Up there with the observation that water is wet, is the following advice: locking down your corporate network by only granting access to authorised devices and users is the best way to minimise the chances of devices on your network becoming infected with malware.
Malware is incredibly dangerous. No longer do Internet-borne viruses just inconvenience people with the need to call IT to sort out low-level infections, lately they’ve evolved to steal data and lock down networks entirely and demand money for the unlock key.
And being cut off from vital business data is a sure-fire way for companies to end up closing their doors altogether.
Worse still is one particular statistic out of Cisco’s Midyear Cybersecurity Report 2016: the average time malware sat dormant and undetected on corporate networks was 100 days last year. Obviously, that’s not good for anyone but the hackers who created it.
As anyone who’s ever managed a corporate network professionally will tell you, malware can enter a corporate network from a staggering number of sources.
Effective IT security, then, means being aware of – and having control over – every single one of those sources, which is why high visibility of every device, port, access point and network switch in your entire network from a single pane of glass is so essential.
Achieving that comes from having strict access controls in place, which give you control over your users and devices, tell you who’s logged in, what each user and device is doing, and whether or not those users and devices are allowed to be doing those things.
Access control, and the high degree of network and device visibility that comes with it, is a vital part of any IT strategy intended to minimise the chances of a successful malware attack.
Another part of dealing with unauthorised access and malware outbreaks is a matter of creating and enforcing intelligent policies, made easier in 2017 by centralised policy management that swings into action automatically when violations are detected.
In fact, policy management is so smart these days that it’s able to automatically isolate and contain infected or unauthorised machines on your network and in so doing limit the data they have access to and the amount of damage they can cause.
In this way, businesses are able to turn their networks into sensors that alert them when breaches happen and reduce the average detection and response time from 100 days to mere hours – 13 hours according to Cisco.
And this is just what business needs, as unchecked breaches could potentially cost a lot of money – in 2016, the average cost of a breach the US was around $4 million.
Fortunately, the big-name networking companies are fully aware of these trends and have developed their own technologies that do exactly this.
Cisco has its Identity Services Engine for access control and Stealthwatch for improved visibility and both are built into the company’s next-generation firewalls.
At BCX, we offer an end-to-end service, from analysis and assessment, through to building and managing your security to help your business survive in this day and age of many cyber-attacks. Speak to us about keeping your network secure because its absence could be your downfall.
This article was published in partnership with BCX.