Hackers always seem to be one step ahead of the rest of us when it comes to Unified Threat Management (UTM). As soon as one security vulnerability is patched, the hackers find another one to exploit. Or, even more perniciously, they find entirely new strategies for attacking individual computers and/or massive computer networks.
As a result, ensuring that your company’s computers and networks remain healthy has become a full-time job that requires knowledge of the latest threats along with potential counter-measures.
Fortunately, you don’t have to battle this Cylon Centurion’s hacking attempts alone. UTM attempts to provide all your network security using a single network appliance and/or specialized software. This appliance may be physical hardware installed as an edge-device in your office or datacenter, or a cloud-based application, or some combination of the two. In fact, as many companies are now migrating some or all of their IT services to the cloud (see our previous blog “Cloud Migration, or Hey You! Get Off of My Cloud!” maintaining a rock-solid, failure-free connection to the cloud becomes all important.
Let’s first review the major types of computer/networking threats, then discuss some counter-measures, and finally bring it all together with UTM solutions.
Your computer and computer networks are under virtually constant attacks from various evil-doers. Many of these threats have been around for decades, while hackers constantly update their techniques and sophistication. Below is a brief overview to many of today’s threats.
This ubiquitous attack method continues to be one of the least sophisticated, yet most successful attack techniques. Most of us understand that fraudulent emails and/or websites are to be avoided, yet plenty of people continue interacting with them. Users voluntarily offer up their login credentials, financial information, and other sensitive data.
Malware refers generally to any malicious software that installs itself on an unsuspecting computer or network. Once installed, the malware may begin executing one of many nefarious activities, including corrupting data and/or programs, stealing user credentials, financial information, or company proprietary information, or simply monitoring computer and network activity.
Malware encompasses the gamut of malicious software including:
This threat infects a host computer for the sole purpose of performing crypto-mining, without your knowledge or permission. Crypto-mining refers to a highly CPU intensive process that is required to facilitate crypto currency (such as Bitcoin) transactions. In exchange for this service, the miner is rewarded with some small payment of the crypto currency.
Botnets refer to large scale computer networks that have been compromised by malicious software and can be controlled to operate en masse by the hackers. A common use of these botnet networks is to launch DDOS (Distributed Denial of Service) attacks aimed at a particular website. Each compromised computer is ordered to flood the target website with enough traffic to cripple or even completely crash the desired target.
Unfortunately, commercially available security software has become a real security concern. A recently released study by AV-Comparatives tested 250 commercially available anti-malware software packages. The study, “Av-Comparatives’ 2019 test of Android antivirus products”, concluded that of the 250 tested products, “138 of the vendors detected less than 30% of the Android malware samples, or had a relatively high false alarm rate”. They also concluded that they considered the products “by 61 developers to be risky”.
These kits are designed to give hackers more command and control over the infected computers and/or networks at the operating system level. They are sophisticated software packages that, once installed, allow hackers to scan and/or manipulate sensitive data to various malicious ends.
SQL (Structured Query Language) is the database software environment that runs and maintains many company’s sensitive data. SQL Injection attacks attempt to insert malicious SQL code into the database. If compromised, all the data in the database may be stolen or corrupted.
These occur when the hacker places himself in-between two unsuspecting parties. Once inserted, the hacker has access to all the data flowing between the users. A common means of effecting this type of attack occurs when using unsecured public WiFi networks. The hacker tricks the user into routing all data through the hacker’s computer before it reaches the WiFi network. Other sophisticated techniques used to hijack private internet connection include DNS spoofing, IP spoofing and HTTPS spoofing.
These may occur when a compromised or fraudulent website is accessed. The web browser or application accessing the site is unknowingly used to automatically download malicious software. These attacks do not require the user to click a malicious link or download a malicious file.
These are attacks that do not install malware on your computer. Instead the attacker uses tools and capabilities native to the computer OS, and executes the attack from RAM memory directly, with little or no hard disk footprint.
These attacks exploit security vulnerabilities as soon as they are discovered and before the vendor has a chance to issue a security patch update.
Although the cyber threats to your computers and networks are very real, the good news is that developers continue to counter these threats with new and sophisticated technology. Below are briefly discussed some of the most current and effective methods of countering cyberattacks.
One of the most effective and cheapest way to protect your company from cyberattacks is to maintain a relevant security policy that is well understood and respected by your team. Keeping users from responding to phishing emails or engaging with fraudulent or malicious websites or apps is the best way to ensure your systems do not become corrupted. Educating employees about these dangers is critical.
Intrusion Detection/Prevention Systems (IDS/IPS) perform one of the most important anti-malware features – detecting and preventing malicious software from entering your computer and/or networks. Both systems monitor computer and network activity, sometimes at the packet level, looking for anomalies and/or known malicious threats, often identified by unique data signatures or blacklisting. IDS simply issues warning or reports about detected threats, while IPS attempts to take pre-emptive action to disable the threat before fully compromising your computer or network.
NextGen firewalls provide several sophisticated additional capabilities that allow firewalls to be even more effective and proactive in protecting computers and networks. Stateful firewalls have been around for a while and are a great improvement over previous generation’s stateless firewalls, but next generation firewalls continue to add much needed capabilities. NextGen firewalls add network context (layer 7 aware) and deep packet inspection (inspecting the payload as well as the packet header) to the firewalling decision process. NextGen firewalls also typically provide some level of IPS and also adds the ability to use external intelligence sources as part of the decision process.
This technique is often used as part of the firewall and allows the admin to block specific websites (and/or email) that either contain objectionable content (pornography, hate, violence, etc.) or originate from a suspect IP address.
These provide cloud-based, encrypted internet gateways at the outer edge of your network. They force a single internet access point to your internal network where you can rigorously enforce security protocols, even with employees accessing the network from remote locations and arbitrary devices. Real-time monitoring of incoming and outgoing traffic at the gateway, URL and content filtering, data leakage protection, and general malware protection are typically performed.
Virtual Private Networks are encrypted internet “tunnels” that ensures all traffic that enters or exits your network through the VPN is secure.
The sheer number and increasing sophistication of cyberthreats make finding a single, unified solution very attractive. Fortunately, there are many companies these days that offer UTM solutions some of which are comprehensive UTM solutions including SD-WAN. These solutions can be physical network appliances connected at your network’s edge, but increasingly, the UTM solution is realized as a cloud-based virtual appliance. Any UTM solution you consider should address all of the above threats, and also have significant capability with respect to all the counter-measures above.
A cloud-based UTM system allows you to completely control the security protocols for your entire network using a single, integrated portal. This is especially useful for companies that have remote sites (headquarters and branch offices, field sites) and/or a mobile workforce that often accesses the company network from offsite. A cloud-based UTM solution ensures that rigorous security protocols are enforced for all data traversing the company network, regardless of access point.
If a cloud-based UTM solution appeals to you, then maintaining a rock-solid connection to the cloud becomes critical. Mushroom Networks devices ensures your connection to the cloud stays up even as network conditions deteriorate or individual WAN down go down, using SD-WAN, cellular-bonding, and advanced failover features.
Rob Stone, Mushroom Networks, Inc.
Mushroom Networks is the provider of Broadband Bonding appliances that put your networks on auto-pilot. Application flows are intelligently routed around network problems such as latency, jitter and packet loss. Network problems are solved even before you can notice.
© 2004 – 2020 Mushroom Networks Inc. All rights reserved.
Download your copy of rare tips and tricks for a better WAN. Get your free copy today!
We respect your privacy.