This is the question I've been hearing all too often these days: "We have a firewall, so my network's secure. Right?" or "You guys are monitoring my network, so it's secure. Right?"
Now, I won't get into too much detail here but let me just say there's a HUGE difference between managing a network vs. securing a network (ie: monitoring and maintaining a network for performance, stability, and up time vs. monitoring and securing it from the perspective of potential intrusion activity), two completely different purposes and, therefore, two completely different requirements, toolkits, and services delivered.
That said, I'd rather focus on the initial, essential question of "Is my network secure?"
Well, in the way that I tend to answer most IT questions - "it depends." And what I'd like to say is, "it depends on how you define secure."
You see, security can't be answered in a binary way - yes or no, on or off, black or white. Security, or better yet - how secure your network is - is better defined through the scale of "insecure" (let's say 0) to "fully secure" (let's say 100). But, these are numbers that are only used to represent a sense of your security posture. Let's start off by saying that there really is no way to be at 100.
On top of that, evaluating one's cyber security posture is not a definition that's static. And, it can't be evaluated in a vacuum. In the current landscape, you need to be comfortable with the concept that defining how secure your network is is an ongoing consideration.
So, getting back to the initial question - "Is my network secure?", here are a couple of questions to ask yourself (or your IT guy):
- Do you have a business class firewall on your network? And, is it monitored, patched, and kept up to date?
- Do you have an ongoing cyber security awareness training program for your end-users in place?
- Do you have dual-factor authentication for your network in place?
- Is your network currently being monitored for security threats and intrusions?
- Is the information on your servers and workstations encrypted?
As I think you'd agree, these all address different failure providing varying levels of protection ultimately addressing different risk tolerances. Which comes back to my initial answer, "it depends."
It depends on what the goal is that you're trying secure your network from.
Each of these items address a different gap in the security paradigm. The firewall is in place to prevent outside intrusions (but if misconfigured or out of date, can do more harm than good). Cyber security awareness training is to help your end-users improve their cyber security understanding (which is one of the most overlooked and yet most vulnerable kinks in the security armor). Dual-factor authentication addresses a number of user login holes further tightening up your network. Security monitoring provides a lens into what, actually, is going on with attacks and threats at the transport level. And encryption provides that ultimate layer of lock-down.
Each of these individually help. And all of these taken together certainly help. But, the thing about security is - more will almost always be better.
But it comes back to that scale. Where on the scale of 0 to 100 are you comfortable with or does your business need to be (ie: do you have specific compliance needs)?
Cyber security is more than just a line in the sand at a given point in time - it's an ongoing, daily process. If you're wondering how secure your network is, I'd suggest you start with the 5 items listed above and then ask yourself, "how secure do I want my network to be?"
We've been focusing pretty deeply on security and have been providing cyber security assessments for our clients for years now. On top of this, we've also developed our Managed Security Services programs providing these very services to clients who are looking to address their specific cyber security needs. If you'd like to learn more about these services, please let me know.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.