Having multiple layers of protection online is essential for businesses these days. In this video, Dave Spilker shares several data security tools provided to NE-INC clients, including Email Filtering, Firewalls and Internet Filtering, and Hosing Antivirus for specific computers.
Need help with your business? Contact us for a free evaluation HERE.
This is an overview of various security products and a discussion about data security. We like to have multiple products inspecting emails, inspecting web traffic and inspecting browsing. We have multiple products that we use in an effort to protect our customers. We don't just have one antivirus, we will have seven or eight that work together. We don't have just one spam filter, we have multiple. The more checks you have at the door, so to speak the better, your security is going to be.
One of the tools we use is a front-end to mail servers. In this way we can provide some protection and examine mail as it comes into your mail service. This can be used to examine mail if you have your own mail server but also can be used if you use Office 365. We can front-end filter mail that goes into Microsoft. We can front end-mail as it goes into Gmail accounts.
We can look at what we want to do here with Spam. We have the option to deliver it and just modify the subject and put the word “Spam” on it, or we can even bother delivering it to the mail server. There are multiple filters that they use. This company has four of their own filters.
They can also use DNS block lists that can block spam. They also can run it through something like Spamhaus and Spamcop, which are third-party integrated products. It’s using multiple different products to filter. You can turn on or turn off different levels of the product depending on your desire of how strict you want to be with filtering spam.
The next thing is then you can check each of your attachments for viruses and again there are multiple different products. This is a third-party virus protection product. We can run each piece of mail through f-prot, Avast, ClamAV, Securence Signature Set, and Pinpoint Virus Set. So there's five different checks that each piece of mail can go through before it gets into your system. Then we also check with antivirus that's at the firewall level so we check downloads and attachments and so forth as they come through your firewall. Then a third place where we check is on the machine itself with an antivirus type product. We have three different locations where we're checking with three different products and on email we have the four additional products. So we have seven or eight products that were running in total on the mail before you open it.
Another tab here is phishing. We're starting to see more in the way of very good phishing filters that will block phishing style emails and known phishing attempts, again through multiple different products. We can also enable a thing called CEO fraud protection. We've used this at some of our clients where we can say the CEO is Joe Blow. Joe Blow’s email has to come from Joe Blow at acme.com. It can't come from abc123@uofwichita.edu or something like that. It comes from the known email address of the CEO. This way this will catch fraudulent emails that go to employees instructing them to reply with a report of all the W2's back to this email or whatever from the CEO of the company when it's really not from the CEO of the company. It's a fraud, so we've enabled that with a number of our customers and they really appreciated that.
The next thing is to look at is some of the different features of a professional business firewall. You can get a cheap firewall from Walmart and buy a $60 firewall, and I'll guarantee it does not have half of these features. People ask, well what's the difference? One of the first things you can do is Application Control. If I want to say, we are going to limit instant messaging and chats, I shut that off. If you say I want to shut off shopping, you can do that. But if you don't want to shut off shopping for the purchasing department because that's kind of their gig, you can do that. But you might want to say I don't want to have Dropbox and OneDrive or things like that, if you're concerned about specific files going off-site without your knowledge.
We can shut off different protocols or different categories of products. We can turn off email completely to certain groups of computers if you want. If you had a production floor and you didn't want to have emails. You have control over specific applications and the internet traffic they use.
The next thing is Advanced Persistent Threat. That's a fancy way of saying blocking traffic based on Behavior. If it looks like it's trying to call back and talk to a ransomware server, that might be a bad behavior that you would like to stop. We can stop applications or traffic that is behaving in a manner that appears to be threatening. We can block traffic from suspected botnet sites. This can block folks trying to send out millions of emails about your uncle's diamond mine in Nairobi or robots that are attempting to collect keyboard data, that type of thing.
We can turn on Data Loss Prevention so if it looks like somebody is sending out HIPAA information like a list of Social Security numbers, we can have it stop and clamp down on that and stop that export of that spreadsheet and stop that email from going out. We can do the same thing with PCI, which is a fancy way of saying credit card information. If someone sends an email with a credit card number and an expiration date, we can have it either block or encrypt that message so it isn’t in plain text.
We have DNSWatch so if someone gets an email and it's a phishing attempt that slipped through the spam filter, and they happen to click on it and the link goes to a website that has some known behaviors of phishing, we can have it block the traffic from getting back to that website. It will also pop up a message that says this was a suspected phishing site, you really shouldn't click on emails with attachments like this and provide basically a training moment for the individual. We have Gateway Antivirus, basically like an Antivirus at the firewall. I talked about that when I was talking about viruses earlier.
Another thing we can do is block traffic based on Geolocation. If we want to block traffic from Russia and North Korea and other locations that the company doesn't do business in, we can block traffic from those locations. If someone says I only do business in North America, I want to block all other traffic, we can do that. The quantity of traffic and malicious traffic can be reduced significantly. You can significantly reduce the threat to your equipment, your infrastructure, and so forth if we do some limiting through Geolocation.
We can turn on Intrusion Prevention. When someone attempts to scan your system externally, you can observe that behavior. Your firewall can observe that behavior and then shut off that traffic immediately and not allow anything else from that IP address, That way if someone is trying to do different things to sniff or hack, rather than just letting them do it continuously and brute-force attack, they’ll do it three or four times and then the firewall cuts them off. We're not going to allow any traffic from them for a period of time.
We can enable Rogue Access Point Discovery. We can enable Reputation Defense. We can block spam at the firewall level if you hosted your email on-premise. We can enable Threat Detection and Response.
We can enable the WebBlocker Policy so you can block traffic by category. This allows you to go in and say we're going to block pornographic material, we're going to block terrorist sites, drug sites, and so forth. This can further reduce threat to your systems when you have folks who may be surfing to places they really shouldn't be. All of these different options are things that we can turn on and adjust to better protect your Internet experience from your office from all your business locations. If you have multiple locations we can also provide that same level of inspection and protection to users who VPN into your network. In this way you can also protect your sales folks and remote workers.
The third prong on this is we can look here at the antivirus at the workstation level. We can have software that checks things on the machine as they are being opened. But even if you check something as it's being opened, what if somebody opens something that doesn't appear to be bad but a couple weeks later, it turns out to be malicious? We take the time in the evenings after work and ask our antivirus software to scan the entire machine and look for anything that it sees as a threat. It looks at the entire hard drive, not just the traffic that came in today but everything that came in last week and the week before and re-examines it. That way if something turns up that it is flagged as very dangerous but it wasn't flagged as dangerous on the way in, it can still be picked off and blocked. You can go in through a product like this where we can set up daily scanning Behavior Monitoring, predictive machine learning, and then we can also have Web Reputation settings. We can filter things out that look like they're going to be an issue and we can filter specific URLs. If we want to again, we can block adult material, if we want if we want to block known hacking sites, known compromised websites, etc, we can do this for Windows we can do it for Apple, we can do it for Android, we can do it for iOS, This is a place where we can inspect traffic and block malicious behavior to keep you safe.
Comments