Many people are under the impression that having Anti-virus software on their office computers is sufficient to protect them from cyber-attacks. In fact, it isn’t.
This is a common phrase we hear time and time again. Many people are under the impression that having Anti-virus software on their office computers is sufficient to protect them from cyber-attacks and they do not believe they require any further cyber-security protection.
I don’t blame people for having this view point – I think it’s a fault of our industry for over-complicating matters especially with much of the jargon we use which results in those who are non-technical struggling to understand.
If I said to a non-technical worker: “you need a high throughput Next Generation Firewall with DDoS protection, ATP, threat emulation, threat extraction and URL Filtering” they would not have a clue what I was on about! But this is how cyber security is being marketed to people at the moment.
It is not just security providers that are doing this, it’s the media as well. We forget that this is a very new threat to our businesses as a whole and people do not understand it.
Take the recent BBC article on Kaspersky being hacked for example: https://www.bbc.co.uk/news/technology-33083050
People non-IT based, will see this article and many others like it and see words like ‘Malware’ and think that their Anti-Virus will protect them from this threat. I am not saying that Anti-Virus is useless; it is fantastic that people are knowledgeable enough to implement it and it performs an invaluable job to millions of computer users all over the world. But, in a big organisation it is just not enough and should be used alongside a Next Generation Firewall.
It is extremely easy to create a virus which will not be detected by the top 30 anti-virus products for at least 2 weeks. It would take an ethical hacker about 5 minutes to make. Within 20 minutes it could be on your network after being sent as an attachment to a completely normal looking email to a member of your organisation. Your normal anti-virus wouldn’t pick it up and it would be free to steal all of your information.
So how does a Next Generation Firewall do things differently?
Well, let’s take this question and break it down. The most important point to make is the integration of “threat emulation” and “threat extraction” in Next Generation Firewalls.
Threat Emulation is a fantastic technology that is the cornerstone of a lot of Next-Gen Firewalls. Every file which passes through your network is analysed to see what its behavioural traits are. For example, if you are sent a normal Microsoft Word document, it will let it through and you will be able to open it. But if you are sent a seemingly normal looking Microsoft Word document, but in the background it tries to download another file, it will be blocked. This is because MS Word documents do not do this as part of their normal behaviour.
Threat extraction does not allow threats to enter your network. It does this by reconstructing a document which is sent to you and thereby protects against both old and new forms of malware.
The consequences of not being secure are becoming more obvious every year. As we move to the “paperless office”, more and more documents are being stored on computers and in turn, have the potential to be hacked and released into the hands of the public. A data breach could cost a company thousands upon thousands of pounds. Not just in fines from the Information Commissioners Office for a breach of data protection, but in lost revenue from customers and suppliers who have lost trust, in resignations of employees who’s data has been released and in added marketing fees from trying to re-build the image of the brand. The threat landscape is so vast with new threats on the horizon everyday that anti-virus software simply is not enough to protect a business from all these vulnerabilities. It is therefore important that we try and dispel the common misconception that anti-virus is in fact enough.