Here at PCSN we take security very seriously!
An integral part of security for any network is to analyze all traffic entering the network at the boundary and blocking malicious traffic before it enters the network. Think of it as the border agent that will inspect all bits of traffic trying to come in and all bits of traffic trying to leave, and these “border agents” do more than just ask the packet trying to enter if it has good or bad intentions.
As with any security practice, we take a multi prong approach to security by multi prong I don’t mean separate spam filter, anti virus and anti spam but multiple prongs within this border “checkpoint” and we will discuss the multiple vectors we protect our clients from before such traffic enters the network so it never has a chance to use up bandwidth that you are paying for.
Keep in mind our system doesn’t just inspect traffic trying to enter but also traffic that tries to leave the network so we can catch traffic with a destination that is not legitimate, is abnormal for the source or for the type of traffic it is.
As for traffic wanting to enter your network, we check if the packet has a malicious payload, is from a known nefarious source, has an abnormal construct or if the quantity of such packets is not normal for the intended destination.
We use Talos (https://www.talosintelligence.com) intelligence to determine traffic types, sources and payloads of the traffic. Talos intelligence offers the best type of information about internet traffic and its parent CISCO uses the same information to protect large enterprise and government agencies. In addition to Talos’ intelligence about known bad sources, destinations, payloads and constructs, we also have intelligence built into the appliance at the boundary of the client network to take into account the amount and times of traffic passing to dynamically adjust thresholds and behavior.
Once a packet matches any of the above patterns we then take action depending on the type of client, type of industry or line of work. An action can be something as simple as an alert only or can be to deny the traffic altogether.
We fine tune all these vectors based on each client need and requirement, for example a client in finance industry will have much stringent controls compared to someone, for example, in manufacturing.
We also collect this information about type of traffic, public source and destination to analyze it and use it to the benefit of everyone. So for example, if a client gets attacked at 8am EST from a certain source we detect and block the IP even if our signatures don’t detect the attack pattern and by the time it turns 8am in CST the clients’ in central time zone are already protected.
We use similar intelligence in outbound traffic as well. So if at a certain time some unknown piece of code tries to talk or send data to a certain destination we detect and block it to not only conserve bandwidth at the client sites but also keep customer intellectual property safe. Then we go a step further and analyze the destination address and if needed add it to the control list of bot command and control destinations so everyone can benefit and stay safe.
Here’s a glimpse into the internet threat landscape:
So Implement MFA, get the antivirus and antimalware applications and monitoring deployed have a training session for users and then kick it up a notch by deploying our Intrusion Prevention system.