Are Firewalls and IPS enough?
Five years ago the majority of network managers would feel confident that network defences such as firewalls, proxies and Intrustion prevention systems (IPS) would be suitable security to protect our businesses assets.
However we are seeing an increased threat on the internet known as ATP (Advanced persistent threats). These are high profile attacks consisting of sophisticated techniques to exploit a vulnerability found in your system, normally executed over a long period of time in a covert manner. The ultimate goal is to gain ongoing access to your system and gather as much information as possible. A prime example of an ATP attack was when China stole the F-35 blueprints from Lockheed in 2007 – As shown in documents leaked by Edward Snowden. These designs then influenced the design of China’s new J-20 fighter.
Although we can feel confident that a good firewall combined with a decent IPS will deal with most of the known attacks and threats out there we also need to consider the increased risk of ATP attacks. These types of attacks can be sufficiently reduced with devices such as a Sandbox.
What is a Sandbox?
A sandbox is a component that executes untrusted code. So in the example where a threat bypasses the IPS it then feeds traffic into a sandbox (normally a virtual machine) for analysis. If the executed code on the VM is considered a threat it is then quarantined for action. If the action is to drop the threat the threat signature can then be used in the future to drop threats that have the same criteria.
This technology has been around for a few years but only until recently has it become more affordable for smaller businesses. In today’s world of cyber security it is defiantly a technology that should be put on the IT budget.
Don’t leave it too late!