Is Your Security State of the Art?
With only until the GDPR compliance deadline, it needs to be. We can help.Learn more
No single technology, however advanced, can provide equal protection against malware, exploits, phishing, ransomware, internal data leakage and other threats across the many places personal data may live inside an organisation. Therefore, it is crucial to employ a layered approach, leveraging multiple security techniques appropriate for protecting the data where it resides, including proven approaches like anti-malware as well as newer techniques like custom sandboxing and machine learning. This ensures that every attack can always be countered with the most effective protection methods. Importantly, it’s not only about the technique itself, but also about how threat data is shared and used. By automatically sharing the latest threat information across the entire security infrastructure, state of the art solutions can deliver enhanced protection even against unknown and complex attacks.
A simple truth: There is no absolute security. Under the GDPR, all accidental or unlawful breaches of personal data protection must be reported to supervisory authorities "without undue delay", which translates into the requirement that any breach needs to be reported on within 72 hours. To fulfill this requirement, businesses need to be able to quickly identify new and ongoing attacks or data leakages and assess their impact on data security. State of the art solutions must provide visibility into the entire infrastructure and the attack lifecycle.
If an incident occurs, businesses need to demonstrate that they have done everything to minimise the consequences for impact to personal data security. Threat mitigation is an essential component of state of the art security. Businesses need to be able to respond to threats by automatically closing attack vectors, distributing threat information on all infrastructure levels, and proactively shielding vulnerabilities across all areas that contain personal data that is in scope for GDPR.
Security Must Evolve
Cybercriminals are constantly searching for vulnerabilities and developing more sophisticated forms of attack, including ransomware attacks like WannaCry, Petya, and others. These attacks can be focused on users, on networks, and on corporate workloads across the hybrid cloud, requiring that a strategic approach to security is taken in order to not only solve the problem, but also be cost effective. Sustainable security solutions must evolve and adapt by frequently updating and leveraging new threat information as soon as it becomes available. To help with the ongoing process of GDPR compliance, using a state of the art, security solution that provides comprehensive protection, detection, and response for the entire infrastructure, from endpoints, to networks, and the hybrid cloud, can streamline the overall process while also increasing security.
Watch the latest GDPR webinar"Highlighting Security Flaws ahead of GDPR"
Attacks on the endpoint are becoming more and more complex, and there is no silver bullet to protecting these sensitive targets. Only a combination of multiple security techniques combined with the latest threat information can help to protect the endpoint and personal data from known and unknown threats. State of the art endpoint security should provide:
- The most effective and efficient security techniques across generations, including sandboxing and machine learning
- Behavioral analysis and application white-listing to prevent ransomware attacks
- Remote erasure of personal data on mobile devices
- Safe usage of cloud services like Box, Dropbox, Google Drive, SharePoint Online, OneDrive for Business, etc.
- The latest threat information for use across the entire security infrastructure
Corporate users are primary targets: More than 90 percent of all targeted attacks start with an email. Users are tricked into opening dangerous file attachments or links by cleverly forged phishing messages. Infections can also occur if users open manipulated websites while browsing the internet. State of the art security can facilitate safe email and web usage for all employees through:
- Detection of phishing attempts and other attacks, including ransomware, via email
- Identification of threats in Microsoft Office documents and file attachments
- Blocking links to potentially dangerous websites
Data Loss Prevention & Application Control
Businesses can leverage Data Loss Prevention (DLP) rules to warn their employees of accidental misuse of data. Furthermore, they can control what kind of apps are used and which data can be transferred. State of the art security solutions offer features like integrated DLP, application control on Windows and mobile operating systems, and a central reporting solution allowing businesses to define the way their users could process the data. In addition to this, encryption for devices, file folders, and emails can be used to ensure safe transfer of data.
Hybrid Cloud Security
Using legacy security products can introduce unforeseen vulnerabilities in virtual and cloud-based environments, negatively impact performance, and make it extremely challenging to demonstrate compliance with the requirements of the GDPR. With significant fines resulting from an incident – up to four percent of global turnover or 20 million Euros – the opportunity to take advantage of modern cloud architectures while also ensuring security and compliance is attractive and possible with state of the art approaches. State of the art hybrid cloud security requires the use of solutions that are optimized for virtual, cloud and container workloads.
Multiple capabilities with complete visibility across the hybrid cloud
State of the art security should be able to automatically and simultaneously protect virtual desktops and server workloads across physical, virtual, cloud and container environments from threats like zero-day malware, and ransomware, as well as attacks using vulnerabilities like the Windows SMB vulnerability used with WannaCry. Workloads across the hybrid cloud should automatically be visible and secured as soon as they become active, while only enforcing the appropriate security policies to maximize performance and efficiency. This means deep integration with leaders like VMware, AWS, and Microsoft Azure is required as a fundamental element of state of the art security. State of the art hybrid cloud security should include:
- Centralized protection for physical, virtual, cloud, multi-cloud, container and hybrid environments
- Malware protection, including anti-malware, behavioral analysis, and web reputation
- Network security for each workload, leveraging intrusion detection and prevention(IPS) to stop attacks and shield vulnerabilities with virtual patching
- System security that can lock down systems with application control, monitor system integrity, and also logg and report any security incidents
- Deep integration with leading environments from VMware, AWS, and Microsoft to streamline visibility, management, and security
The GDPR requires comprehensive protection of personal data using state of the art security technologies – but security is never absolute and incidents may still occur. Under the GDPR, businesses are now required to report all breaches of personal data protection to supervisory authorities within 72 hours. This means that you have to be acutely aware of all activities on your corporate network – a challenging task, especially because new generations of targeted attacks often manages to evade conventional detection methods.
Detection of Targeted Attacks
A state of the art security solution should deliver complete visibility into the network and, at the same time, automatically prevent targeted attacks. Alternatively, Computer Emergency Response Teams (CERT) and Security Operation Centers (SOC) should be able to be provided with the necessary information to cope with the incident. The identification of targeted and concealed attacks in real-time cannot be achieved through conventional methods. Specialized detection engines and advanced capabilities are required, for example heuristics, user-defined sandboxing, and the ability to leverage the latest threat information. A state of the art network defense strategy should include:
- Sophisticated detection engines for identification of targeted attacks in real-time
- Heuristics, correlation rules, and user-defined sandboxing
- The latest threat information, made available across the security infrastructure
- Detection and protection from spear phishing and targeted email attacks
- Logging of endpoint activities for quick analysis of attacks and subsequent reporting
Your defense needs to be
A smart defense leverages a cross-generational blend of threat defense techniques that are layered to protect personal data against known and unknown threats, whether data is at rest, in transit, or at any stage of processing. While new security techniques will be introduced over time to address new threats, current techniques are still relevant and necessary for data protection. This cross-generational blend of techniques enables the most appropriate and ecient technique to be used to address each threat—there is no such thing as a security silver bullet.Learn more
Your defense needs to be
Optimization is critical during the deployment on your defense mechanism: your security must be woven into the personal data processing fabric, with techniques that eciently secure both legacy and new enterprise environments, including cloud and containers. This optimization provides visibility across users, servers and networks, enabling organizations to analyze and assess the impact of threats, evaluate the technical security infrastructure posture, and quickly get a birds-eye view of incidents that have occurred across the enterprise.Learn more
Your defense needs to be
A connected defense helps to both prevent and remediate personal data breaches by sharing real-time threat intelligence and automated security updates across all security layers. This proactive process stops malware—like ransomware— before it can impact personal data. Infected systems hosting personal data are isolated while malicious traffic that may retrieve, edit or delete personal data is blocked.Learn more