It today’s world, it’s a stark reality, odds are that at some point you will get hacked. This may come in many forms and fashions. Sometimes it’s just annoying like pop-ups in your browser and others can be more severe like ransomware. There are other types that are way more concerning. Consider this, a user receives an email that appears like it’s from someone inside your company with an excel document. They click on the document and they get an annoying bar that says click here to enable macros. They click the enable button and nothing happens from what the end user can see. What the user can’t see is that they’ve just connected their PC to a hacker that now has complete access to the user’s computer. From there, they can log keystrokes and gain information from the user. They can also pivot and try to find an administrator username and password and if they can do this, they now have complete administrative access to your systems.
So what can you do? Well, what do you do if you’re cold? If you’re like me and you get cold, you put on another layer of clothes. Still cold, add another layer. Cyber security is similar to that. You can add as many layers as you need until you’re no longer “cold”. Cisco has a family of products that when used in conjunction with each other, provide layers of security that prevent most hackers from gaining access and exploiting your systems.
The most important first layer is AMP for endpoint. This is hardware agnostic and recommended for any customer. This is an anti-malware program that runs on computers and servers that provides a layer of protection to identify and block dangerous traffic. I’ve seen the benefits of this firsthand when I tried to open an attachment that I thought was from a known sender but after looking further was not. Essentially, I got a pop from AMP that said what was wrong with the file and didn’t allow me to open it. Like most Cisco security products, AMP for endpoint relies on the Talos database to protect you from zero day threats. Another very important feature of AMP for endpoint is that it will prevent malware from spreading host to host. http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html
The second layer I’d recommend for any customer with any hardware would be OpenDNS. OpenDNS works on the DNS level and prevents the attack before it could even happen. If OpenDNS blocks a DNS request for information from the Internet, the attack cannot possibly happen. Another added benefit of OpenDNS is that you can do URL filtering as well. https://umbrella.cisco.com/products/features
The third layer I’d recommend, especially if you have the X series of ASA’s, is Sourcefire. Sourcefire provides intelligence to your firewall and allows you to do things like URL filtering, advanced malware protection, heuristics, inline SSL decryption, geo-blocking, alerting, and more. http://www.cisco.com/c/en/us/products/security/ngips/index.html
Now, what about the situation where a user needs to send an encrypted email or you’re receiving multiple phishing emails? Cisco has a solution for that as well. Cisco email security provides you the ability to do encrypted emails, filter out unwanted emails, scan attachments, prevent ransomware, and more. http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html
Have you ever thought about what would happen if an employee was getting ready to leave the company and started uploading all their files to an HTTPS site? Would you know, what would you do, how could this impact you? Cisco has a product called Stealthwatch that watches the network and can catch anomalies. http://www.cisco.com/c/en/us/products/security/stealthwatch/index.html
I know that’s many different products doing a multitude of things but in a perfect world, those would be my layers. Not everyone lives in a perfect world with an unlimited budget so at a minimum, I think everyone should have AMP for endpoint running on all systems that can run it. Add OpenDNS to that and they make a perfect team to identify and stop threats inside and outside your network. Also, if you already run the new X series of ASA’s, it’s a minimal investment to reap the benefits of Sourcefire.