According to the Department of Home Affairs, cybersecurity incidents cost Australian businesses up to $29 billion each year, at an average cost of $276,323 per business attacked.
This year, we’ve seen reports of cyber attacks on well-known businesses such as Fisher & Paykel, Lion, Avon and Toll, as well as the Government’s recent warning of a sustained cyber targeting of Australian governments and organisations by a sophisticated state-based actor. Smaller businesses are not flying under the radar either, with 60% of cybercrime impacting SMEs.
These cyber threats come in various forms, but generally target cyber assets and business continuity, with common examples including:
- Malware. This is any type of malicious software installed on someone’s computer without their knowledge, which is designed to cause damage to the computer, server or computer network.
- Phishing. This is where a user is sent an email that is designed to appear trustworthy and to persuade them to click on a link and then to sign in or provide other sensitive information. ‘Spear-phishing’ adds an element of personalisation, often where attackers target victims using personal information that they’ve published online.
- Ransomware. Ransomware is software that will block or disrupt access to systems or threaten to publish the victim’s data unless money is paid to the hacker who’s holding them ‘hostage’.
To protect against these and other threats, two critical measures for businesses are sophisticated endpoint protection with endpoint detection & response (EDR) and next-generation firewalls (NGFWs). Here we take a look at what they do, why they’re important for businesses, and the specific solutions we recommend.
Endpoint Detection & Response
Traditional antivirus endpoint protection detects and attempts to remove recognised malware from your system.
Next-gen EDR software on the other hand uses AI to proactively monitor the programs and systems running on your computer to detect suspicious behaviour, including from unknown threats. When this is detected, EDR software shuts the malicious activity down before damage can be done, investigates the incident, and provides remediation guidance.
As well as targeting malware, EDR can protect against phishing by inspecting traffic and enforcing firewall controls to block access to scam sites, and also against ransomware due to the way it behaves, whereas these threats are likely to go undetected with traditional antivirus software.
For the best in autonomous endpoint security with EDR, we recommend SentinelOne – the highest rated vendor in Gartner’s 2020 EDR ‘Voice of the Customer’ Report.
SentinelOne delivers the security you need to prevent, detect, and undo known and unknown threats. It’s the only platform that defends every endpoint against every type of attack, at every stage in the threat lifecycle.
Firewalls monitor and control incoming and outgoing network traffic, acting as security between a trusted internal network and an untrusted external network, primarily the internet.
While traditional firewalls monitor the flow of traffic allowed to enter or exit a point within the network – either by checking over each packet of data individually (the ‘stateless’ method) or by also keeping track of the full cycle of the flow (the ‘stateful’ method’) – advanced NGFWs combine this with additional network device filtering functions, such as:
- An application firewall using DPI. Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being transmitted through the firewall and can take action by blocking, re-routing or logging it.
- Intrusion prevention. Being more intelligent and with deeper traffic inspection, NGFWs also perform intrusion detection and prevention.
- Encrypted traffic inspection. NGFWs can decrypt and inspect SSL and SSH encrypted traffic and then re-encrypt it, providing additional protection from malicious applications and activity that try to hide using encryption.
- Website filtering. This function screens incoming web pages to determine whether some or all of it should not be displayed to the user.
- QoS bandwidth management. This allows control of network traffic flows so that it does not exceed network capacity, with the ability to allocate bandwidth for certain types of traffic, applications and users.
- Malware filtering. NGFWs can provide reputation-based filtering to block applications with a bad reputation, and also check phishing, viruses, and other malware sites and applications.
Threats to personal devices and larger networks are constantly evolving and increasingly targeting Australian businesses. With the advanced flexibility of a NGFW, you gain protection from a much broader spectrum of threats and intrusions. For our cybersecurity clients implementing NGFWs, we generally recommend Gartner’s ‘Magic Quadrant’ leaders, Fortinet and Palo Alto Networks.
Fortinet’s FortiGate NGFW is a high-performance network security appliance that adds intrusion prevention, application and user visibility, SSL inspection, and unknown threat detection to the traditional firewall.
Palo Alto Networks’ industry-leading family of NGFWs are the first to leverage machine learning for proactive real-time and inline zero-day protection, as well as offering 5G-ready NGFW protection.
We’re Here to Help
To discuss the options for bolstering your organisation’s cybersecurity whether in EDR, NGFW or otherwise, enquire now and speak with our cybersecurity experts.