The network security stack is a method or framework to visualize and protect against the complex cybersecurity threats that businesses face today. It embodies a multi-layered approach to protecting your network. Attackers have a wide variety of methods or attack vectors by which they can gain access to a computer or network device in order to deliver a payload or take malicious action. To protect against those attacks multiple layers of network security protection are required.
Years ago, if you kept your computers up to date, had anti-virus, backed up your data, and installed a network firewall you were well protected. That is no longer the case as cybersecurity threats continue to evolve and become more sophisticated. Often, when I discuss a new security solution with a client, they ask: “Does this replace…?” Most often, the answer is no. The new solution is additive increasing you protection by filling a gap that could be exploited by a particular attack vector.
The cybersecurity network security stack consists of five different layers: Internet; Network; People; Apps; and Devices.
Internet
The Internet layer is compromised of the web itself and other resources, like cloud services, external to your network. This includes hosted services like Microsoft 365 and Google Workspace. Mail Protection to guard against emails containing viruses and Malicious URL Protection to screen out phishing emails is a critical aspect of protecting your network at this layer. According to the FBI, phishing was not only the most common cybersecurity crime in 2020, but the frequency of phishing attacks nearly doubled over 2019 and the number of complaints increased eleven-fold compared to 2016.
SaaS (Software-as-a-Service) Protection provides third-party backups of cloud services like Microsoft 365. For example, Microsoft operates on a shared responsibility model. They are responsible for their cloud, but the end customer is responsible for what is in it. Microsoft recommends that your content and data stored on their cloud be backed up regularly. You can accomplish this by using a third-party cloud backup service to provide more robust and granular recovery options to protect against human error, malicious insiders, hackers, and malware.
Network
The cybersecurity Network layer represents your connection to the Internet and your internal network connecting all your devices together. The primary protection at this layer is a Firewall installed at the perimeter of your network employing the most restrictive policies possible. Typically, this blocks all inbound traffic while allowing users to access resources on the Internet. It can also include content filtering to only allow users to visit the external resources that they require to do their job while blocking all other websites like social media.
People
The People layer is often both your greatest resource and an area of considerable risk. When a user makes a mistake and is duped by a phishing email, the results can be catastrophic. Staff members in accounting and finance present a particular risk as they are targeted by attackers because they have access to make financial transactions.
User Training, or more specifically Security Awareness Training (SAT), is a critical and, perhaps, the last line of defense. Attackers have a significant advantage because they can access the protections available to your business and work to defeat them. As a result, all protection is imperfect.
If a phishing email gets through to your controller’s inbox, you must rely upon them and their training to recognize the threat and respond accordingly. They may cut the check, but you will pay the bill. On that front specifically, training that also includes the ability to send phishing emails to your staff to determine where the training gaps may be is often the most effective.
Password Management enforces industry-standard complex passwords to ensure that account hashes cannot be easily cracked using a brute force attack. Multi-factor Authentication (2FA/MFA) requires a code to be entered, typically sent to a mobile device, before allowing access to a resource. Even if an attacker gets a user’s password, without the code, the resource is protected.
Apps
The Apps layer is comprised of all the software you use to run your business particularly the operating system on your computers. Computer security is very important to defending against hackers. Attacks exploit vulnerabilities in software to inject malicious code and gain control of computer systems and other devices. Keeping them up to date, preferably utilizing a monitored and automated system, patches or removes the known vulnerabilities.
Devices
The Device layer consists of the computers and other networked equipment that serve as the platform on which you run your business. Even if your critical data is not stored on local devices, they are a conduit to your data. Anti-virus protects against virus and other malware by recognizing threats either by signatures or machine-learning. Application control blocks all software that is not whitelisted from running on a computer. Backup & Restore solutions allow you to recover from attacks and other outages such as hardware or software failure.
Standby Systems duplicate your critical functions, often maintained offline or inaccessible, and allow your business to function in an outage or disaster. Together, they comprise a Business Continuity and Disaster Recovery (BCDR) solution. This can take the form of a backup appliance at your office that “snapshots” your server and can run that snapshot in a virtualized environment on the appliance if your primary server is down. The snapshot is then also stored in the cloud in the event of a more pervasive disaster.
While individual attackers may have a variety of motivations, the endgame is money. If they can trick you into wiring them money, then win. If they can encrypt your data with ransomware and you pay, they win. If they sell your data on the dark web, they win. As with many such endeavors, time and effort is of the essence. If you make your business a hard target, the attackers time can be better spent elsewhere targeting a business that is less well protected where the network security isn’t as strong.