Cyber threats have increased significantly in the wake of increased connectivity and organizations must adopt comprehensive security measures to defend the business
The world is witnessing an unprecedented rate of data generation. By 2025, IDC estimates that the planet’s population will generate 175 zetabytes of data. Just to set the context a zetabyte comprises 21 zeros. As humanity becomes more and more digitized with IOT devices, intelligent agents and machine learning applications, autonomous drivers and sensors in our bodies, homes, workplace streaming real-time data, the planet will be churning out mind boggling amounts of data.
With so much of data around, managing, monitoring and securing that data becomes an even larger nightmare. And cyber security threats are increasing with more frequent and vicious attacks—the year 2021 witnessed a 50% increase in the number of cyber-attacks per week on corporate networks than in 2020, according to research by CheckPoint Software Technologies.
Worse is that these are serious breaches—Global Security Insights, 2021 by VMWare reported 2.35 breaches on an average per year and that there were material breaches in eight out of 10 cases which required reporting to the regulators or an incident response team to take action.
So how does an organization defend itself. Speaking with Enterprise IT from Dubai, Mohan Raj, Regional Director, the Gulf & India at LogRhythm, Enterprise IT finds that the company has been working closely with organizations in Asian and Middle East strengthening the security posture and here are few things that businesses must adopt to achieve robust security.
- Whitelisting of IP address, identities, applications allow users to access only known whitelisted services and denies access to any other traffic by default. This is an extreme cyber security strategy by any measure as users can access only that which the administrator deems is a safe resource or application.
- Ensuring proper network configuration including network segregation and network segmentation wherein user authentication is required at all layers. At the same time, ensure all patches are updated on a regular basis.
- Reducing the surface area of attacks by segregating the IT and telecom network. Segregation of critical infrastructure from the Internet and other less sensitive networks. Block all unused ports so it is easier to monitor traffic and no unwanted threat vectors can access the enterprise network. Suspend all dormant services which can be the source for backdoor entry for threats.
- Establishing real-time communication between IT and the core which practically eliminates the chances of security breach as the interaction is live and synchronous. There is a direct path between the source and the destination, even though there may be several intermediary nodes, the data goes from source to destination without being stored in between them.
- Create a zero-trust environment wherein everything and everyone must be authenticated while accessing any layer of the network and any resources within the network. Using a least privilege approach wherein user is allowed access and privileges based on the role helps in ensuring the environment is safe.
- Multi-factor authentication is a strong defense strategy to secure the networks from unauthorized access and to ensure that no malware can ingress into the system.
- Using strong passwords which are lengthy and complex is one of the simple, basic, but effective practice to ensure the security and hygiene of the environment.
- Accessing corporate systems remotely is a given under the new normal but the key is to make the access secure and fortify the environment in a manner that is seamless yet convenient for users. Using a VPN connection or SSL certificates over the public network.
Continuous monitoring is necessary to ensure thereat detection and prevention in real-time. Monitoring tools must be able to identify who is talking to whom, what kind of engagement is going on and identify any abnormal behavior to take remedial action.
- Detecting anomalous traffic behaviour and taking remedial measures can effectively thwart attack vectors. Intelligent algorithms with deep learning techniques can read and understand patterns and detect unusual behaviours to send alerts and take remedial actions such as denying access to individuals or shutting down a port or server which demonstrates unusual behaviour.
Speaking about the company’s presence in the region, Mohan Raj regional Sales Director, who is based in Dubai says, “LogRhythm established presence in 2015 and we have sizable presence in Asia, Middle East and Africa with more than 30 employees specializing in cyber security solutions, and providing real-time support services to organizations.”
Based in Colorado, US, LogRhythm offers range of security solutions including threat detection, prevention, behavioral analysis and provides a risk score to help deal with the challenge of alert fatigue based on a proprietary model which is updated with real-time inputs from multiple sources.