the accuracy of the policies and restrictions that have been programmed. For example, if a threat is new and unknown, IT has likely not yet set policies to deny it access.

NGFWs, however, integrate with additional software solutions such as NGIPS and AMP. If an unknown threat evades automatically enforced policies, these additional solutions provide detection and remediation tools to protect your network. With all of these extra tools, an NGFW provides enhanced visibility, automation, and control over your network.

NGIPS

NGIPS provides superior threat prevention in intrusion detection, internal network segmentation, public cloud, and vulnerability and patch management.

• Intrusion detection requires technology that keeps pace with evolving threats. NGIPS provides consistent protection and insights into users, applications, devices, and vulnerabilities in your network. With conduct file-based inspection and integrated sandboxing, NGIPS can detect threats quickly. If a threat evades defenses, NGIPS provides retrospective analysis to remove and remediate threats late in their lifespan.
• Internal network segmentation allows for enterprise organizations to provide a consistent enforcement mechanism that spans the requirements of multiple internal organizations. Segmentation can accommodate the different demands of the network and various workloads with ease.
• NGIPS provides consistent security efficacy enforced across both public and private clouds. Your NGIPS should support multiple hypervisors including Azure, AWS, and VMWare. These applications are independent of the virtual switches underneath. NGIPS allows policy enforcement across the network on premise devices, public cloud infrastructure and common hypervisors conducting deep packet inspection between containerized environments.
• With vulnerabilities and patch management, you have ability to be more selective based on insights from NGIPS. Often an organization’s test process and/or environment can delay patching high priority vulnerabilities. Implement these changes in a shorter period of time with fewer resources. Never have to roll back a patch; changing the IPS settings is far easier.

AMP

Advanced Malware Protection is a crucial component of next-generation solutions. Malware continues to evolve and adapt. For this reason, malware can be extremely difficult to detect at the perimeter of the network. By combining an NGFW with AMP and threat intelligence, networks can identify many more previously unknown malware threats.

While threat intelligence can identify more threats, your network will still be challenged with new, never-seen-before malware. Some of this malware can have timers and other stealthy attributes that disguise malicious behavior until it has entered the network. There are, however, AMP solutions that continuously analyze files throughout their lifespan. This is crucial. With these capabilities, AMP will immediately flag malware that begins exhibiting malicious behavior down the road.

AVC

Businesses are using more applications than ever before. With Application Visibility and Control (AVC) technology, organizations can create a true application-aware network. Deep packet inspection (DPI) can classify applications, and combined with statistical classification, socket caching, service discovery, auto learning, and DNS-AS, AVC can give visibility and control to network applications.

With enhanced visibility, organizations can address threats much quicker. Sometimes, applications can be network vulnerabilities. If an organization cannot fully see all of their applications, then they cannot protect them. Application analytics and monitoring gives immediate insight into application performance. Lackluster performance can be a sign to investigate for threats.

Threat intelligence

Threat intelligence raises the strength of all of these solutions. World-class threat intelligence transforms these technologies from good to great. Network protection and visibility increases an organization’s ability to stop threats. All of this, however, assumes an organization can determine if a file is malicious or safe. This is unlikely. Most threats are unknown to the network.

Threat intelligence can alert your network if an unknown threat has been deemed malicious somewhere else on the globe. Suddenly, a significant amount of unknown threats become completely known and understood with threat intelligence!

User verification and device trust

Network access control is imperative to security. With user verification and device trust solutions, networks can establish trust with user identities and devices and enforce access policies for applications. Two-factor authentication can verify user access right before accessing corporate information and resources. In addition to verifying the user, device trust solutions can inspect devices at the time of access to determine their security posture and trustworthiness.